################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2026-04-27 14:00:00 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-04-27 14:00:00", "1801070", "rydr.vex7lurin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:00:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:56:25", "1801069", "m35h1-loop.vex7lurin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:57:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:48:38", "1801065", "knyo.vex7lurin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:50:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:43:11", "1801064", "hiddenbyt.vex7lurin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:47:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:36:34", "1801054", "bcfapelw.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:33:32", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:36:33", "1801056", "finger.linked-on.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-04-27 13:33:39", "80", "False", "None", "clickfix,finger-lolbas,fingerfix,linkedin-lure,python-embed", "0", "Lenny_3BO" "2026-04-27 13:36:33", "1801057", "https://linked-on.com/leyts.php?Npier=1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,finger-lolbas,fingerfix,linkedin-lure,python-embed", "0", "Lenny_3BO" "2026-04-27 13:36:33", "1801058", "107.170.45.91:443", "ip:port", "payload_delivery", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,finger-lolbas,fingerfix,linkedin-lure,python-embed", "0", "Lenny_3BO" "2026-04-27 13:36:32", "1801059", "https://mtg-life.net/95126aeb-4120-56b1-8c9e-63fdf0c0b6f9/scr7", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,fingerfix,python-shellcode-loader", "0", "Lenny_3BO" "2026-04-27 13:36:31", "1801060", "173.44.141.222:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,fingerfix,python-shellcode-loader", "0", "Lenny_3BO" "2026-04-27 13:36:31", "1801061", "mtg-life.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,fingerfix,python-shellcode-loader", "0", "Lenny_3BO" "2026-04-27 13:36:30", "1801062", "08a474368a2f94f347ad9e1a0a08d4258fcf49c6b9373214f7901bb770bacca4", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,fingerfix,python-shellcode-loader", "0", "Lenny_3BO" "2026-04-27 13:36:30", "1801063", "quor-meshis.vex7lurin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:37:13", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:32:10", "1801055", "185.193.126.248:27000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/dd5447b76c2ec3db1ea0c2ffa3070edd05d4858940ed3a51a7c5f561f468e71a/", "None", "0", "abuse_ch" "2026-04-27 13:29:08", "1801010", "fa1thf6-gate.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:38:23", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:08", "1801013", "gatewa-qua.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:44:36", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:07", "1801014", "sortdynamic.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:47:41", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:07", "1801015", "queryspecimen.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:51:26", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:06", "1801018", "banncip.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:00:24", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:06", "1801020", "lumlithex.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:07:38", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:06", "1801021", "https://sigmatauethifarma.com/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:29:05", "1801022", "sigmatauethifarma.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:29:03", "1801023", "https://sigmatauethifarma.com/t", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:29:03", "1801024", "https://sigmatauethifarma.com/g", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:28:23", "1800988", "23ofcfv.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:35:38", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:28:23", "1800989", "93f5qz.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:39:20", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:28:23", "1800990", "tal-draet.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:44:01", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:28:23", "1800992", "arkcoreix.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:50:17", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:28:23", "1801001", "https://bcaccount.co.th/?u=fwjxxjdhc4fkhntp263ah3a", "url", "payload_delivery", "win.emmenhtal", "IDATDropper,PEAKLIGHT", "Emmenhtal", "", "50", "True", "None", "html-smuggling,spamtrap", "0", "jahlives" "2026-04-27 13:28:10", "1801025", "https://sigmatauethifarma.com/c", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:28:09", "1801026", "https://cj06y9v4xab.com/d", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:28:09", "1801027", "cj06y9v4xab.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:28:05", "1801053", "vitalpalette.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:28:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:26:12", "1801052", "54.255.15.131:10086", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "75", "False", "", "Gh0stRAT,RAT", "0", "abuse_ch" "2026-04-27 13:24:02", "1801051", "206.238.199.22:10086", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "75", "False", "", "Gh0stRAT,RAT", "0", "abuse_ch" "2026-04-27 13:16:01", "1801050", "subtledust.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:19:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:15:17", "1801049", "https://linkinsightnews.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801045", "https://thelifestyleelf.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801046", "https://bridgeportnews.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801047", "https://sullivancounty.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801048", "https://burchcom.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:15", "1801042", "https://accelhost.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:15", "1801043", "https://earthvillageeducation.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:15", "1801044", "https://remodelingmagazine.co/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:14", "1801039", "https://nutleyrealestatehomes.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:14", "1801040", "https://feelgoodanyway.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:14", "1801041", "https://pouronprince.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801035", "https://legalnewsletter.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801036", "https://thedirtdoctors.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801037", "https://new-era-homes.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801038", "https://mytravelbackpack.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:12", "1801032", "https://growhealthyvending.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:12", "1801033", "https://healthadvicenow.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:12", "1801034", "https://homeinspectorpotomac.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:11", "1801029", "https://jrubyconf.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:11", "1801030", "https://claremontportside.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:11", "1801031", "https://familyreading.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:12:27", "1801028", "sche9-track.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:16:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:03:17", "1801019", "clif7-bridge.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:04:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:54:20", "1801017", "sterilebundle.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:55:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:39:37", "1801011", "xrcbdu11.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:41:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:31:59", "1801009", "5urvey-spark.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:35:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:26:07", "1801007", "lzukd.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:26:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:22:48", "1801006", "schem-mark.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:24:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:19:05", "1801004", "palbind.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:19:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:11:41", "1801000", "eswcaywn.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:11:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:05:56", "1800998", "columdee.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:06:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:00:01", "1800996", "genomeobserver.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:01:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 11:54:48", "1800995", "nor-lithix.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:55:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 11:30:57", "1800985", "daemon-hill.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:26:17", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 11:27:17", "1800987", "http://94.156.155.42", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/2cd3507909391d0a8cbea8300ffc5d77805a3f475e9991c43a105913095725ae/", "stealc", "0", "abuse_ch" "2026-04-27 11:15:08", "1800982", "https://juactive.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 11:14:29", "1800981", "kelforgeet4.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:14:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 11:08:40", "1800977", "aq4saw1.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:09:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 11:02:54", "1800976", "velcrestos8.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:04:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 11:02:18", "1800975", "45.43.59.179:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 13:16:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 10:57:47", "1800974", "reed8-drive.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:58:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 10:51:57", "1800973", "v0ya1-cast.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:52:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 10:46:10", "1800972", "ns1.twnic.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 13:48:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 10:46:08", "1800971", "x9xus7.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:47:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 10:43:32", "1800970", "cc.twnic.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 13:43:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 10:39:50", "1800938", "keltideal.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:12:55", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:50", "1800945", "sx56boo.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:33:39", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:49", "1800947", "4wyk.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:42:04", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:49", "1800948", "hyperstat.shop", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:48", "1800949", "newcheckout.shop", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:47", "1800950", "turbostat.shop", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:45", "1800951", "gigatag.info", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:45", "1800952", "tagmanager.guru", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:44", "1800953", "ministat.shop", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:43", "1800955", "culturebrook.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:48:21", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:43", "1800958", "loose-mount.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:59:23", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:42", "1800960", "campaigndefen.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:12:22", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:42", "1800961", "tj0x.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:15:56", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:41", "1800962", "ejge.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:22:04", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:41", "1800964", "yaisxm.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:32:00", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:40", "1800968", "talnexal2.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:40:42", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:32:14", "1800967", "lapoire8.hopto.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/536e1f8f46ee0f6cced9da56710b7f6996526da9d48e9cb63c0acb53dff14d5b/", "asyncrat", "0", "abuse_ch" "2026-04-27 10:31:52", "1800966", "lapoire7.hopto.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/536e1f8f46ee0f6cced9da56710b7f6996526da9d48e9cb63c0acb53dff14d5b/", "asyncrat", "0", "abuse_ch" "2026-04-27 10:31:30", "1800965", "lapoire6.hopto.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/536e1f8f46ee0f6cced9da56710b7f6996526da9d48e9cb63c0acb53dff14d5b/", "asyncrat", "0", "abuse_ch" "2026-04-27 10:04:27", "1800959", "frwyaofu.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:09:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 09:56:37", "1800957", "91.92.120.68:1985", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/c03958f4bab9297fdaca6848c6b940002321fde305c3c3d61e0d1714fcdb1cd7/", "xworm", "0", "abuse_ch" "2026-04-27 09:52:54", "1800956", "pb6cs.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:54:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 09:36:30", "1800946", "yj97hpfx.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:37:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 09:22:34", "1800944", "biomecave.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:24:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 09:18:34", "1800943", "vek.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:22:16", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 09:18:28", "1800942", "https://vek.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:22:08", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 09:18:20", "1800941", "vek.imoveisavendaemaraxa.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:21:58", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 09:18:15", "1800940", "https://vek.imoveisavendaemaraxa.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:21:51", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 09:17:04", "1800939", "2585gqld.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:17:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 09:10:41", "1800929", "kel-coreex.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:55:11", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 09:10:37", "1800935", "jp4j.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:01:43", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 09:05:47", "1800937", "massivedisco.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:06:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 09:04:14", "1800936", "203.202.232.149:2222", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/aaeb85c0cb65e4da3ee3dac33621aaf99fb310f7f43d999d0c45ed5195d1aaa9/", "xworm", "0", "abuse_ch" "2026-04-27 08:49:02", "1800928", "17393sm.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:50:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:43:39", "1800927", "reelfla.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:43:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:37:36", "1800926", "kidjo.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:38:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:32:11", "1800925", "f532v.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:33:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:27:11", "1800922", "136.243.87.141:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:11", "1800923", "136.243.87.133:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:11", "1800924", "136.243.87.138:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800915", "136.243.87.134:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800916", "136.243.87.129:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800917", "136.243.87.131:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800918", "136.243.87.140:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800919", "136.243.87.132:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800920", "136.243.87.128:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800921", "136.243.87.139:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800909", "https://136.243.87.132/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800910", "https://136.243.87.128/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800911", "https://136.243.87.139/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800912", "https://136.243.87.141/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800913", "https://136.243.87.133/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800914", "https://136.243.87.138/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800905", "https://136.243.87.134/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800906", "https://136.243.87.129/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800907", "https://136.243.87.131/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800908", "https://136.243.87.140/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:32", "1800904", "surve-chain.