################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2025-12-13 05:48:34 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-12-13 05:48:34", "1677651", "2yri.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:49:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 05:38:10", "1677650", "m18.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:39:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 05:26:53", "1677649", "oel6h.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:27:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 05:18:06", "1677648", "mwqkv.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:19:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 05:07:59", "1677647", "gqs5d.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:10:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 04:57:59", "1677646", "t1i.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:00:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 04:47:39", "1677645", "gamma.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:48:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 04:37:18", "1677644", "gwe.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:38:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 04:27:36", "1677643", "soft.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:29:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 04:18:57", "1677642", "a0a.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:19:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 04:08:02", "1677641", "h819.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:09:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 03:58:09", "1677617", "nx.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:00:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 03:42:46", "1677616", "i5xu.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:49:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 03:38:02", "1677615", "flare.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:40:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 03:28:41", "1677614", "iyp61.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:30:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 03:17:23", "1677613", "deep.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:19:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 03:07:34", "1677612", "w10ok.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:12:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 02:57:21", "1677610", "yxvgh.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:59:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 02:47:03", "1677608", "champ.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:52:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 02:36:11", "1677607", "zh8qj.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:39:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 02:28:01", "1677606", "fh9.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:28:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 02:17:40", "1677605", "blood.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:23:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 02:07:50", "1677604", "8y.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:09:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 01:57:37", "1677603", "dsav5.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:00:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 01:47:45", "1677602", "crest.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:49:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 01:37:35", "1677601", "book.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:43:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 01:27:38", "1677600", "di.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:33:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 01:17:24", "1677599", "dz4y1.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:24:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 01:07:06", "1677598", "lqd.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:08:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 00:55:44", "1677596", "wy1.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:57:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 00:48:02", "1677595", "ocean.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:49:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 00:38:11", "1677594", "shadow.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:39:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 00:27:20", "1677593", "z6.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:28:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 00:17:33", "1677592", "bridge.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:23:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-13 00:07:20", "1677591", "light.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:09:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 23:57:27", "1677583", "yzmbi.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:58:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 23:47:09", "1677582", "storm.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:49:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 23:36:51", "1677581", "wild.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:40:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 23:22:00", "1677580", "guard.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:25:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 23:17:00", "1677579", "trace.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:21:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 23:07:47", "1677578", "spark.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:09:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 22:57:26", "1677542", "jtp4r.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:59:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 22:47:44", "1677541", "ember.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:49:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 22:37:50", "1677540", "2ic.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:40:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 22:29:05", "1677538", "neuro.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:31:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 22:19:11", "1677535", "byte.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:23:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 22:07:57", "1677534", "zeq3.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:09:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 21:57:40", "1677533", "mint.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:00:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 21:47:52", "1677532", "sabr6.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:51:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 21:44:45", "1677531", "epfe.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:45:51", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 21:37:31", "1677530", "p8.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:38:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 21:28:39", "1677528", "field.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:35:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 21:25:25", "1677527", "m9dbmhskb.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/ee28b64d4e17826527e6ee7bdf9ac22f8adb5d2c06ed533e8206f9fceecdcd8c/", "xworm", "0", "abuse_ch" "2025-12-12 21:17:21", "1677526", "q1.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:19:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 21:07:31", "1677524", "bbpa.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:10:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 20:58:44", "1677522", "dndhub.xyz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClickFix,PureHVNC", "0", "threatcat_ch" "2025-12-12 20:57:17", "1677521", "vdf.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:59:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 20:47:00", "1677520", "core.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:47:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 20:38:08", "1677519", "3w.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:39:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 20:27:53", "1677517", "z4l.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:29:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 20:17:33", "1677516", "lq.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:19:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 20:07:47", "1677514", "yl90o.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:14:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 20:03:02", "1677501", "fpt.dfp.abdullah-sharif.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-12 23:01:33", "100", "https://search.censys.io/hosts/45.32.154.228+fpt.dfp.abdullah-sharif.com", "AS-VULTR,AS20473,C2,censys,Havoc", "0", "DonPasci" "2025-12-12 20:03:01", "1677499", "arabsea.testingweblink.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-12 23:01:33", "100", "https://search.censys.io/hosts/188.166.156.56+arabsea.testingweblink.com", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-12-12 20:03:01", "1677500", "adfs.abdullah-sharif.