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:27:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:26:31", "1800867", "31.220.80.26:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "False", "", "Sliver", "0", "whoamix302" "2026-04-27 08:26:30", "1800858", "duskmor.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:33:26", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:29", "1800859", "theorymin.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:43:23", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:29", "1800860", "qdacqez.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:45:54", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:28", "1800861", "trimeshor6.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:50:51", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:28", "1800864", "br4nd-forge.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:12:28", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:27", "1800868", "gent1-lab.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:30:07", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:27", "1800869", "170.75.167.225:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "BotManager,Unknown malware", "0", "whoamix302" "2026-04-27 08:26:26", "1800870", "150.139.132.7:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Xtreme RAT", "0", "whoamix302" "2026-04-27 08:26:26", "1800873", "gathgolde.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:48:57", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:25", "1800871", "du5k-panel.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:40:11", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:25", "1800877", "broadfilte.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:55:02", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:24", "1800896", "167.71.65.175:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-04-27 14:00:22", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-04-27 08:26:24", "1800901", "161.35.91.164:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-04-27 13:54:44", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-04-27 08:26:24", "1800902", "178.62.208.75:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-04-27 13:49:23", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-04-27 08:25:23", "1800903", "107.172.252.244:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-04-27 08:23:45", "1800900", "47.111.184.26:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-27 08:23:19", "1800899", "147.78.2.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-27 08:22:39", "1800898", "45.130.148.102:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-305419896", "0", "abuse_ch" "2026-04-27 08:21:13", "1800897", "crawlerstory.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:24:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:13:29", "1800895", "dynvaleis.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:13:48", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 08:07:43", "1800894", "traile-proc.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:10:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:00:01", "1800892", "178.104.213.150:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:00:01", "1800893", "74.0.42.54:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:51", "1800891", "trimeshum.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:00:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 07:59:41", "1800886", "bom.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:41", "1800887", "bca.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:41", "1800888", "tsc.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:41", "1800889", "gon.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:41", "1800890", "psy.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800882", "https://gon.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800883", "https://psy.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800884", "https://178.104.213.150/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800885", "https://74.0.42.54/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:23", "1800879", "https://bom.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:23", "1800880", "https://bca.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:23", "1800881", "https://tsc.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:22", "1800878", "https://steamcommunity.com/profiles/76561198709529056", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:52:17", "1800876", "https://pillow.riverbridge.site/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 07:52:07", "1800875", "https://bbs.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 08:18:41", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 07:52:03", "1800874", "bbs.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 08:18:46", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 07:40:54", "1800872", "wint3-array.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:43:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 07:23:57", "1800866", "uwfw.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:25:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 07:18:12", "1800865", "meta-cl1p.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:21:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 07:01:09", "1800863", "norcresta.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:02:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 06:55:47", "1800862", "5qpfwfow.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:56:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 06:32:40", "1800857", "streamsol.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:27:41", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 06:22:33", "1800856", "https://packetswitchings.com.ng/wp-blog-footer.php?data=", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:21:57", "1800855", "vorline8et.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:22:07", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 06:21:41", "1800854", "https://packetswitchings.com.ng/wp-blog-footer.php?fp=1", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:15:53", "1800849", "gdxmgmf8.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:16:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 06:12:23", "1800848", "https://mdasnmitrot.com/ooaoll.js", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:12:05", "1800847", "mdasnmitrot.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:11:36", "1800846", "https://marketsnows.com/9cG0Kh", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:11:20", "1800845", "marketsnows.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:10:29", "1800844", "open-2p.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:12:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 06:06:06", "1800595", "rouge-4v.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:47:59", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 06:06:05", "1800837", "soft-berg-9.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:08:21", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 06:05:27", "1800839", "https://awesomeisojs.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-27 06:05:14", "1800838", "awesomeisojs.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-27 06:04:57", "1800827", "dark-land-8b.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:40:38", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 06:04:56", "1800832", "rouge-6.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:57:54", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 06:04:17", "1800836", "https://ns-claude-js.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-27 05:51:17", "1800829", "petit-fire-5.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:52:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 05:46:04", "1800828", "bleu-3.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:46:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 05:34:30", "1800763", "haus-1.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:35:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 05:29:08", "1800696", "holz-baum-7k.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:29:10", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 05:25:03", "1800574", "ax2e.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:02:29", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:02", "1800575", "hen1a.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:05:23", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:02", "1800579", "5ynt46-node.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:26:08", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:01", "1800583", "taldra2ex.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:48:55", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:00", "1800598", "soft-2.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:58:35", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:00", "1800601", "blue-fire-3w.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:18:26", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:00", "1800603", "zeit-land-9.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:32:03", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:59", "1800602", "haus-6.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:28:43", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:59", "1800606", "wald-baum-1.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:42:59", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:58", "1800608", "gold-star-2s.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:56:44", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:57", "1800610", "holz-berg-3.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:10:30", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:57", "1800615", "iron-land-9q.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:36:47", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:57", "1800617", "soft-wald-2.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:50:35", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:56", "1800616", "rouge-5.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:47:14", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:55", "1800618", "kalt-8.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:55:57", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:55", "1800619", "safespacesouthwest.com", "domain", "cc_skimming", "js.magecart", "None", "magecart", "", "75", "True", "", "magecart", "0", "localhost" "2026-04-27 05:24:54", "1800628", "petit-star-8z.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:52:37", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:54", "1800629", "vert-1.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:57:42", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:54", "1800630", "holz-berg-5.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:03:27", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:53", "1800631", "bleu-9.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:10:39", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:43", "1800678", "noir-9.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:13:17", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:42", "1800679", "gold-mond-2.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:18:16", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:39", "1800546", "trinexa.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:13:00", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:39", "1800547", "creehid.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:20:35", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:38", "1800550", "kellithis.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:42:14", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:38", "1800551", "resolvercultur.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:48:53", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:37", "1800552", "warmcon.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:55:34", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:37", "1800553", "pixellowersoon.top", "domain", "payload_delivery", "js.magecart", "None", "magecart", "2026-04-26 21:34:00", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:36", "1800554", "networkhub.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:01:26", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:35", "1800560", "pixel9-layer.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:24:59", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:35", "1800561", "styledontcryyy.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "2026-04-26 21:34:00", "50", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:35", "1800563", "styleinfinity.top", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "50", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:35", "1800564", "stylejingle.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "50", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:35", "1800565", "styleoutsperee.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "50", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:35", "1800566", "stylebackrooooms.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "50", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:30", "1800545", "dibzyqjy.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:06:52", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:23:35", "1800680", "vert-4.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:24:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 05:06:14", "1800677", "fast-star-5x.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:10:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:58:46", "1800676", "open-3n.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:59:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:53:17", "1800675", "zeit-berg-8.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:53:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:51:02", "1800674", "u88.store", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/69d57b0812969e8b61619c22196959e88b64df20f691819d565e91ec6e9d0aba/", "nanocore", "0", "abuse_ch" "2026-04-27 04:50:47", "1800673", "kaede.jpn.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/91bd29fbcd1fa40462378d834ff35939be6d97c6c53b9b6a2bd2facb67e12024/", "nanocore", "0", "abuse_ch" "2026-04-27 04:47:42", "1800672", "82.165.179.9:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/dc7926a343bf4a612ebd57924bd5e3a6df997164b090c662855f2f3e6e91c930/", "asyncrat", "0", "abuse_ch" "2026-04-27 04:47:32", "1800671", "kalt-5.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:48:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:46:02", "1800670", "ukschool.uk.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/2dd9b9ea3a5afc1f3b0f36dd64b16444fcfa49284c18d34159b1b43b8460554d/", "nanocore", "0", "abuse_ch" "2026-04-27 04:45:44", "1800669", "au88.select", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/2dd9b9ea3a5afc1f3b0f36dd64b16444fcfa49284c18d34159b1b43b8460554d/", "nanocore", "0", "abuse_ch" "2026-04-27 04:45:06", "1800668", "158.160.75.185:40553", "ip:port", "botnet_cc", "win.raton_rat", "None", "RatonRAT", "", "100", "False", "None", "RatonRAT", "0", "abuse_ch" "2026-04-27 04:44:47", "1800667", "23.132.164.14:9000", "ip:port", "botnet_cc", "win.raton_rat", "None", "RatonRAT", "", "100", "False", "None", "RatonRAT", "0", "abuse_ch" "2026-04-27 04:44:36", "1800666", "43.132.210.230:884", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-27 04:44:18", "1800665", "43.132.210.230:882", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-27 04:43:59", "1800664", "103.12.148.79:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-27 04:43:30", "1800663", "175.24.201.23:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "None", "Meterpreter", "0", "abuse_ch" "2026-04-27 04:43:14", "1800662", "http://196.199.55.26:7777/b367c5ea.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-04-27 04:42:29", "1800661", "144.31.61.121:31505", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2026-04-27 04:42:10", "1800660", "soft-land-1.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:43:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:42:02", "1800659", "http://kingspy.dynv6.net:797/Vre", "url", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "False", "None", "Vjw0rm", "0", "abuse_ch" "2026-04-27 04:41:49", "1800658", "104.21.50.237:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 04:41:31", "1800657", "172.67.213.218:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 04:41:12", "1800656", "160.191.89.201:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 04:40:58", "1800655", "104.21.88.201:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 04:40:08", "1800652", "172.67.152.162:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 04:36:34", "1800651", "rouge-4.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:39:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:28:55", "1800647", "iron-fire-6s.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:29:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:23:19", "1800634", "haus-2x.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:24:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:15:50", "1800632", "dark-wald-3.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:16:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:43:35", "1800627", "open-6.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:44:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:38:14", "1800626", "gold-land-4m.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:38:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:30:25", "1800625", "noir-2.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:30:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:25:00", "1800624", "fast-fire-9.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:26:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:19:26", "1800623", "zeit-5.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:19:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:13:26", "1800622", "blue-mond-3k.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:14:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:08:16", "1800621", "haus-7v.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:12:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:00:30", "1800620", "dark-berg-1.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:04:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 02:25:39", "1800614", "open-1x.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:25:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 02:20:22", "1800613", "petit-zeit-4.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:20:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 02:14:36", "1800612", "noir-6.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:15:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 02:12:36", "1800611", "ultimatecircleislandtour.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-27 02:03:39", "1800609", "vert-8.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:07:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 01:50:12", "1800607", "fast-7.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:54:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 01:38:51", "1800605", "brandyparfums.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-27 01:36:36", "1800604", "bleu-4k.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:37:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 01:11:56", "1800600", "iron-8.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:12:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 01:06:12", "1800599", "petit-mond-5.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:07:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 00:53:02", "1800597", "kalt-berg-7.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:53:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 00:51:07", "1800596", "31.57.184.186:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/39c0135a0e8d46053fbcaa4efe6cbc83d33cf8e7be43efbca1622b2f77c7b9c6/", "remcos", "0", "abuse_ch" "2026-04-27 00:41:25", "1800594", "dark-star-1.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:42:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 00:35:50", "1800593", "open-9.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:36:03", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 00:30:04", "1800592", "holz-baum-4.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:30:50", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 00:24:26", "1800591", "vert-1k.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:24:29", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 00:19:06", "1800590", "gold-land-8.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:19:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 00:13:26", "1800589", "noir-5.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:13:35", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 00:08:05", "1800588", "fast-zeit-2.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:08:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 23:10:54", "1800587", "hglj.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 23:11:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 23:05:12", "1800586", "7xekivp.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 23:05:23", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 22:59:24", "1800585", "m3rge-mark.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:59:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:54:09", "1800584", "4ppcd.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:54:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:42:38", "1800582", "neo-rnead.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:42:55", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 22:37:24", "1800581", "lfixa2ax.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:38:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:31:24", "1800580", "cl1e-panel.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:31:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:20:02", "1800578", "quorcresten1.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:22:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:14:50", "1800577", "9hq5.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:15:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:08:52", "1800576", "vfge.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:09:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:52:47", "1800573", "9al62yq7.souf1atwindow.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-04-26 21:52:27", "1800572", "503yy20v.souf1atwindow.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:52:16", "1800571", "ar1hcfxy.gushchina-kriz.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:51:45", "1800570", "mernex1ar.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:52:07", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 21:46:41", "1800569", "54lzq.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:46:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:41:02", "1800568", "quor-valeix.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:41:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:35:49", "1800567", "harbquarr.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:35:58", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 21:29:39", "1800562", "uxmidt.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:30:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:18:07", "1800559", "vel-draex.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:18:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:12:34", "1800558", "soundatom.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:12:35", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 21:06:53", "1800557", "10ya0-dock.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:07:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:01:03", "1800556", "https://bbs.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 08:18:31", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 21:01:00", "1800555", "bbs.gessoflex.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 08:18:35", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 20:35:05", "1800549", "stead5-switch.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:35:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 20:26:19", "1800548", "48oni.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:26:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 19:59:29", "1800543", "clustchoru.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:00:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 19:52:52", "1800542", "railspark.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:53:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 19:46:18", "1800540", "ark-valeen.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:47:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 19:39:36", "1800539", "ve1ve-loop.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:40:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 19:33:59", "1800538", "joerass.icu", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/72b7b27fc9d3d590d41efcff44172d81915a30e2c3d19ec158010501f20bf8f5/", "ACRStealer", "0", "abuse_ch" "2026-04-26 19:33:42", "1800533", "royapuls.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:21:08", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 19:33:42", "1800535", "brigh-gold.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:24:53", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 19:33:42", "1800536", "tfoq2qdi.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:33:28", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 19:33:24", "1800537", "motivate.starkmond.cfd", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/b3810ca5f17d8f617252b5460eafbed27e85722e794e394b2fbcb760ecf3d2a3/", "ACRStealer", "0", "abuse_ch" "2026-04-26 19:21:58", "1800534", "85.239.144.97:7754", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/d401cfe9de20d46c8cc86aafa2448aa38c94c1911aa7f27d7ca2d84a88f09685/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2026-04-26 19:15:06", "1800529", "pwq.scoffatop.icu", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/cabf923be13af3f5a125def5f8ee8bb43d1a9c63e78d146e27298d95f76fa5ce/", "ACRStealer", "0", "abuse_ch" "2026-04-26 19:15:06", "1800530", "ootip.submergejunkie.life", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/cabf923be13af3f5a125def5f8ee8bb43d1a9c63e78d146e27298d95f76fa5ce/", "ACRStealer", "0", "abuse_ch" "2026-04-26 19:14:37", "1800519", "mer-lithor.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:56:00", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 19:14:36", "1800523", "http://91.92.242.236/oPvjr94jfe/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "False", "None", "amadey,AS202412,Omegatech LTD", "0", "antiphishorg" "2026-04-26 19:14:36", "1800527", "boos-gri.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:10:16", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 19:14:08", "1800528", "http://pillow.riverbridge.site", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:21:33", "75", "False", "None", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 19:02:11", "1800526", "warm-senso.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:02:32", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 19:01:16", "1800525", "18.162.233.94:8880", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/03dd84f426cbd201f949da44f1d36d034b75033738bb52b7a6e9e65d7c5b7ffc/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 19:01:13", "1800524", "xzcgtffdlmn.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/03dd84f426cbd201f949da44f1d36d034b75033738bb52b7a6e9e65d7c5b7ffc/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:59:58", "1800522", "192.109.200.9:4444", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/2ffaa635caf56eba07b1049bab35e1eff7211c35b38a40f71029581b266924b4/", "RAT", "0", "abuse_ch" "2026-04-26 18:57:03", "1800521", "95.40.185.56:8880", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/ba21e24714ffd32c23812ec4d3fabdca99331afbf58e9a5344652107a8643873/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:56:59", "1800520", "vgrdshuyyg.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/ba21e24714ffd32c23812ec4d3fabdca99331afbf58e9a5344652107a8643873/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:50:47", "1800518", "203.91.75.211:2207", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/588aa05bf5ea03f491ad646b4bffa3c0fa023c0325fdadd38b23d064ffdece37/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:50:12", "1800517", "jdjj.cc", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/588aa05bf5ea03f491ad646b4bffa3c0fa023c0325fdadd38b23d064ffdece37/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:49:34", "1800516", "oone8de.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/60090a7079a37d7c55ec6aff11e52d37a1d032d06d21954d655dfa4acd7cedd3/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:48:20", "1800515", "wo0hv.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:49:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:39:46", "1800514", "xzgik.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:44:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:36:03", "1800513", "91.92.242.236:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "2026-04-27 14:00:10", "50", "False", "https://tracker.viriback.com/index.php?q=91.92.242.236", "Amadey,ViriBack", "0", "abuse_ch" "2026-04-26 18:33:04", "1800512", "l1chen-hold.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:36:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:27:59", "1800511", "kye.venloc.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "https://bazaar.abuse.ch/sample/df15eaf4f30afa77031861ce664291dc880977506b09e747a065edf41a6faf3b/", "Vidar", "0", "abuse_ch" "2026-04-26 18:24:12", "1800510", "wildsai.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:26:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:19:19", "1800509", "pillow.riverbridge.site", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:21:42", "100", "False", "https://bazaar.abuse.ch/sample/2199baf11d50dd10555f8aec122178e03b62570fc0d4614a8e928978dc547154/", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:18:46", "1800507", "https://t.me/periotival", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 07:59:23", "100", "False", "https://bazaar.abuse.ch/sample/2199baf11d50dd10555f8aec122178e03b62570fc0d4614a8e928978dc547154/", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:18:46", "1800508", "https://telegram.me/b8bz11", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 07:59:22", "100", "False", "https://bazaar.abuse.ch/sample/2199baf11d50dd10555f8aec122178e03b62570fc0d4614a8e928978dc547154/", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:13:37", "1800506", "fldenmd.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:14:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:11:52", "1800058", "portalpitch.pav3lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:33:02", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:51", "1800059", "fund-ancho.pav3lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:40:45", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:51", "1800062", "fast-zeit-4.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:58:44", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:50", "1800061", "crestsud.pav3lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:54:33", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:50", "1800065", "vert-5.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 17:25:37", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:49", "1800066", "holz-baum-3.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 17:29:15", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:49", "1800083", "fast-1.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 18:59:35", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:49", "1800107", "iron-land-1q.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 19:47:00", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:48", "1800116", "dark-berg-2c.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:14:19", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:48", "1800129", "zeit-2.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:26:52", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:46", "1800138", "fast-fire-5.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:37:55", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:46", "1800144", "noir-1.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:40:40", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:46", "1800151", "gold-land-3m.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:48:27", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:45", "1800156", "vert-4.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:04:26", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:45", "1800163", "bleu-2.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:22:54", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:45", "1800172", "iron-fire-7s.nov2liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:44:19", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:44", "1800178", "kalt-5.nov2liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:09:49", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:43", "1800184", "gold-mond-8.miv8soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:36:07", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:42", "1800197", "open-2.dex1lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:33:55", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:42", "1800505", "8.148.229.106:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:11:41", "1800204", "manngua.