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-12 23:01:33", "100", "https://search.censys.io/hosts/45.32.154.228+adfs.abdullah-sharif.com", "AS-VULTR,AS20473,C2,censys,Havoc", "0", "DonPasci" "2025-12-12 19:57:28", "1677480", "short.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:02:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 19:47:50", "1677478", "6xy2.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:53:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 19:35:18", "1677477", "fdvfr.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:41:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 19:27:04", "1677476", "hill.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:27:56", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 19:17:16", "1677474", "dur71.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:19:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 19:07:59", "1677473", "flame.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:10:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 18:52:35", "1677461", "beta.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:02:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 18:46:50", "1677459", "k5i.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:48:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 18:38:03", "1677009", "omega.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:39:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 18:27:14", "1676975", "6t5.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:28:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 18:17:26", "1676974", "river.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:19:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 18:07:12", "1676973", "au.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:09:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 18:02:58", "1676972", "sodendick-39162.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251212-vd96astldy", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-12-12 18:02:13", "1676970", "1.tcp.clar.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-qwd4csdm2w", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-12 18:02:12", "1676969", "8.tcp.clar.top", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-qzd8ja1qbq", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-12 18:02:11", "1676966", "entire-so.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-wdyypstnaq", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-12 18:02:11", "1676967", "dad9idois-44752.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-tnvypatjdz", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-12 17:58:28", "1676771", "xk8.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:59:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 17:48:03", "1676770", "hdbg.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:49:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 17:34:40", "1676767", "sdsu.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:35:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 17:28:01", "1676766", "2vv6.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:28:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 17:17:44", "1676763", "inter.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:19:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 17:07:26", "1676762", "wind.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:08:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 17:05:28", "1676761", "leqdger.click", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake,ClickFix", "0", "threatcat_ch" "2025-12-12 16:57:48", "1676759", "8cu.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:04:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 16:52:46", "1676757", "9vq0tzgx64793.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 05:47:47", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-12 16:47:23", "1676756", "i6.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:49:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 16:38:05", "1676754", "1tza.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:39:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 16:27:15", "1676742", "mouc.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:32:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 16:24:07", "1676702", "intercttp.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/ffd46048b8ead14d5bd8c05d340fe00b6695093dac18ad55eda6d74457fe29ae/", "c2", "0", "burger" "2025-12-12 16:24:07", "1676706", "italy-divine.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-12 16:24:05", "1676721", "content-v2-verisoiu.icu", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "stealc", "0", "amznemu" "2025-12-12 16:24:04", "1676722", "joyeriatauro.com", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "stealc", "0", "amznemu" "2025-12-12 16:18:01", "1676737", "alpha.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:20:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 16:07:45", "1676736", "z9s.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:09:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 15:58:18", "1676723", "peak.nightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:00:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 15:48:26", "1676717", "zj3m0.nightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:48:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 15:37:49", "1676707", "branch.nightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:39:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 15:28:28", "1676704", "uqdz.nightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:29:59", "100", "None", "clearfake", "1", "ttakvam" "2025-12-12 15:21:25", "1676703", "clear.brightgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:22:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 15:11:54", "1676701", "t84g.brightgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:14:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 15:08:17", "1676697", "i3o.brightgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:10:56", "100", "None", "clearfake", "1", "ttakvam" "2025-12-12 14:57:28", "1676689", "oput.brightgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 14:58:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 14:41:10", "1676678", "hcg.cloudreach.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 14:51:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 14:37:25", "1676677", "ihokolkasdiemh.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/178.16.53.88", "c2,censys,domain,Latrodectus", "0", "DonPasci" "2025-12-12 14:36:05", "1676676", "aniradodokloiure.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://threatfox.abuse.ch/ioc/1673816/", "c2,censys,domain,Latrodectus", "0", "DonPasci" "2025-12-12 14:34:57", "1676675", "jiontrusdergaseol.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/158.94.209.164", "c2,censys,domain,Latrodectus", "0", "DonPasci" "2025-12-12 14:34:08", "1676674", "gastroikoliojauiol.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/158.94.209.173", "c2,censys,domain,Latrodectus", "0", "DonPasci" "2025-12-12 14:29:53", "1676641", "kevincheat.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/f4d788440fe7232667ab1c1062ee6521001c93f4f3f7dc32feb303cf420b64fe/", "None", "0", "burger" "2025-12-12 14:29:52", "1676645", "buradakimvar.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://www.virustotal.com/gui/domain/buradakimvar.xyz/relations", "c2,stealer", "0", "burger" "2025-12-12 14:08:47", "1676650", "s9ps.cloudreach.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 14:10:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 13:57:23", "1676649", "tp.cloudreach.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 14:18:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 13:50:13", "1676648", "cwci.oceandrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 13:51:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 13:46:01", "1676647", "ic7y.oceandrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 13:47:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 13:37:16", "1676646", "gsv54.oceandrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 13:38:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 13:28:00", "1676644", "gamma.oceandrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 13:34:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 13:17:41", "1676643", "7yyu6.snowcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 13:18:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 13:08:06", "1676640", "zwo.snowcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 13:09:47", "100", "None", "clearfake", "1", "ttakvam" "2025-12-12 12:57:37", "1676637", "vz.snowcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 13:04:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 12:55:45", "1676636", "cacodsq.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-12-12 12:53:48", "1676631", "raisinc.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-12-12 12:53:48", "1676632", "genustt.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-12-12 12:53:48", "1676633", "servilg.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-12-12 12:53:48", "1676634", "fixedwr.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-12-12 12:53:48", "1676635", "dhulhxu.