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:11:57", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:41", "1800211", "poditt0j.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:52:03", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:40", "1800212", "estrqmi.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:56:36", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:40", "1800213", "lichxz.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:02:53", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:40", "1800220", "fine7t.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:38:43", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:40", "1800504", "35.212.248.36:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 08:29:25", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:11:39", "1800225", "kopf-wkeu.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:07:47", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:39", "1800226", "etoi-fbll.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:12:59", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:39", "1800231", "soci-84i6.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:24:34", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:38", "1800234", "piedmg3.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:43:06", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:37", "1800237", "fire-02k6.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:59:38", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:37", "1800239", "pes-ghj0.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:23:12", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:36", "1800238", "freur6r.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:06:11", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:35", "1800240", "homb-1h.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:28:12", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:34", "1800243", "spia-vo.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:49:42", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:34", "1800245", "aguarw2y.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:04:34", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:31", "1800110", "https://nxbrew.me/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "False", "https://app.any.run/tasks/6d1ebc90-3f8e-4320-9471-15fa92f5fdb6", "RenPyLoader,Vidar", "0", "rifteyy" "2026-04-26 18:11:31", "1800503", "180.76.185.146:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2026-04-26 18:11:30", "1800154", "64.118.135.172:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 08:29:29", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-26 18:11:30", "1800165", "http://62.60.226.159/xvzpjyddlu/login.php", "url", "botnet_cc", "win.tinyloader", "None", "TinyLoader", "", "100", "False", "None", "AS214351,FEMO IT SOLUTIONS LIMITED,tinyloader", "0", "antiphishorg" "2026-04-26 18:11:27", "1800185", "rosrefurboss.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-04-26 00:35:54", "50", "False", "", "None", "0", "varysz" "2026-04-26 18:11:26", "1800187", "holz-baum-5k.miv8soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:46:17", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:26", "1800188", "trafluxo.xyz", "domain", "payload_delivery", "unknown_webinject", "None", "Unknown Webinject", "", "75", "True", "", "None", "0", "varysz" "2026-04-26 18:11:24", "1800246", "163.61.39.140:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "False", "None", "mirai", "0", "seckle" "2026-04-26 18:11:24", "1800249", "paniwcfh.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:25:38", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:23", "1800252", "landem.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:41:08", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:23", "1800255", "homo-ph.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:03:56", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:23", "1800267", "breagc.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:17:37", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:22", "1800268", "mund4c.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:24:40", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:21", "1800277", "04wp.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:11:48", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:20", "1800281", "5hor-mount.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:33:39", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:19", "1800282", "rela1-graph.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:40:01", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:19", "1800287", "3xpos-route.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:06:51", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:18", "1800288", "imagesil.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:14:21", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:17", "1800293", "crestsync.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:20:30", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:17", "1800304", "37.107.161.214:11", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Xtreme RAT", "0", "whoamix302" "2026-04-26 18:11:16", "1800305", "37.107.163.217:9069", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Xtreme RAT", "0", "whoamix302" "2026-04-26 18:11:16", "1800306", "209.99.185.174:8889", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "", "Remcos,RemcosRAT,Remvio,Socmer", "0", "whoamix302" "2026-04-26 18:11:16", "1800307", "47.239.106.95:8443", "ip:port", "botnet_cc", "elf.gobrat", "None", "GobRAT", "", "75", "False", "", "GobRAT", "0", "whoamix302" "2026-04-26 18:11:15", "1800309", "189.150.109.130:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "75", "False", "", "Breut,DarkComet,Fynloski,klovbot", "0", "whoamix302" "2026-04-26 18:11:14", "1800338", "lanedev.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:33:19", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:13", "1800359", "http://199.68.217.18:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS979,NetLab Global,supershell", "0", "antiphishorg" "2026-04-26 18:11:13", "1800360", "199.68.217.18:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-04-26 12:26:31", "100", "False", "None", "AS979,NetLab Global,supershell", "0", "antiphishorg" "2026-04-26 18:11:12", "1800364", "st4ge-pulse.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:25:43", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:12", "1800375", "vaultink.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:51:52", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:11", "1800376", "talnexos5.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:58:05", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:10", "1800378", "bluysbweb.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "burger" "2026-04-26 18:11:09", "1800379", "blyuserbwrbs.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "burger" "2026-04-26 18:11:08", "1800380", "parcelquick.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:11:48", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:08", "1800383", "sub-h11l.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:19:43", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:07", "1800384", "puresthomes.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/cca6a5ed0923cbb7539836f7865bf0bed07037bb453374022be5217ef03fd40f/", "c2", "0", "burger" "2026-04-26 18:11:07", "1800385", "187.77.255.235:5252", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/cca6a5ed0923cbb7539836f7865bf0bed07037bb453374022be5217ef03fd40f/", "c2", "0", "burger" "2026-04-26 18:11:07", "1800389", "tiruet.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/119722e6e370e280de412860f429a037caf0d86d19d88100510423334638ea1b/", "c2", "0", "burger" "2026-04-26 18:11:06", "1800390", "143.198.228.219:5632", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/119722e6e370e280de412860f429a037caf0d86d19d88100510423334638ea1b/", "c2", "0", "burger" "2026-04-26 18:11:06", "1800397", "project-info-world.info", "domain", "botnet_cc", "win.santa_stealer", "None", "SantaStealer", "", "100", "False", "", "c2", "0", "burger" "2026-04-26 18:11:06", "1800399", "39hwegfg.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:58:34", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:05", "1800400", "sthj.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:04:58", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:05", "1800401", "lumennix.live", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "burger" "2026-04-26 18:11:04", "1800404", "lum-lineon.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:26:09", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:04", "1800405", "66.163.123.111:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "whoamix302" "2026-04-26 18:11:02", "1800406", "91.92.242.57:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "whoamix302" "2026-04-26 18:11:02", "1800407", "alphsummer.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:39:11", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:02", "1800408", "studi-fores.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:42:09", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:01", "1800409", "3vnp4.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:49:40", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:01", "1800410", "vocalatomic.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:56:14", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:00", "1800411", "http://91.92.242.236/oPvjr94jfe/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-04-27 13:58:46", "100", "False", "None", "54e64e,amadey,c2", "0", "Bitsight" "2026-04-26 18:11:00", "1800418", "tigmjuy.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:29:42", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:59", "1800420", "ion-cra.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:45:15", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:59", "1800421", "peak7-frame.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:51:23", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:59", "1800422", "iswear.thisisafalsepositive.ru", "domain", "payload_delivery", "py.empyrean", "None", "Empyrean", "2026-04-26 13:56:38", "50", "False", "", "stealer minecraft polygon-c2 java-loader", "1", "Dr_Markuse" "2026-04-26 18:10:58", "1800423", "titaniumclient.com", "domain", "payload_delivery", "py.empyrean", "None", "Empyrean", "", "50", "False", "", "stealer minecraft polygon-c2 java-loader", "1", "Dr_Markuse" "2026-04-26 18:10:58", "1800425", "cbd34e6a8274c62f1d0e4f183dafc17b305e0988b2e5e46cd4a94ef680e7f405", "sha256_hash", "payload", "py.empyrean", "None", "Empyrean", "", "50", "False", "", "stealer minecraft polygon-c2 java-loader", "1", "Dr_Markuse" "2026-04-26 18:10:58", "1800426", "172.67.214.234:443", "ip:port", "payload_delivery", "py.empyrean", "None", "Empyrean", "", "50", "False", "", "stealer minecraft polygon-c2 java-loader", "1", "Dr_Markuse" "2026-04-26 18:10:57", "1800427", "104.21.91.94:443", "ip:port", "payload_delivery", "py.empyrean", "None", "Empyrean", "", "50", "False", "", "stealer minecraft polygon-c2 java-loader", "1", "Dr_Markuse" "2026-04-26 18:10:56", "1800431", "analysis-one-orpin.vercel.app", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://app.any.run/tasks/e17c767a-b8b7-45aa-b03b-8e8a55cb3c73", "c2", "0", "burger" "2026-04-26 18:10:55", "1800433", "sandbhar.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:33:52", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:55", "1800435", "quarrytrav.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:39:59", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:54", "1800437", "runt11-drive.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:50:34", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:54", "1800440", "webdisk.housecleaninggrovecityohio.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "75", "True", "", "SocGholish", "0", "varysz" "2026-04-26 18:10:53", "1800442", "shop.steadycompanion.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "75", "True", "", "SocGholish", "0", "varysz" "2026-04-26 18:10:52", "1800443", "samples.addisgraphix.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "75", "True", "", "SocGholish", "0", "varysz" "2026-04-26 18:10:52", "1800444", "exposerv.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:16:33", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:52", "1800446", "144.31.204.136:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:51", "1800447", "64.188.70.194:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:51", "1800448", "94.228.161.88:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:50", "1800449", "77.110.117.204:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:50", "1800450", "84.201.4.120:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:49", "1800451", "172.245.112.202:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:48", "1800452", "206.245.157.177:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:47", "1800453", "193.23.211.29:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:47", "1800454", "77.239.121.3:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:47", "1800456", "77.239.120.249:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:46", "1800455", "93.185.159.90:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:44", "1800457", "77.110.117.211:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:44", "1800458", "144.31.139.203:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:43", "1800459", "144.31.139.201:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:43", "1800460", "144.31.204.145:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:42", "1800461", "insivisual.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:21:44", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:42", "1800462", "medi4-spark.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:29:11", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:41", "1800464", "46.149.73.232:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "", "1xxbot,ArechClient,SectopRAT", "0", "whoamix302" "2026-04-26 18:10:40", "1800470", "foplq.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:54:43", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:39", "1800471", "aa5sf.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:07:23", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:39", "1800474", "zazsvrye.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:27:04", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:38", "1800475", "temmodul.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:31:59", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:38", "1800476", "thor-hinge.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:43:20", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:38", "1800481", "sand-tar.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:14:52", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:37", "1800477", "vqq7jll.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:48:29", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:36", "1800482", "okqgg.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:18:28", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:36", "1800483", "fembiq.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:29:50", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:36", "1800484", "minorclosed.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:38:30", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:21", "1800502", "https://tabbysbakescodes.ws/mnlinmwv/insirs.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/a7148992783e92579b859694d3ade3b059df53cf666cc6d0e52786fdd120672f/", "CNBackdoor", "0", "abuse_ch" "2026-04-26 18:10:20", "1800501", "https://tommysbakescodes.ws/mnlinmwv/insris.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/a7148992783e92579b859694d3ade3b059df53cf666cc6d0e52786fdd120672f/", "CNBackdoor", "0", "abuse_ch" "2026-04-26 18:09:44", "1800499", "tommysbakescodes.ws", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/a7148992783e92579b859694d3ade3b059df53cf666cc6d0e52786fdd120672f/", "CNBackdoor", "0", "abuse_ch" "2026-04-26 18:09:44", "1800500", "tommysbakescodes.cv", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/a7148992783e92579b859694d3ade3b059df53cf666cc6d0e52786fdd120672f/", "CNBackdoor", "0", "abuse_ch" "2026-04-26 18:09:40", "1800498", "8.149.139.253:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 08:24:27", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:09:26", "1800497", "107.172.252.244:444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 08:23:39", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-04-26 18:08:56", "1800496", "2.26.133.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:08:26", "1800495", "103.195.190.251:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:08:20", "1800494", "103.230.15.38:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:06:56", "1800493", "edit8-grid.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:08:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:01:03", "1800492", "https://bom.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-26 20:13:57", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 18:01:00", "1800491", "bom.gessoflex.