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-12-12 12:47:57", "1676628", "night.snowcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 12:48:48", "100", "None", "clearfake", "1", "ttakvam" "2025-12-12 12:37:32", "1676622", "wind.mounta1npath.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 12:40:56", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 12:27:17", "1676620", "nh60c.mounta1npath.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 12:28:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 12:25:34", "1676619", "asirojointofucks.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/158.94.209.166", "c2,censys,domain,Latrodectus", "0", "DonPasci" "2025-12-12 12:19:12", "1676618", "neurolattice.com", "domain", "botnet_cc", "win.matanbuchus", "None", "Matanbuchus", "", "100", "https://www.virustotal.com/gui/file/92a2e2a124a106af33993828fb0d4cdffd9dac8790169774d672c30747769455", "c2,domain,Matanbuchus,virustotal", "0", "DonPasci" "2025-12-12 12:18:26", "1676617", "core.mounta1npath.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 12:20:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 12:07:11", "1676616", "s9i01.mounta1npath.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 12:08:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 12:02:17", "1676605", "register.spc.jp.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-12 12:02:20", "100", "https://tria.ge/251212-lnw7razlak", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-12 11:57:50", "1676602", "k38.deepbreez3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 11:58:51", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 11:50:54", "1676566", "baritale.com", "domain", "botnet_cc", "win.matanbuchus", "None", "Matanbuchus", "", "75", "", "None", "0", "plebourhis" "2025-12-12 11:47:02", "1676601", "8wp1.deepbreez3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 11:48:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 11:30:35", "1676600", "stone.deepbreez3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 11:33:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 11:28:11", "1676599", "field.deepbreez3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 11:28:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 11:17:38", "1676598", "z24rf.mistyshore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 11:19:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 11:07:24", "1676597", "q71t.mistyshore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 11:09:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 10:57:30", "1676565", "ue.mistyshore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 10:59:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 10:47:13", "1676564", "shore.mistyshore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 10:49:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 10:37:57", "1676563", "fox.clears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 10:38:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 10:28:04", "1676562", "jt77.clears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 10:30:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 10:18:51", "1676561", "3e.clears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 10:23:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 10:07:26", "1676560", "drift.clears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 10:08:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 09:57:42", "1676558", "zgeg.forestcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 10:03:56", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 09:46:21", "1676557", "e08z3.forestcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 09:50:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 09:38:38", "1676556", "host.forestcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 09:45:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 09:34:28", "1676555", "3gky.forestcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 09:38:20", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 09:32:20", "1676554", "jjt.f0xwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 09:33:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 09:27:10", "1676553", "mist.f0xwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 09:29:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 09:17:18", "1676552", "554r5.f0xwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 09:19:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 09:06:56", "1676551", "kp3uw.f0xwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 09:15:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 08:58:15", "1676548", "forest.clearh0st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 09:00:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 08:48:57", "1676547", "mint.clearh0st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 08:50:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 08:40:41", "1676544", "river.clearh0st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 08:42:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 08:31:56", "1676543", "8l8gr.clearh0st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 08:34:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 08:27:45", "1676540", "crest.m1stleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 08:29:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 08:18:03", "1676539", "cwt.m1stleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 08:19:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 08:05:34", "1676534", "qo1u.m1stleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 08:07:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 07:57:40", "1676480", "yljy.m1stleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 08:04:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 07:42:55", "1676479", "0s.frostbranch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 07:44:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 07:38:14", "1676478", "d5.frostbranch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 07:39:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 07:25:19", "1676477", "ffmg.frostbranch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-12-12 07:18:03", "1676475", "sky.frostbranch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 07:20:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 07:07:54", "1676466", "nova.cleardawn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 07:09:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 07:07:07", "1676464", "bamboopaw2021.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/9dcfd6ad92ba2a0b05036cec9696abd6b8ff922c8694723aa07790f08ae50495/", "MaskGramStealer", "0", "abuse_ch" "2025-12-12 06:58:11", "1676463", "e5w.cleardawn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 06:59:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 06:47:38", "1676461", "60sek.cleardawn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 06:53:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 06:37:20", "1676460", "bridge.cleardawn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 06:39:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 06:36:37", "1676459", "brands.khaitara.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,TA569", "0", "juroots" "2025-12-12 06:35:42", "1676455", "api.qtss.cc", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,PeerBlight", "0", "juroots" "2025-12-12 06:35:42", "1676456", "vps-zap812595-1.zap-srv.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,PeerBlight", "0", "juroots" "2025-12-12 06:35:42", "1676457", "help.093214.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,PeerBlight", "0", "juroots" "2025-12-12 06:35:42", "1676458", "keep.camdvr.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,PeerBlight", "0", "juroots" "2025-12-12 06:34:57", "1676454", "app.enzirt.com", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "50", "", "c2,Gholoader", "0", "juroots" "2025-12-12 06:34:56", "1676453", "api.htscefh.com", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "50", "", "c2,Gholoader", "0", "juroots" "2025-12-12 06:34:45", "1676252", "microservice-update-s1-bucket.cc", "domain", "payload_delivery", "win.amatera", "None", "Amatera", "", "100", "https://bazaar.abuse.ch/sample/69a221fe8833624d52031f5c6243745ea901b5622231de26bd52023ff667a71c/", "amatera,payload", "0", "burger" "2025-12-12 06:34:45", "1676255", "microservice-update-s2-bucket.cc", "domain", "payload_delivery", "win.amatera", "None", "Amatera", "", "100", "", "amaterastealer,payload", "0", "burger" "2025-12-12 06:34:45", "1676259", "api-w11c.onrender.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/6659f6e7120e112b2d1e5bdd469ed4935c5a11144575950c6e14173a49c1bff9/", "c2,SilentStealer", "0", "burger" "2025-12-12 06:34:39", "1676366", "nkpoor.sa.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-12 06:27:31", "100", "https://www.virustotal.com/gui/file/9c19c389e49db92049126a213f3b1dcebe17781919517df6c7c028f44e4c0787", "AsyncRAT,botnet,c2", "0", "Amethyste" "2025-12-12 06:34:38", "1676367", "download.nkpoor.sa.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-12 06:27:31", "100", "https://www.virustotal.com/gui/file/9c19c389e49db92049126a213f3b1dcebe17781919517df6c7c028f44e4c0787", "AsyncRAT,botnet,c2", "0", "Amethyste" "2025-12-12 06:34:32", "1676446", "totalservices.info", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,ShadowAgent,TA396", "0", "juroots" "2025-12-12 06:34:32", "1676447", "broughservice.info", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,ShadowAgent,TA396", "0", "juroots" "2025-12-12 06:34:32", "1676448", "theoyservices.info", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,ShadowAgent,TA396", "0", "juroots" "2025-12-12 06:34:32", "1676449", "excesswintex.info", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,ShadowAgent,TA396", "0", "juroots" "2025-12-12 06:34:32", "1676450", "brityservice.info", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,ShadowAgent,TA396", "0", "juroots" "2025-12-12 06:34:32", "1676451", "bijoyshare.buzz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,ShadowAgent,TA396", "0", "juroots" "2025-12-12 06:34:32", "1676452", "sharetobijoy.buzz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,ShadowAgent,TA396", "0", "juroots" "2025-12-12 06:34:04", "1675842", "gov.hanel.work", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://bazaar.abuse.ch/sample/13fc514b39ed0c2a5dffd9baeb74a0ef77e1935e7de65adcc220a03ab2d44d66/", "c2,domain,vidar", "0", "burger" "2025-12-12 06:33:38", "1676445", "wwexp.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "50", "", "LandUpdate808", "0", "juroots" "2025-12-12 06:30:45", "1676442", "country-tex.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-12-12 06:29:46", "1676433", "gugugulol.kenkejai.com", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-12-12 06:29:18", "1676431", "google.motchilltv.red", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-12 06:29:04", "1676429", "sarefy07.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "50", "", "c2,cryptbot", "0", "juroots" "2025-12-12 06:29:04", "1676430", "sarjeb09.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "50", "", "c2,cryptbot", "0", "juroots" "2025-12-12 06:29:03", "1676428", "damysa10.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "50", "", "c2,cryptbot", "0", "juroots" "2025-12-12 06:26:58", "1676418", "eia.dr1ftshade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 06:28:12", "100", "None", "clearfake", "1", "ttakvam" "2025-12-12 06:18:09", "1676417", "ebsk.dr1ftshade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 06:18:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 06:07:52", "1676416", "range.dr1ftshade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 06:09:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 06:03:06", "1676415", "malware.quality.it.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-12 06:03:07", "100", "https://tria.ge/251212-c1yrnszrcv", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-12 06:03:05", "1676414", "quality.it.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-12 06:03:06", "100", "https://tria.ge/251212-c1yrnszrcv", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-12 06:02:56", "1676413", "malware.medcom.it.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-12 06:02:57", "100", "https://tria.ge/251212-bqc7jshz8a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-12 06:02:54", "1676412", "medcom.it.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-12 06:02:56", "100", "https://tria.ge/251212-bqc7jshz8a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-12 06:02:16", "1676411", "mariajose12.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-12 18:38:18", "100", "https://tria.ge/251212-egqm3a1ket", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-12 06:02:08", "1676408", "halahtyb-45632.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-c2l49swqgp", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-12 06:02:08", "1676409", "halahtyb-41206.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-cfe4tszpaz", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-12 05:55:05", "1676407", "xew2z.dr1ftshade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 06:00:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 05:41:45", "1676406", "wave.skyf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 05:43:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 05:36:32", "1676405", "x93.skyf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 05:37:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 05:27:52", "1676404", "6rpmj.skyf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 05:29:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 05:19:24", "1676403", "beta.skyf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 05:26:56", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 05:17:15", "1676402", "r8x.l1ghtshore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 05:18:11", "100", "None", "clearfake", "1", "ttakvam" "2025-12-12 05:07:35", "1676401", "omega.l1ghtshore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 05:08:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 04:57:11", "1676400", "cr.l1ghtshore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 04:58:02", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 04:48:37", "1676398", "p1fb9.l1ghtshore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 04:53:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 04:31:01", "1676397", "sun.s0ftcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 04:32:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 04:27:55", "1676396", "storm.s0ftcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 04:29:20", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 04:18:02", "1676395", "dh28.s0ftcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 04:18:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 04:07:52", "1676394", "hill.s0ftcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 04:14:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 04:02:52", "1676387", "testcuncr.testingweblink.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-12 11:01:40", "100", "https://search.censys.io/hosts/188.166.156.56+testcuncr.testingweblink.com", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-12-12 03:57:27", "1676375", "cwscj.stonec0re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 03:58:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 03:47:07", "1676374", "69z.stonec0re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 03:48:51", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 03:38:19", "1676373", "ocean.stonec0re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 03:38:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 03:27:06", "1676372", "tur.stonec0re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 03:28:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 03:17:20", "1676371", "breeze.br1ghtstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 03:23:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 03:07:58", "1676370", "k1v5q.br1ghtstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 03:11:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 02:57:40", "1676365", "a72o.br1ghtstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 02:59:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 02:48:29", "1676360", "up.mcprotocol.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 05:48:03", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-12 02:48:15", "1676359", "c2.tiktok-js.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 05:47:48", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-12 02:47:55", "1676358", "snow.br1ghtstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 02:50:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 02:37:48", "1676357", "4b.cloudpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 02:43:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 02:27:32", "1676356", "7iwp.cloudpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 02:33:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 02:17:13", "1676355", "bright.cloudpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 02:23:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 02:07:28", "1676354", "qk8q.cloudpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 02:08:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 01:57:11", "1676353", "ukd0.saffron-dent.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 01:59:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 01:48:11", "1676352", "jitter.saffron-dent.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 01:48:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 01:38:09", "1676351", "cobble.saffron-dent.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 01:40:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 01:27:44", "1676350", "2njv.saffron-dent.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 01:29:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 01:17:27", "1676349", "d8iw.saffrondent.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 01:19:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 01:07:42", "1676348", "sn7.saffrondent.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 01:09:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 01:03:25", "1676347", "pq.saffrondent.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 01:06:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 00:57:47", "1676346", "qmolq.saffrondent.