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-26 20:13:59", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 18:00:18", "1800490", "snovv8-mesh.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:00:58", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 17:59:14", "1800488", "peafamqe.cyou", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "100", "False", "https://bazaar.abuse.ch/sample/b73edda46a91349b37f219d3056dff65a545ba458f4c4a93eddd6fae3b99c38b/", "CountLoader", "0", "abuse_ch" "2026-04-26 17:59:14", "1800489", "snconor.vg", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "100", "False", "https://bazaar.abuse.ch/sample/b73edda46a91349b37f219d3056dff65a545ba458f4c4a93eddd6fae3b99c38b/", "CountLoader", "0", "abuse_ch" "2026-04-26 17:53:29", "1800487", "8ltu2.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:54:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 17:47:15", "1800486", "ofdqgn.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:48:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 17:40:18", "1800485", "ughckpku.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:41:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 17:03:06", "1800480", "marshform.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:03:23", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 17:01:56", "1800479", "trishnacolleges.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 16:54:09", "1800478", "gl0ss-vault.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:58:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 16:18:38", "1800473", "sermarken.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:23:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 16:11:52", "1800472", "geo-ca5t.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:11:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 15:47:40", "1800469", "norcorear3.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:48:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 15:43:51", "1800468", "ns-claude-js.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-26 15:42:58", "1800467", "https://ntsnsdns.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-26 15:42:43", "1800466", "ntsnsdns.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-26 15:41:26", "1800465", "alt-rnetr.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:41:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 15:34:23", "1800463", "rklpwx.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:35:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 15:17:15", "1800445", "janadiscovery.creativepreflight.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 15:07:47", "1800441", "lightinn.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:12:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 15:01:05", "1800439", "3eums.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:02:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 14:54:51", "1800438", "uy2qx.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:59:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 14:42:16", "1800436", "imgnyc.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 14:37:52", "1800434", "iframeshop.fietsenco.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 14:25:39", "1800432", "ridgegentle.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:30:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 14:19:02", "1800430", "qkkrhea.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:19:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 14:10:33", "1800429", "r4vxeem.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:11:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 14:03:42", "1800428", "loose-bun.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:04:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 13:57:03", "1800424", "zentideor.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:58:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 13:35:08", "1800419", "zenmeshix1.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:36:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 13:21:56", "1800417", "glolab.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:22:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 13:15:36", "1800416", "cargoquery.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:15:45", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 13:08:41", "1800415", "arkmesh7al.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:09:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 13:02:05", "1800414", "gr1m-index.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:02:42", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 13:01:02", "1800413", "https://bca.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 13:00:59", "1800412", "bca.gessoflex.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 12:18:02", "1800403", "zenmesh9en.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:18:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 12:11:20", "1800402", "5ob0.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:12:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 11:51:35", "1800398", "compressout.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:52:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 11:44:53", "1800396", "5pruc7-mount.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:45:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 11:39:32", "1800395", "https://scalarview.shop/t.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:38:06", "1800394", "vorline5is.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:38:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 11:35:34", "1800393", "https://scalarview.shop/ext.0ff2555835d3.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:35:09", "1800392", "https://scalarview.shop/ext-b.58316c304236.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:33:55", "1800391", "https://scalarview.shop/t.188cfd3975db.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:31:28", "1800388", "calm-spool.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:32:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 11:31:22", "1800387", "scalarview.shop", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:24:49", "1800386", "echogate.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:24:56", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 11:12:37", "1800382", "https://ra7tel.digital/script.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-26 11:12:26", "1800381", "ra7tel.digital", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-26 11:04:50", "1800377", "solflux6ix.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:05:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 10:44:54", "1800374", "bajbvqgz.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:45:08", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 10:38:05", "1800373", "loadtin.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:38:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 10:31:35", "1800372", "jloj7ws.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:32:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 10:30:36", "1800371", "updatedata.us", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe,Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:29:39", "1800370", "http://pixeldrain.com/api/file/HDAhDKwK", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe", "0", "HuntYethHounds" "2026-04-26 10:28:38", "1800369", "https://pixeldrain.com/api/file/FQiVU7kw", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:28:11", "1800368", "https://updatedata.us/msoft/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:27:10", "1800367", "https://pixeldrain.com/api/file/Xb8wt515", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:26:48", "1800366", "https://updatedata.us/cloud/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:25:26", "1800365", "https://updatedata.us/acrobat/windows/adobe.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe", "0", "HuntYethHounds" "2026-04-26 10:18:10", "1800363", "bin4ry-trail.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:22:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 10:09:20", "1800362", "fre5h-logic.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:14:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 10:02:42", "1800361", "g4th-sheet.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:03:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:59:05", "1800358", "https://livemeetinggatgoogllemeet.top/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:58:42", "1800357", "https://livemeetinggatgoogllemeet.top/Windows/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:58:30", "1800356", "livemeetinggatgoogllemeet.top", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:56:32", "1800355", "otter0-field.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:57:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:55:02", "1800354", "https://googlemetingninviit.click/meet/567/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:54:39", "1800353", "https://googlemetingninviit.click/meet/567/Windows/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:54:26", "1800352", "googlemetingninviit.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:49:54", "1800351", "40l627.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:50:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:46:38", "1800350", "05327t.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:47:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:44:00", "1800349", "https://googlemeet.meeting-live.site/update/GoogleMeetInstaller.zip", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:43:31", "1800348", "https://meeting-live.site/googlemeet/process.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:43:04", "1800347", "https://meeting-live.site/googlemeet/update.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:42:40", "1800346", "https://meeting-live.site/googlemeet/meeting.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:40:12", "1800345", "ark-spireix.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:40:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:38:47", "1800344", "https://googlemeeettinvitee.click/meet/567/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-04-26 09:39:07", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:38:26", "1800343", "https://googlemeeettinvitee.click/meet/567/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:38:15", "1800342", "googlemeeettinvitee.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:35:16", "1800341", "https://gooogglemeets.click/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:35:01", "1800340", "https://gooogglemeets.click", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:34:25", "1800339", "gooogglemeets.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:32:17", "1800337", "https://goooggle.click/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:32:04", "1800336", "https://goooggle.click", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:31:02", "1800335", "goooggle.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:27:51", "1800334", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/install-guide.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:27:02", "1800333", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:26:20", "1800332", "segmentreagent.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:26:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:25:17", "1800331", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/ms-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:24:57", "1800330", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:24:40", "1800329", "dortmevsimhotel.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 09:24:24", "1800328", "https://quantumsignaturecertificationgatewayhub.top/D/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:24:00", "1800327", "https://quantumsignaturecertificationgatewayhub.top/D/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:23:36", "1800326", "https://quantumsignaturecertificationgatewayhub.top/12/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:23:12", "1800325", "quantumsignaturecertificationgatewayhub.top", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:22:55", "1800324", "https://quantumsignaturecertificationgatewayhub.top/12/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:20:11", "1800323", "track8-line.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:16:39", "1800322", "https://cloudo4meetup.com/auth/jj/joiningmeeting/gmeet/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:16:07", "1800321", "https://cloudo4meetup.com/auth/jj/joiningmeeting/gmeet/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:16:05", "1800320", "dhariwalsecuritasindia.in.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0c74741774b4c897f607b6ff684ce3ddd8ea00af5fa723877d1e8bab3b6d53d8/", "nanocore", "0", "abuse_ch" "2026-04-26 09:15:55", "1800319", "cloudo4meetup.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:15:52", "1800318", "app.slot365.biz", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/c702ec4d3e248d3a70d1458ff658048bb4c81c39f4eba94449f13dc8df11a91c/", "nanocore", "0", "abuse_ch" "2026-04-26 09:13:17", "1800317", "alt-rnodul.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:13:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:11:22", "1800316", "91.92.34.113:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "None", "NetSupport", "0", "abuse_ch" "2026-04-26 09:11:05", "1800315", "45.227.254.10:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "None", "NetSupport", "0", "abuse_ch" "2026-04-26 09:10:24", "1800312", "104.21.22.216:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-26 09:10:08", "1800311", "172.67.207.32:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-26 09:07:32", "1800310", "pqruqv.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:07:09", "1800308", "domaine-equestre-du-somaret.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 09:00:25", "1800303", "4eon.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:00:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:53:47", "1800302", "yo04.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:54:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:48:33", "1800301", "156.245.147.98:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 13:08:18", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-26 08:46:41", "1800300", "endpoi1-chain.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:43:33", "1800299", "dd.googleos-js.vip", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 13:45:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-26 08:43:30", "1800298", "d2.googleos-js.vip", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 13:44:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-26 08:39:49", "1800297", "r3pa-path.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:40:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:36:04", "1800296", "dienmaykynguyenco.vn", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 08:33:13", "1800295", "subt18-beam.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:33:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:26:28", "1800294", "defen2-forge.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:16:02", "1800290", "77.110.117.174:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "2026-04-26 15:20:36", "100", "False", "", "None", "0", "Rony" "2026-04-26 08:16:02", "1800291", "194.28.225.230:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "2026-04-26 15:20:37", "100", "False", "", "None", "0", "Rony" "2026-04-26 08:16:02", "1800292", "64.188.104.2:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "2026-04-26 15:20:37", "100", "False", "", "None", "0", "Rony" "2026-04-26 08:16:01", "1800289", "64.188.104.35:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "2026-04-26 15:20:36", "100", "False", "", "None", "0", "Rony" "2026-04-26 08:05:07", "1800286", "dev.berrapack.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 07:59:51", "1800285", "8etttd19.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:00:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 07:53:23", "1800284", "cinf.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 07:47:04", "1800283", "freightstitch.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:47:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 07:26:45", "1800280", "hyper-rnead0.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:26:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 07:19:59", "1800279", "lum-nexal.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 07:18:56", "1800278", "77.110.117.201:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "2026-04-26 15:20:37", "100", "False", "", "helper", "0", "Rony" "2026-04-26 07:11:24", "1800276", "universalgrowing.cl", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 07:05:04", "1800275", "whitecubs.co.za", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 07:02:30", "1800274", "dynline6os.