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 00:58:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 00:47:22", "1676345", "i4o3.twig-mantle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 00:49:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 00:37:06", "1676344", "bf1.twig-mantle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 00:39:02", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 00:21:11", "1676343", "dlnd.twig-mantle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 00:23:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 00:17:01", "1676342", "shackle.twig-mantle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 00:19:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-12 00:07:41", "1676339", "qwg6.orbshackle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 00:09:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 23:57:50", "1676335", "g1gq.orbshackle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 00:03:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 23:47:34", "1676334", "loom.orbshackle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 23:48:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 23:37:21", "1676331", "vex.orbshackle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 23:38:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 23:27:30", "1676330", "alpha.orb-shackle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 23:33:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 23:17:11", "1676329", "v8.orb-shackle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 23:23:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 23:08:20", "1676325", "cc.orb-shackle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 23:14:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 23:01:27", "1676307", "lab.w42o.online", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.169.194.248+lab.w42o.online", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "dyingbreeds_" "2025-12-11 22:58:08", "1676269", "clink.orb-shackle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 23:00:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 22:47:50", "1676268", "2v.cl1nkbarge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 22:48:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 22:38:02", "1676267", "ijct.cl1nkbarge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 22:43:20", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 22:27:42", "1676266", "x7xh.cl1nkbarge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 22:28:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 22:17:26", "1676265", "wztbj.cl1nkbarge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 22:22:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 22:07:36", "1676264", "mantle.pr0wlmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 22:09:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 21:59:19", "1676262", "dxd.pr0wlmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 22:02:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 21:48:25", "1676261", "delta.pr0wlmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 21:49:56", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 21:38:09", "1676258", "twig.pr0wlmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 21:43:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 21:27:53", "1676257", "pincer.twigmantle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 21:29:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 21:18:08", "1676256", "dent.twigmantle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 21:20:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 21:07:44", "1676253", "1jd.twigmantle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 21:08:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 21:02:35", "1676249", "fla.twigmantle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 21:02:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 20:57:30", "1676247", "uz.cobble-yard.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 20:59:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 20:50:52", "1676246", "xxqr.cobble-yard.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 20:52:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 20:50:20", "1676245", "malware.motchilltv.red", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/de723092b9584c66b9191b62d3b25b76bbf3e149ae8bf245d2be81ffa87bcf54/", "quasar", "0", "abuse_ch" "2025-12-11 20:47:34", "1676244", "em.cobble-yard.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 20:48:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 20:37:12", "1676243", "5fa4.cobble-yard.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 20:44:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 20:28:26", "1676241", "00w1g.j1ttersnap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 20:30:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 20:17:05", "1676240", "hu9.j1ttersnap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 20:19:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 20:08:29", "1676239", "prowl.j1ttersnap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 20:15:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 20:04:39", "1676233", "cdn.sentihey.dedyn.io", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-11 23:01:35", "100", "https://search.censys.io/hosts/212.132.68.79+cdn.sentihey.dedyn.io", "AS8560,C2,censys,Havoc,IONOS-AS", "0", "DonPasci" "2025-12-11 19:57:58", "1676085", "snap.j1ttersnap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 20:00:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 19:47:43", "1676084", "gamma.muddle-oak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 19:51:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 19:37:54", "1676082", "ub.muddle-oak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 19:39:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 19:29:29", "1676079", "wooddecor.com.br.kbral.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:29", "1676080", "watabaran.se", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:09", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:29", "1676081", "ysetechnologies.com.appniacs.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:28", "1676069", "vegasvalleycommercial.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:28", "1676070", "webdisk.shiningstarschildcare.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:28", "1676071", "webdisk.kasatnews.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:28", "1676072", "vitaricca-1.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:10", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:28", "1676073", "wordt-ontwikkeldbe.site.tb-hosting.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:28", "1676074", "wooddecor.kbral.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:28", "1676075", "yellowbird.siulyn.fr", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:28", "1676076", "verresel.jp", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:28", "1676077", "whm.tamiltotamil.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:09", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:28", "1676078", "whm.umeedshiksharath.org", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:27", "1676061", "study.bisabarengoby.id", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:27", "1676062", "teenpattijawaan.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:07", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:27", "1676063", "tes-totaleng.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:08", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:27", "1676064", "urbiagua.pt", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:27", "1676065", "vendamaiscomthiago.ads360imob.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:08", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:27", "1676066", "webmail.giracoin.io", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:27", "1676067", "webmail.mega77b.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:27", "1676068", "webfolddns.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:26", "1676051", "shiprbx.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:26", "1676052", "stavby.sk", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:26", "1676053", "suzuya-basketball-dog-house.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:26", "1676054", "staging.trytebox.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:26", "1676055", "stazio54.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:26", "1676056", "supvitalfree.verslo.io", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:26", "1676057", "tanakazu1977.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:07", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:26", "1676058", "tehahfandbtrading.com.nexus-my.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:26", "1676059", "syuchan.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:26", "1676060", "teresina.oligoflora.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:25", "1676046", "sebastiancafe.kbral.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:25", "1676047", "singlevendor.ninetysix.in", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:25", "1676048", "skincare123tokyo.info", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:25", "1676049", "shop.net-gazet.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:25", "1676050", "shareyourstory-org-zm.tizambia.org.zm", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676034", "portaldesigngrafico.com.br.agenciadelivearte.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676035", "psicologowil.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:02", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676036", "quabala-quabala.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:03", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676037", "qka.poy.temporary.site", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676038", "roumanie.sandierrot.fr", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676039", "rummagewi.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676040", "rummagewi.drcs-solutions.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676041", "quamecheng.co.zm", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676042", "sageproductions.tv", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:04", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676043", "red-eyesecurity.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676044", "schluesselringe.de", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:24", "1676045", "roku.jnishop.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:23", "1676025", "pickterra.mx.pickterra.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:23", "1676026", "perfectorder.jp", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:23", "1676027", "pickterra.com.mx", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:23", "1676028", "pmmblognoot.nl", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:23", "1676029", "patologiamoderna.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:00", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:23", "1676030", "nt4sc.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:23", "1676031", "psicogenealogia.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:23", "1676032", "pleiades-capite.ch", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:01", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:23", "1676033", "raessler.de", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:22", "1676018", "novasoftbd.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:22", "1676019", "pauloeduardodemelo1744295722000.2410142.meusitehostgator.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:22", "1676020", "pauloeduardodemelo1744294643000.2410142.meusitehostgator.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:22", "1676021", "peroccoalimentos.kbral.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:22", "1676022", "paypan.co", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:01:01", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:22", "1676023", "ontheoutside.cliffsurfcamp.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:22", "1676024", "paixetjoie.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:21", "1676011", "mail.sabihfinancials.pk", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:21", "1676012", "merchandise.risemyrank.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:21", "1676013", "minato-inc.net", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:59", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:21", "1676014", "new.parsoa.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:21", "1676015", "nicolekoettstorfer.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:21", "1676016", "newmobicard.mobimark.net", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:21", "1676017", "old.nicholastuck.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:20", "1676000", "mail.retena.ec", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:58", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:20", "1676001", "mail.quimicaelda.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:20", "1676002", "mail.kenandlindy.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:20", "1676003", "mail.kakmekakedemi.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:20", "1676004", "mail.imobiliariadevalor.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:20", "1676005", "mail.guardianpayment.systems", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:20", "1676006", "mail.purposehousepublishing.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:20", "1676007", "marmorariaserrana.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:20", "1676008", "manual.xxxx88.jp", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:20", "1676009", "mochi69.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:20", "1676010", "matsuura3.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:19", "1675989", "mail.dbnet.com.vc", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:19", "1675990", "lycon.co.id", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:58", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:19", "1675991", "mail.ipacarai.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:19", "1675992", "mail.landtransparency.org.zm", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:19", "1675993", "mail.opticlimb.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:19", "1675994", "mail.eventocontaduriafce.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:19", "1675995", "mail.pontualcascavel.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:19", "1675996", "mail.ihs.yin.mybluehost.me", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:19", "1675997", "mail.digital-keys.com.sa", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:19", "1675998", "mail.renaceconcarino.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:19", "1675999", "lineconnect-v4.0.0.marketplace-exam.site", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:18", "1675982", "mail.aimbotcheat.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:18", "1675983", "lomaka-tree.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:18", "1675984", "legacy.sushymns.org", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:55", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:18", "1675985", "mail.akoyahair.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:46", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:18", "1675986", "licon.com.ar", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:18", "1675987", "mail.authentiekeparfumerienl.online", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:18", "1675988", "mail.excavatingindustriesltd.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:17", "1675976", "landtransparency-org-zm.tizambia.org.zm", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:55", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:17", "1675977", "kinderweather.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:17", "1675978", "lecolinequintet.fr", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:17", "1675979", "kichijyoji-syodo.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:17", "1675980", "ljbeautynailssupply.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:17", "1675981", "landscapearchitectural.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:16", "1675968", "gutti.pe", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:16", "1675969", "innovatewith.net", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:54", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:16", "1675970", "innovative4x.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:16", "1675971", "kenandlindy.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:16", "1675972", "ilexis.net.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:16", "1675973", "jelas4d.co", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:16", "1675974", "iriasu.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:16", "1675975", "iyana.co.za.rocketrobs.co.za", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:15", "1675957", "habanero77.co", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:15", "1675958", "grubzskincare.zambosur.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:15", "1675959", "heathrowdevelopment.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:15", "1675960", "happydeliveryllc.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:15", "1675961", "hihotelsgroup.imperialsunnybeach.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:15", "1675962", "hasimja.pristine-tech.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:15", "1675963", "ifan-hebron.caldasservice.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:15", "1675964", "imobiliariadevalor.com.br.victorabrao.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:15", "1675965", "harry.staging.xrf.digital", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:15", "1675966", "honoriscoin.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:15", "1675967", "heda-project.eu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675945", "eyelens.in", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675946", "floridatextil.kbral.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675947", "emm.accarda.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675948", "ftp.lupolab.com.au", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:52", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675949", "ftp.beittur.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675950", "ftp.strivexventures.co.uk", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675951", "g42p2t-thewigdoctorshopcom-6261.site.tb-hosting.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675952", "floradatextil.kbral.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675953", "eqvola.