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:03:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 06:58:58", "1800273", "monofurniture.co", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 06:56:17", "1800272", "primeshore.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:57:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 06:49:23", "1800271", "ultra-enzyrn.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:52:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 06:40:55", "1800270", "neroc5j.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:41:32", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 06:34:29", "1800269", "voit-wjw.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:35:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 06:10:10", "1800266", "fami-wp.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:10:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 06:03:14", "1800265", "sunhq.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:03:58", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 05:54:35", "1800264", "voxx1.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:55:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 05:47:50", "1800263", "cuer-e30q.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:49:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 05:37:16", "1800262", "casa-zw9e.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:38:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 05:30:49", "1800261", "engagemen.es", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 05:30:39", "1800260", "homm6uc.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:31:01", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 05:23:52", "1800259", "alph-qhj.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:24:32", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 05:21:42", "1800258", "clearviewandpalisade.co.za", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 05:17:47", "1800257", "proc-256.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:18:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 05:10:34", "1800256", "eart-l4.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:11:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 04:57:24", "1800254", "mar-jlk.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:58:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 04:49:07", "1800253", "lebe6wwf.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:52:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 04:37:47", "1800251", "opulent.ro", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 04:33:30", "1800250", "stra-j2.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:36:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 04:18:24", "1800248", "amic-po1.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:18:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 04:09:19", "1800247", "meer-in.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:10:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 03:55:50", "1800244", "etab-0d.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:00:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 03:40:40", "1800242", "ocul-xq7.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:41:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 03:34:11", "1800241", "mati-ns3w.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:34:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 02:53:48", "1800236", "acti-cmf.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:54:03", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 02:47:51", "1800235", "ocche0o.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:48:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 02:36:32", "1800233", "travb7.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:37:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 02:31:05", "1800232", "fuss-kx01.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:33:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 02:17:42", "1800230", "filo-8ao.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:18:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 02:15:59", "1800229", "dzonebcp.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0729f408d5386d401f611358b5b7080afc070d352ad0fbbc45df1e901fb92a57/", "asyncrat", "0", "abuse_ch" "2026-04-26 02:15:53", "1800228", "chessboard25.pakasak.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0729f408d5386d401f611358b5b7080afc070d352ad0fbbc45df1e901fb92a57/", "asyncrat", "0", "abuse_ch" "2026-04-26 02:15:45", "1800227", "32asinc.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0729f408d5386d401f611358b5b7080afc070d352ad0fbbc45df1e901fb92a57/", "asyncrat", "0", "abuse_ch" "2026-04-26 01:58:47", "1800224", "ami-mfs.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:59:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:53:16", "1800223", "koerhl.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:53:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:47:48", "1800222", "trab-7t.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:48:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:39:55", "1800221", "pieqt.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:42:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:26:38", "1800219", "treexw.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:30:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:23:24", "1800218", "emceeterrence.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 01:19:05", "1800217", "day-g6qh.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:19:19", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 01:13:10", "1800216", "plag59o.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:13:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:07:34", "1800215", "terr-53p.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:08:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:07:11", "1800214", "depozit-siemens.ro", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 00:40:55", "1800210", "fore-k6mz.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:41:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 00:35:31", "1800209", "mens-tu.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:36:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 00:31:03", "1800208", "https://tsc.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 00:31:00", "1800207", "tsc.gessoflex.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 00:28:53", "1800206", "c0007.bizhomepass.kr", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 00:19:13", "1800205", "fleuytfp.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:24:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 00:05:44", "1800203", "etaknqgp.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:09:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:56:11", "1800202", "enfa1p13.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:01:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:50:48", "1800201", "haus-mp.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:50:59", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 23:44:45", "1800200", "onli6sp.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:45:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:39:31", "1800199", "comp-os4d.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:40:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:38:23", "1800198", "87.106.168.15:7004", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/322f73c3a68b09cab469ace2c2b71cba547ca330f3e5db297cf7b923811d44e6/", "xworm", "0", "abuse_ch" "2026-04-25 23:28:00", "1800196", "soft-berg-6p.dex1lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:29:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:22:43", "1800195", "rouge-9.dex1lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:23:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:12:40", "1800194", "petit-fire-1.dex1lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:13:18", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 23:07:14", "1800193", "bleu-4.dex1lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:08:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 22:59:12", "1800192", "www.adrianmiller.co.za", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-25 22:57:37", "1800191", "dark-land-7b.dex1lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:58:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 22:53:05", "1800190", "trucklinesfm.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-25 22:52:00", "1800189", "haus-3.miv8soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:52:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 22:40:22", "1800186", "vert-1.miv8soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:41:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 22:29:18", "1800183", "noir-6.miv8soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:30:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 22:23:51", "1800182", "fast-star-2x.miv8soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:24:09", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 22:23:24", "1800181", "jakartaupdate.online", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-25 22:18:02", "1800180", "open-9.nov2liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:19:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 22:12:38", "1800179", "zeit-berg-4n.nov2liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:13:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 21:56:25", "1800177", "soft-land-1.nov2liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:59:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 21:48:53", "1800176", "rouge-3.nov2liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:49:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 21:44:27", "1800175", "https://pulsegraph.xyz/t.188cfd3975db.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-25 21:43:41", "1800174", "https://pulsegraph.xyz/ext.0ff2555835d3.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-25 21:43:11", "1800173", "https://pulsegraph.xyz/ext-b.58316c304236.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-25 21:42:18", "1800171", "https://pulsegraph.xyz/t.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-25 21:41:23", "1800170", "pulsegraph.xyz", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-25 21:37:00", "1800169", "haus-1.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:41:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 21:33:38", "1800168", "https://connectweb.chat/Secure.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-04-25 21:33:09", "1800167", "https://connectweb.chat/verify.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-04-25 21:32:46", "1800166", "connectweb.chat", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-04-25 21:25:05", "1800164", "dark-wald-5v.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:26:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 21:10:02", "1800162", "holz-berg-9.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:10:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 21:08:07", "1800161", "https://quilborne.org/c", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "", "ClickFix,KongTuke", "0", "HuntYethHounds" "2026-04-25 21:07:50", "1800160", "https://quilborne.org/g", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "", "ClickFix,KongTuke", "0", "HuntYethHounds" "2026-04-25 21:07:22", "1800159", "https://quilborne.org/t", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "", "ClickFix,KongTuke", "0", "HuntYethHounds" "2026-04-25 21:06:55", "1800158", "https://quilborne.org/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "", "ClickFix,KongTuke", "0", "HuntYethHounds" "2026-04-25 21:06:33", "1800157", "quilborne.org", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "", "ClickFix,KongTuke", "0", "HuntYethHounds" "2026-04-25 20:58:39", "1800155", "petit-star-6z.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:01:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 20:53:00", "1800153", "open-8.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:57:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 20:47:17", "1800152", "https://ivangay.bond/log.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-25 20:46:30", "1800150", "https://ivangay.bond/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-25 20:45:57", "1800149", "https://ivangay.bond/cf.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-25 20:45:41", "1800148", "ivangay.bond", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-25 20:41:38", "1800147", "https://quickbase-assist.com/Windows/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe,SSA", "0", "HuntYethHounds" "2026-04-25 20:41:00", "1800146", "https://quickbase-assist.com/Windows/viewpdf.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe,SSA", "0", "HuntYethHounds" "2026-04-25 20:40:19", "1800145", "https://quickbase-assist.com/Windows/statement.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe,SSA", "0", "HuntYethHounds" "2026-04-25 20:39:28", "1800143", "quickbase-assist.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe,SSA", "0", "HuntYethHounds" "2026-04-25 20:36:33", "1800142", "http://zoommcall.com/Windows/install-guide.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:36:04", "1800141", "http://zoommcall.com/Windows/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:35:20", "1800140", "http://zoommcall.com/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:34:19", "1800139", "https://zoommcall.com/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:34:04", "1800137", "zoommcall.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:32:43", "1800136", "http://pixeldrain.com/api/file/TV7mrYpe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:31:53", "1800135", "https://zoomlive.us/Windows/ZoomWorkspace.bat", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:30:58", "1800134", "https://zoomlive.us/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:30:43", "1800133", "zoomlive.us", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:27:42", "1800132", "https://meetingisliveatgooglemeett.top/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-25 20:27:12", "1800131", "https://meetingisliveatgooglemeett.top/Windows/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-25 20:26:49", "1800130", "meetingisliveatgooglemeett.top", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-25 20:21:17", "1800128", "https://www.docusign.my.googlejoininvite.click/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 20:20:30", "1800127", "blue-mond-9k.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:21:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 20:20:23", "1800126", "https://www.docusign.my.googlejoininvite.click/e-sign.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 20:20:00", "1800125", "https://www.docusign.my.googlejoininvite.click/eDocusign.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 20:19:38", "1800124", "docusign.my.googlejoininvite.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 20:16:54", "1800123", "https://jugbphm.click/user", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/aa95b0b984dce56dcf8d9e9fabaa6a251b4a80cd7e344b3740d5934596f2e0fa/", "lumma", "0", "abuse_ch" "2026-04-25 20:16:26", "1800122", "https://doc.lauraice.xyz/process.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:15:45", "1800121", "https://doc.lauraice.xyz/update.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:14:59", "1800120", "haus-5.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:17:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 20:13:40", "1800119", "https://doc.lauraice.xyz/index.php/update.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:12:57", "1800118", "https://doc.lauraice.xyz/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:12:36", "1800117", "doc.lauraice.xyz", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:04:04", "1800115", "kalt-7.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:05:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 19:58:01", "1800114", "soft-wald-4.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 19:58:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 19:52:33", "1800113", "rouge-6.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 19:53:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 19:49:15", "1800112", "https://usoffweb69.top/doc/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 19:48:45", "1800111", "https://usoffweb69.top/doc/e-sign.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 19:48:23", "1800109", "usoffweb69.top", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 19:47:00", "1800108", "http://www.viewsession.live/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 19:46:22", "1800106", "http://www.viewsession.live/e-sign.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 19:46:06", "1800105", "viewsession.live", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 19:42:32", "1800104", "https://doc-docsign.cyou/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 19:42:05", "1800103", "https://doc-docsign.cyou/e-sign.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 19:41:31", "1800102", "open-3.