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675954", "ftp.giracoin.io", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675955", "ftp.strivex.shop", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:14", "1675956", "fastsolution.asia", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:13", "1675935", "ead.universidadedaguerra.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:13", "1675936", "dev.theinstituteofreo.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:13", "1675937", "dranabellagonzalez.crearhosting.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:13", "1675938", "dmgthailand.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:51", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:13", "1675939", "ekattor.bhadracity.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:13", "1675940", "expansao.oligoflora.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:13", "1675941", "ertepehh.ikantoman.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:13", "1675942", "doblamet.grintic.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:13", "1675943", "engenhariadetecidos.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:13", "1675944", "eni24.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675922", "chestnut-park-apartments.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675923", "chebsajexport.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675924", "cpanel.joss77b.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:49", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675925", "dev.camidstudios.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675926", "cpanel.originalsvensktkrkort.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675927", "dancework-agency.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675928", "dagelan88.org", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:50", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675929", "dr-foerschner.de", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675930", "ebpp-i.accarda.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675931", "cube-a.biz", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675932", "cread-inc.co.jp", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675933", "economywise.coupons", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:12", "1675934", "demo88.org", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:50", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675909", "cbdcannalife.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675910", "cds-i.accarda.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675911", "bitrix24support.adm-center.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675912", "btcom.net", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675913", "catchsongmaker.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675914", "coachingcall.co.uk", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675915", "coachevanroth.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675916", "cpcontacts.chinabandy.org", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675917", "cpcontacts.kasatnews.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:54", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675918", "cpcontacts.moro-mie.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:50", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675919", "chrisopek.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675920", "chehabci.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:11", "1675921", "cognorvia.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:10", "1675903", "autoblogai.io", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:10", "1675904", "b.pendantkart.in", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:10", "1675905", "bca88.net", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:10", "1675906", "bellapenfold.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:10", "1675907", "botaniqlife.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:10", "1675908", "breezibeauti.sumillionaires.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:09", "1675893", "alleyglamour.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:09", "1675894", "aipros.click", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:09", "1675895", "arbitr-urist.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:09", "1675896", "autoconfig.uranium-news.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:09", "1675897", "autodiscover.blancosettlement.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:09", "1675898", "authentiekeparfumerie.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:09", "1675899", "autosmartmechanic.com.workwithastara.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:09", "1675900", "autodiscover.maritimnews.id", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:09", "1675901", "armazenebox.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:09", "1675902", "authentiekeparfumerienl.online", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:08", "1675887", "abs88.fit", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:08", "1675888", "acirurgica.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:08", "1675889", "affairstv.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:08", "1675890", "agenasia88slot.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2025-12-12 18:00:46", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:08", "1675891", "alejandro.websiteplay.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:29:08", "1675892", "alineesteves.kbral.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Clickfix,validin", "0", "DaveLikesMalwre" "2025-12-11 19:27:39", "1675886", "saffron.muddle-oak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 19:29:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 19:20:20", "1675885", "malware.nangtamlonto.top", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-12 06:03:01", "75", "https://bazaar.abuse.ch/sample/a0e52c62b620f7c7318fd87ec6d4d4a6e1141fab03e8f88e02cea45e2689fe95/", "quasar", "0", "abuse_ch" "2025-12-11 19:17:18", "1675884", "fuzz.muddle-oak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 19:19:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 19:08:48", "1675882", "trill.v0xletrill.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 19:09:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 18:58:14", "1675881", "t2.v0xletrill.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 19:00:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 18:47:55", "1675876", "9yd.v0xletrill.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 18:49:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 18:37:08", "1675873", "brisk.v0xletrill.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 18:43:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 18:27:48", "1675872", "barge.pincer-loom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 18:29:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 18:17:57", "1675871", "nova.pincer-loom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 18:18:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 18:07:40", "1675870", "omega.pincer-loom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 18:14:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 18:02:35", "1675868", "monocastro0612.1cooldns.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251211-gtht4aaq5x", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-11 18:02:06", "1675867", "water-included.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251211-rjxwdadr5t", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-11 18:02:05", "1675866", "S2lender-59991.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251211-wafmysey2b", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-11 17:57:26", "1675864", "oak.pincer-loom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 17:58:51", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 17:47:40", "1675860", "djno.cobbleyard.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 17:49:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 17:31:16", "1675859", "nib.cobbleyard.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 17:43:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 17:28:05", "1675857", "3cz39.cobbleyard.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 17:29:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 17:18:15", "1675856", "nhg.cobbleyard.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 17:24:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 17:08:11", "1675850", "opbz.pincerloom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 17:08:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 16:57:42", "1675849", "mint.pincerloom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 16:58:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 16:47:53", "1675847", "tangle.pincerloom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 16:49:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 16:37:34", "1675846", "yard.pincerloom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 16:38:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 16:21:39", "1675845", "orb.muddleoak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 16:22:02", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 16:16:28", "1675844", "uslrd.muddleoak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 16:18:20", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 16:08:35", "1675841", "grain.muddleoak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 16:10:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 16:03:46", "1675838", "msft.sts.abdullah-sharif.