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 19:42:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 19:41:19", "1800101", "https://doc-docsign.cyou/eDocusign.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 19:41:07", "1800100", "doc-docsign.cyou", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 19:35:52", "1800099", "petit-zeit-8.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 19:36:00", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 19:33:30", "1800098", "http://91.199.133.178/u/setup.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-04-25 19:32:59", "1800097", "https://openclaws.it.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-04-25 19:32:35", "1800096", "openclaws.it.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-04-25 19:30:00", "1800095", "https://taranta-blow.digital/script.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-25 19:29:59", "1800094", "noir-5x.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 19:33:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 19:29:48", "1800093", "taranta-blow.digital", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-25 19:28:37", "1800092", "https://kakaduthr2sh.digital/script.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-25 19:28:22", "1800091", "kakaduthr2sh.digital", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-25 19:27:37", "1800090", "https://dig-circling.digital/script.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-25 19:27:26", "1800089", "dig-circling.digital", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-25 19:25:58", "1800088", "https://busy-sunni.digital/script.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-25 19:25:22", "1800087", "busy-sunni.digital", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-25 19:20:16", "1800086", "holz-berg-2.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 19:24:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 19:10:41", "1800085", "vert-9.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 19:11:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 19:05:09", "1800084", "gold-star-4s.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 19:05:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 18:53:33", "1800082", "wald-baum-7.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 18:54:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 18:48:08", "1800081", "bleu-2k.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 18:48:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 18:42:34", "1800080", "zeit-land-5.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 18:42:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 18:37:01", "1800079", "haus-3.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 18:37:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 18:27:18", "1800078", "blue-fire-9w.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 18:27:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 18:21:08", "1800077", "iron-8.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 18:21:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 18:15:08", "1800076", "https://legadodistillery.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-25 18:15:06", "1800074", "https://1homeinterior.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-25 18:15:06", "1800075", "https://joyeles.com.mx/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-25 18:15:05", "1800073", "https://newyork2026.northamericanskalcongress.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-25 18:11:05", "1800072", "petit-mond-6.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 18:11:22", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 18:05:32", "1800071", "soft-4.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 18:06:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 17:59:55", "1800070", "kalt-berg-1m.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 18:00:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 17:52:08", "1800069", "rouge-7.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 17:52:34", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 17:44:42", "1800068", "dark-star-2v.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 17:45:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 17:38:33", "1800067", "open-9.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 17:41:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 17:19:37", "1800064", "gold-land-8x.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 17:20:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 17:04:22", "1800063", "noir-1.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 17:10:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 16:48:10", "1800060", "kchjc5x.pav3lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:48:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 16:27:22", "1800057", "wave-netw.pav3lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:27:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 16:21:41", "1800056", "cp52.pav3lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:22:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 16:14:27", "1800055", "bundle-sheet.nov7liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:15:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 16:10:49", "1800054", "landing.anticalcareposeidon.it", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-25 16:09:38", "1800048", "rx64iv.nov7liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 15:52:17", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 16:09:37", "1800049", "hf89cj2.nov7liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 15:57:22", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 16:08:25", "1800053", "pl4sm-flow.nov7liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:09:07", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 16:07:23", "1800052", "sa1atik.cn", "domain", "botnet_cc", "win.salatstealer", "None", "SalatStealer", "", "100", "False", "https://bazaar.abuse.ch/sample/97fd78bc83c79dddeae4fd303e014b4db63c49fc2b507ef7a2f57066cbe9ca10/", "SalatStealer", "0", "abuse_ch" "2026-04-25 16:02:48", "1800051", "zencorear1.nov7liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:03:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 16:00:45", "1800050", "mpla-clo.cc", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/3194b61d652d50f11bca2edf4708a5ba322a190b6bd3d447b516507add5adbec/", "ZigClipper", "0", "abuse_ch" "2026-04-25 15:45:46", "1800047", "3fgrll.nov7liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 15:45:49", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 15:40:31", "1800046", "x1ov.to2varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 15:40:52", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 15:39:59", "1800045", "65.19.178.79:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/2e9892827c1b83c1421c7f6cd806bed9f8dfd424607844e55b57d97e3b42ce58/", "QuasarRAT,RAT", "0", "abuse_ch" "2026-04-25 15:34:28", "1800043", "156.239.14.132:6667", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-04-26 18:55:40", "75", "False", "https://bazaar.abuse.ch/sample/09534df20d651b06de469fbbd796414ab52fad95b5a6e8d9ddc63483c644ba86/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-25 15:34:28", "1800044", "156.239.14.132:6668", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-04-26 18:55:40", "75", "False", "https://bazaar.abuse.ch/sample/09534df20d651b06de469fbbd796414ab52fad95b5a6e8d9ddc63483c644ba86/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-25 15:32:45", "1800042", "dustfix.to2varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 15:33:18", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 15:25:10", "1800041", "glos-rep.to2varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 15:25:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 15:19:29", "1800040", "n0rt-crest.to2varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 15:20:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 15:12:15", "1800039", "193.161.193.99:51453", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/efe82e4361366e5bea41353ab9b3c97ad29b2b8792cf2f0faf9f457f7c0ad833/", "QusarRAT,RAT", "0", "abuse_ch" "2026-04-25 15:11:45", "1800038", "ernbe-leaf.to2varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 15:15:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 15:11:36", "1800037", "Unknown8482-51453.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/efe82e4361366e5bea41353ab9b3c97ad29b2b8792cf2f0faf9f457f7c0ad833/", "QusarRAT,RAT", "0", "abuse_ch" "2026-04-25 15:07:32", "1800026", "80njj90.sylo8mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 14:42:13", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 15:07:32", "1800028", "theorypin.sylo8mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 14:46:49", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 15:07:31", "1800035", "wfamakg.to2varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 15:04:25", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 15:05:48", "1800036", "35.184.9.17:443", "ip:port", "botnet_cc", "win.metastealer", "None", "MetaStealer", "", "75", "False", "", "MetaStealer", "0", "abuse_ch" "2026-04-25 15:01:03", "1800034", "https://gon.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-25 15:01:00", "1800033", "gon.gessoflex.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-26 18:19:19", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-25 14:59:28", "1800032", "91.92.241.102:443", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5fc8743db873866abc03a405393656518d92572f0b9da148a88bd06c150e4513/", "Arechclient2,RAT,SectopRAT", "0", "abuse_ch" "2026-04-25 14:58:04", "1800031", "vitalpur.sylo8mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 14:58:22", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 14:57:48", "1800030", "163.61.183.112:9999", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/15a403882bbe98cc3b5a1556455a067081ebf7a014e8e7dd4ffb7c6a25fcefd1/", "QusarRAT,RAT", "0", "abuse_ch" "2026-04-25 14:52:22", "1800029", "ba5ic0-spark.sylo8mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 14:52:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 14:45:42", "1797303", "absshop-ping.xyz", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "75", "False", "https://tria.ge/260424-wrmslagv6j/behavioral1", "None", "0", "tanner" "2026-04-25 14:45:42", "1797304", "acre-sagahill.xyz", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "75", "False", "https://tria.ge/260424-wrmslagv6j/behavioral1", "None", "0", "tanner" "2026-04-25 14:45:41", "1797299", "http://sonra.eutialyson.com/inst24.msi", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "https://x.com/wbmmfq/status/2047737752662516186", "None", "0", "tanner" "2026-04-25 14:41:30", "1800027", "206.238.115.191:10086", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "75", "False", "", "Gh0stRAT,RAT", "0", "abuse_ch" "2026-04-25 14:41:04", "1797291", "talvaleet.histori-pneumonia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 17:29:53", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:41:04", "1797292", "binaryboost.histori-pneumonia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 17:34:44", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:41:04", "1797293", "cl.distritovagas.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "None", "0", "tanner" "2026-04-25 14:41:03", "1797295", "cryst0-core.histori-pneumonia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 17:46:28", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:41:02", "1797296", "sprdec.histori-pneumonia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 17:56:16", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:55", "1799714", "shirela.pitifrube1la.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 18:35:12", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:55", "1799717", "zfvhht.pitifrube1la.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 18:45:57", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:54", "1799718", "tbfnru68.arapnik-nosog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 18:51:49", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:54", "1799719", "nivo.arapnik-nosog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 19:01:46", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:53", "1799721", "176.65.139.59:1337", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "False", "None", "mirai", "0", "seckle" "2026-04-25 14:40:53", "1799722", "lbwtqscv.arapnik-nosog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 19:22:55", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:51", "1799725", "nuevaprodeciencia.club", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "49", "False", "https://any.run/cybersecurity-blog/brazilian-banking-phishing-campaign/", "agenteV2", "0", "johannes" "2026-04-25 14:40:51", "1799726", "vmi3003111.contaboserver.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "49", "False", "https://any.run/cybersecurity-blog/brazilian-banking-phishing-campaign/", "agenteV2", "0", "johannes" "2026-04-25 14:40:51", "1799727", "https://pastebin.com/raw/0RmxqY57", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-04-24 19:43:44", "49", "False", "https://any.run/cybersecurity-blog/brazilian-banking-phishing-campaign/", "agenteV2", "0", "johannes" "2026-04-25 14:40:50", "1799728", "https://nuevaprodeciencia.club/br77b/iayjaskyeiagds.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "49", "False", "https://any.run/cybersecurity-blog/brazilian-banking-phishing-campaign/", "agenteV2", "0", "johannes" "2026-04-25 14:40:50", "1799730", "dark-star-4.limbe7revolut.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 19:52:54", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:49", "1799734", "http://45.77.60.153/%2BU2QpCWLB0TeEK0Y%2BTHl1Q%3D%3D", "url", "payload_delivery", "js.glassworm", "None", "GlassWorm", "", "100", "False", "https://codeberg.org/tip-o-deincognito/glassworm-writeup", "GlassWorm,Wave3", "0", "tipo_deincognito" "2026-04-25 14:40:49", "1799735", "http://217.69.8.40/63RbXCmTBoPZhfyuqUsNdA%3D%3D", "url", "payload_delivery", "js.glassworm", "None", "GlassWorm", "", "100", "False", "https://codeberg.org/tip-o-deincognito/glassworm-writeup", "GlassWorm,Wave3", "0", "tipo_deincognito" "2026-04-25 14:40:49", "1799736", "http://45.77.60.153/get_arhive_npm/zi2WMapzCnO8eV9QY%2BQQXQ%3D%3D", "url", "payload_delivery", "js.glassworm", "None", "GlassWorm", "", "100", "False", "https://codeberg.org/tip-o-deincognito/glassworm-writeup", "GlassWorm,Wave3", "0", "tipo_deincognito" "2026-04-25 14:40:48", "1799738", "http://45.77.60.153/darwin-universal/s4%2BECczuPY7jRKr7qbsMng%3D%3D?wallet=trezor", "url", "payload_delivery", "js.glassworm", "None", "GlassWorm", "", "100", "False", "https://codeberg.org/tip-o-deincognito/glassworm-writeup", "GlassWorm,wallet-trojan,Wave3", "0", "tipo_deincognito" "2026-04-25 14:40:47", "1799737", "http://217.69.8.40/get_arhive_npm/jCbp9cVu%2B%2B%2FczOTwvXfJbQ%3D%3D", "url", "payload_delivery", "js.glassworm", "None", "GlassWorm", "", "100", "False", "https://codeberg.org/tip-o-deincognito/glassworm-writeup", "GlassWorm,Wave3", "0", "tipo_deincognito" "2026-04-25 14:40:46", "1799739", "http://45.77.60.153/darwin-universal/s4%2BECczuPY7jRKr7qbsMng%3D%3D?wallet=ledger", "url", "payload_delivery", "js.glassworm", "None", "GlassWorm", "", "100", "False", "https://codeberg.org/tip-o-deincognito/glassworm-writeup", "GlassWorm,wallet-trojan,Wave3", "0", "tipo_deincognito" "2026-04-25 14:40:45", "1799741", "http://217.69.8.40/darwin-universal/WJcjmFcy4f4SxNGlL5o0cQ%3D%3D?wallet=trezor", "url", "payload_delivery", "js.glassworm", "None", "GlassWorm", "", "100", "False", "https://codeberg.org/tip-o-deincognito/glassworm-writeup", "GlassWorm,wallet-trojan,Wave3", "0", "tipo_deincognito" "2026-04-25 14:40:45", "1799742", "http://217.69.8.40/darwin-universal/WJcjmFcy4f4SxNGlL5o0cQ%3D%3D?wallet=ledger", "url", "payload_delivery", "js.glassworm", "None", "GlassWorm", "", "100", "False", "https://codeberg.org/tip-o-deincognito/glassworm-writeup", "GlassWorm,wallet-trojan,Wave3", "0", "tipo_deincognito" "2026-04-25 14:40:45", "1799743", "http://45.32.150.251/g/63RbXCmTBoPZhfyuqUsNdA%3D%3D", "url", "botnet_cc", "js.glassworm", "None", "GlassWorm", "", "100", "False", "https://codeberg.org/tip-o-deincognito/glassworm-writeup", "calendar-c2,GlassWorm,Wave3", "0", "tipo_deincognito" "2026-04-25 14:40:43", "1799744", "noir-8.limbe7revolut.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 20:23:05", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:43", "1799747", "holz-berg-5.presidium-spike.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 20:40:50", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:42", "1799749", "petit-fire-6.presidium-spike.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 20:52:23", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:42", "1799752", "https://quiglgy.com/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116461718662848497", "KongTuke", "0", "monitorsg" "2026-04-25 14:40:42", "1799753", "quiglgy.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116461718662848497", "KongTuke", "0", "monitorsg" "2026-04-25 14:40:41", "1799754", "https://quiglgy.com/t", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116461718662848497", "KongTuke", "0", "monitorsg" "2026-04-25 14:40:41", "1799755", "https://quiglgy.com/g", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116461718662848497", "KongTuke", "0", "monitorsg" "2026-04-25 14:40:40", "1799756", "https://quiglgy.com/c", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116461718662848497", "KongTuke", "0", "monitorsg" "2026-04-25 14:40:40", "1799759", "bleu-5.dua1ismmatron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 21:19:27", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:40", "1799763", "rouge-4.fixt-turbine.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 21:48:27", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:39", "1799764", "dark-berg-2.fixt-turbine.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 21:51:14", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:39", "1799770", "vert-3.ales1ine.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 22:26:03", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:37", "1799771", "zenmetrics-software.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "90", "False", "https://github.com/Lenny-3BO/threat-intel/tree/main/clickfix/zenmetrics-luxespa-clickfix", "ClickFix,FastAPI,Python-embed,RAT,RMM,zm_agent", "0", "Lenny_3BO" "2026-04-25 14:40:37", "1799773", "198.251.88.136:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "80", "False", "https://github.com/Lenny-3BO/threat-intel/tree/main/clickfix/zenmetrics-luxespa-clickfix", "ClickFix,FastAPI,Python-embed,RAT,RMM,zm_agent", "0", "Lenny_3BO" "2026-04-25 14:40:36", "1799772", "144.31.215.205:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "85", "False", "https://github.com/Lenny-3BO/threat-intel/tree/main/clickfix/zenmetrics-luxespa-clickfix", "ClickFix,FastAPI,Python-embed,RAT,RMM,zm_agent", "0", "Lenny_3BO" "2026-04-25 14:40:36", "1799774", "https://zenmetrics-software.com/api/devices/register", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "70", "False", "https://github.com/Lenny-3BO/threat-intel/tree/main/clickfix/zenmetrics-luxespa-clickfix", "ClickFix,FastAPI,Python-embed,RAT,RMM,zm_agent", "0", "Lenny_3BO" "2026-04-25 14:40:35", "1799775", "https://zenmetrics-software.com/api/ws/monitor/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "70", "False", "https://github.com/Lenny-3BO/threat-intel/tree/main/clickfix/zenmetrics-luxespa-clickfix", "ClickFix,FastAPI,Python-embed,RAT,RMM,zm_agent", "0", "Lenny_3BO" "2026-04-25 14:40:35", "1799776", "https://zenmetrics-software.com/api/telegram-loggers/mine", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "70", "False", "https://github.com/Lenny-3BO/threat-intel/tree/main/clickfix/zenmetrics-luxespa-clickfix", "ClickFix,FastAPI,Python-embed,RAT,RMM,zm_agent", "0", "Lenny_3BO" "2026-04-25 14:40:34", "1799777", "zenmetrics.io", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "65", "False", "https://github.com/Lenny-3BO/threat-intel/tree/main/clickfix/zenmetrics-luxespa-clickfix", "ClickFix,FastAPI,Python-embed,RAT,RMM,zm_agent", "0", "Lenny_3BO" "2026-04-25 14:40:33", "1799779", "holz-baum-8.ales1ine.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 22:36:29", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:32", "1799782", "windows-telemetry.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "100", "False", "https://bazaar.abuse.ch/sample/f825a78f294e7296b13a590ca7c4b857f4fbe596fd1da44b4e7e4bd356abaa43/", "CountLoader", "0", "aachum" "2026-04-25 14:40:32", "1799783", "https://windows-telemetry.cc/api/submit", "url", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "100", "False", "https://bazaar.abuse.ch/sample/f825a78f294e7296b13a590ca7c4b857f4fbe596fd1da44b4e7e4bd356abaa43/", "CountLoader", "0", "aachum" "2026-04-25 14:40:31", "1799784", "adverbrequire.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "50", "True", "", "SocGholish", "0", "varysz" "2026-04-25 14:40:30", "1799787", "zeit-9.ales1ine.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 22:56:53", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:30", "1799791", "api.uioplerixtem.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2026-04-25 02:13:59", "50", "True", "", "SocGholish", "0", "varysz" "2026-04-25 14:40:29", "1799793", "pa-portal.benningtonspringsmhp.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "50", "True", "", "SocGholish", "0", "varysz" "2026-04-25 14:40:28", "1799794", "fast-berg-4.archit-physiol.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 23:13:13", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:27", "1799796", "gold-5.archit-physiol.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 23:23:38", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:27", "1799799", "soft-fire-6q.archit-physiol.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 23:27:14", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:27", "1799800", "haus-2.archit-physiol.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 23:36:38", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:26", "1799805", "rouge-8.slanikt7ay.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 23:46:09", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:26", "1799808", "noir-6.slanikt7ay.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-24 23:56:29", "100", "False", "None", "24April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:25", "1799818", "vert-2.cicada-tkacki.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 00:28:04", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:25", "1799822", "gold-mond-9z.cicada-tkacki.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 00:44:15", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:24", "1799824", "iron-star-2n.caissonnarc0m.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 00:57:56", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:24", "1799827", "176.65.139.141:1024", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "False", "None", "mirai", "0", "seckle" "2026-04-25 14:40:23", "1799828", "edaciousedacioussewcomfortless.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "50", "True", "", "SocGholish", "0", "varysz" "2026-04-25 14:40:23", "1799829", "soft-land-4.caissonnarc0m.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 01:13:40", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:22", "1799830", "noir-7.caissonnarc0m.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 01:25:35", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:22", "1799836", "holz-baum-4.excavat-toponym.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 01:50:50", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:20", "1799834", "blue-fire-8x.excavat-toponym.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 01:40:15", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:19", "1799837", "https://deepnoxa.com/update.zip", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "None", "clickfix,drawio-sideload,electron-loader", "0", "Lenny_3BO" "2026-04-25 14:40:19", "1799838", "https://deepnoxa.com/q", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "None", "clickfix,drawio-sideload,electron-loader", "0", "Lenny_3BO" "2026-04-25 14:40:17", "1799839", "deepnoxa.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "None", "clickfix,drawio-sideload,electron-loader", "0", "Lenny_3BO" "2026-04-25 14:40:17", "1799840", "https://chimefusion.com/u/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "clickfix,drawio-sideload,electron-loader", "0", "Lenny_3BO" "2026-04-25 14:40:17", "1799841", "chimefusion.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "clickfix,drawio-sideload,electron-loader", "0", "Lenny_3BO" "2026-04-25 14:40:16", "1799842", "0642708ec7c25dec3168f1ab275a29bfd3cf69fe3afc3d5c6eadfa6750102883", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "None", "clickfix,drawio-sideload,electron-loader", "0", "Lenny_3BO" "2026-04-25 14:40:16", "1799843", "d942e9cfc0ca32a3d66ec690090ee22dca74953efed6889fb2292de36f5e39fd", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "None", "clickfix,drawio-sideload,electron-loader", "0", "Lenny_3BO" "2026-04-25 14:40:16", "1799844", "dark-6.excavat-toponym.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 01:57:16", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:15", "1799846", "gold-2.excavat-toponym.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 02:20:19", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:15", "1799847", "dsf2.excavat-toponym.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 02:26:04", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:15", "1799858", "jz8ef5.dex3lavan.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 03:40:52", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:14", "1799859", "svvift5-trace.dex3lavan.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 03:49:24", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:14", "1799861", "publish2-mount.bexla9rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 03:58:25", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:13", "1799870", "canopystor.bexla9rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 04:27:52", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:13", "1799874", "passiv-reage.qiv2moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 04:41:15", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:11", "1799876", "cultureengine.qiv2moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 04:55:54", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:10", "1799879", "audittiny.qiv2moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 05:12:54", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:10", "1799897", "starwinter.rax4pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 06:05:43", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:09", "1799911", "argrs.sylo6mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 06:55:46", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:08", "1799906", "falforma.rax4pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 06:40:03", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:07", "1799913", "25eap9f.sylo6mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 07:00:58", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:06", "1799923", "atomicextract.to9varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 07:33:57", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:06", "1799924", "rntfvps.to9varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 07:37:21", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:06", "1799929", "ash-leaf.to9varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 07:54:50", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:05", "1799930", "inkraven.kymle1rax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 07:59:35", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:05", "1799931", "tercheck.kymle1rax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 08:06:04", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:03", "1799932", "auto-update.tx-wealth.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/116464320214715870", "SocGholish", "0", "monitorsg" "2026-04-25 14:40:02", "1799935", "http://24.152.36.241:8080", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "49", "False", "https://zenox.ai/en/lofystealer-malware-mirando-jogadores-de-minecraft/", "LofyStealer", "0", "johannes" "2026-04-25 14:40:01", "1799941", "vor-spireos.nov3liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 08:43:04", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:01", "1799945", "serven5um.nov3liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 08:57:40", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:01", "1799948", "springledg.nov3liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 09:06:02", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:40:00", "1799956", "conv3r5-glow.dex3lavan.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 09:35:38", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:55", "1799959", "mossphoto.zex8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 09:52:52", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:54", "1799960", "trigg-crest.rax4pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 09:58:22", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:54", "1799963", "149.12.67.231:139", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Xtreme RAT", "0", "whoamix302" "2026-04-25 14:39:53", "1799964", "119.167.191.229:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Xtreme RAT", "0", "whoamix302" "2026-04-25 14:39:53", "1799965", "151.241.88.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 08:24:11", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,cobeacon", "0", "whoamix302" "2026-04-25 14:39:53", "1799966", "91.92.242.228:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-25 14:39:52", "1799967", "83.142.209.58:8081", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-25 14:39:52", "1799968", "173.211.46.145:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "75", "False", "", "1xxbot,ArechClient,SectopRAT", "0", "whoamix302" "2026-04-25 14:39:48", "1799970", "valehar.nov3liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 10:24:18", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:47", "1799972", "hyper-inv0ice.miv4soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 10:42:44", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:47", "1799973", "sknrzs3z.miv4soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 10:45:46", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:47", "1799974", "zrkjvdly.podfdch.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "50", "True", "", "SocGholish", "0", "varysz" "2026-04-25 14:39:46", "1799976", "sermarkos.miv4soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 10:54:38", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:46", "1799979", "del1v-graph.dex7lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 11:13:58", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:45", "1799984", "planrec.bexla2rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 11:48:07", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:45", "1799986", "colocip.bexla2rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 12:01:12", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:44", "1799981", "kelcoreos9.dex7lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 11:27:13", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:43", "1799996", "3nzy-layer.qiv9moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 12:48:14", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:42", "1799988", "bundleform.bexla2rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:41", "1800001", "publishbark.zex3liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 13:07:58", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:41", "1800002", "velmesh7ix.zex3liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 13:11:32", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:40", "1800004", "https://ledger.eu.com/ledger-live-desktop.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "ninjacatcher" "2026-04-25 14:39:39", "1800005", "igotnofriendsonlineorirl-imgonnakmslmao.skyhanni.cloud", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "49", "False", "https://www.stepsecurity.io/blog/elementary-data-compromised-on-pypi-and-ghcr-forged-release-pushed-via-github-actions-script-injection", "DoubleFantasy,Gibberish,LiteLLM,Payload,TeamPCP,Telnyx", "0", "johannes" "2026-04-25 14:39:38", "1800009", "pixe2-zone.zex3liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 13:36:13", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:38", "1800010", "f4ct0ry-mark.zex3liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 13:41:02", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:39:37", "1800015", "rain-line.rax5pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 14:06:05", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-25 14:35:33", "1800025", "reagentcore.sylo8mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 14:35:44", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 14:29:34", "1800024", "dealparc.sylo8mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 14:30:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 14:23:58", "1800023", "l1ch-mesh.rax5pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 14:26:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 14:21:35", "1800022", "47.94.167.171:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-25 14:21:32", "1800021", "39.97.233.222:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-25 14:21:21", "1800020", "8.136.97.98:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 08:23:29", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2026-04-25 14:18:37", "1800019", "107.189.17.214:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-25 14:18:09", "1800018", "80.78.30.153:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-26 18:08:50", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-25 14:17:33", "1800017", "124.222.75.188:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 08:24:17", "100", "False", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2026-04-25 14:10:17", "1800016", "campa-fla.rax5pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 14:18:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 973