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-11 23:01:36", "100", "https://search.censys.io/hosts/45.32.154.228+msft.sts.abdullah-sharif.com", "AS-VULTR,AS20473,C2,censys,Havoc", "0", "DonPasci" "2025-12-11 15:55:25", "1675828", "7ch1.muddleoak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 15:56:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 15:48:09", "1675827", "uvfo2.fire1n5ulat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 15:51:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 15:39:45", "1675826", "s3.fire1n5ulat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 15:43:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 15:27:48", "1675825", "1zqb.fire1n5ulat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 15:28:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 15:13:43", "1675602", "iffrooypwm.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "amznemu" "2025-12-11 15:13:42", "1675597", "harshnz.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-12 12:53:48", "100", "", "None", "0", "amznemu" "2025-12-11 15:13:42", "1675598", "downind.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-12 12:53:48", "100", "", "None", "0", "amznemu" "2025-12-11 15:13:42", "1675599", "huddles.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-12 12:53:48", "100", "", "None", "0", "amznemu" "2025-12-11 15:13:42", "1675600", "product.360academybd.com", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "amznemu" "2025-12-11 15:13:42", "1675601", "deoxyrq.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-12 12:55:46", "100", "", "None", "0", "amznemu" "2025-12-11 15:11:19", "1675596", "uye.fire1n5ulat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 15:13:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 15:08:14", "1675595", "orx5.par2ch0ld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 15:09:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 14:57:27", "1675581", "quick.par2ch0ld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 14:59:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 14:46:09", "1675580", "ustg1.par2ch0ld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 14:51:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 14:31:15", "1675579", "u11v.par2ch0ld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 14:33:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 14:20:55", "1675577", "dxl08.ch2rmsan1nst.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 14:26:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 14:12:11", "1675576", "qxn.ch2rmsan1nst.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 14:13:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 14:07:57", "1675570", "mint.ch2rmsan1nst.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 14:08:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 13:57:39", "1675569", "5r.ch2rmsan1nst.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 13:59:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 13:49:15", "1675568", "charm.ist0mpi1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 13:49:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 13:44:14", "1675564", "ult.wraithbot.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/5da36b89427b237eaf57d03e7f9a4bbcf3fb34f60efcca9dabf8c20bcf7633e9/", "dropped-by-amadey,WraithBot,WraithNet", "0", "abuse_ch" "2025-12-11 13:44:14", "1675565", "ultbu2.wraithbot.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/5da36b89427b237eaf57d03e7f9a4bbcf3fb34f60efcca9dabf8c20bcf7633e9/", "dropped-by-amadey,WraithBot,WraithNet", "0", "abuse_ch" "2025-12-11 13:44:14", "1675566", "ultbu1.wraithbot.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/5da36b89427b237eaf57d03e7f9a4bbcf3fb34f60efcca9dabf8c20bcf7633e9/", "dropped-by-amadey,WraithBot,WraithNet", "0", "abuse_ch" "2025-12-11 13:37:34", "1675562", "5b.ist0mpi1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 13:39:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 13:32:22", "1675561", "wrenobservation.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-12-11 13:27:14", "1675558", "sparkle.ist0mpi1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 13:28:51", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 13:23:55", "1675529", "lalanikas-49138.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675530", "unsigned-49011.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675531", "thread-television.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675532", "anti-prairie.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675533", "pop-progressive.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675534", "prior-myspace.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675535", "secretstorage.linkpc.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675536", "experience-while.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675537", "pre-manga.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675538", "group-texts.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675539", "activities-strict.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675540", "Nitxwet4-32679.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675541", "toasterbread-51386.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-12-11 13:23:55", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675542", "parent-44871.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:55", "1675543", "koid-49965.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-12-12 18:39:28", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675513", "heart-nous.with.playit.plus", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675514", "reahall1-64014.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-12-12 18:39:28", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675515", "16.tcp.cpolar.top", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-12-12 18:39:28", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675516", "leake798-58959.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675517", "updates-pottery.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675518", "windowslonghorn-39122.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675519", "renziiiii-31544.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675520", "kwizygmd-60694.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675521", "places-booty.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675522", "dfhh783-35596.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675523", "miwee2-49793.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675524", "sun-mining.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675525", "22.tcp.vip.cpolar.cn", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675526", "entertainment-pirates.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675527", "senior-form.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:54", "1675528", "dufgdwgfy7f-64720.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:53", "1675508", "17.tcp.cpolar.top", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:53", "1675509", "killnetj231-48499.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:53", "1675510", "ayham123-31460.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:53", "1675511", "leake798-38723.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:23:53", "1675512", "fully-springfield.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:17:26", "1675507", "wild.ist0mpi1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 13:18:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 13:12:10", "1675480", "luicer-52197.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:10", "1675481", "svchost1.linkpc.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:10", "1675482", "5421hjvugfvuk.myftp.biz", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:09", "1675483", "ssasdasd34-63321.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:09", "1675484", "pearful-47873.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:09", "1675485", "envio2-12.dynuddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:08", "1675486", "yuseef-30448.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:08", "1675487", "draxo-57366.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:07", "1675488", "method-facing.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:07", "1675489", "request-painting.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:07", "1675490", "sdfsefesc-42790.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:06", "1675491", "sdfsefesc-61327.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:06", "1675492", "gdgfgded3-45458.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:05", "1675493", "gsad-53763.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:05", "1675494", "ercc-36107.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:04", "1675495", "dec-smooth.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:03", "1675496", "simpler-44964.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-12-11 13:23:53", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:03", "1675497", "forThePeople-58907.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:12:02", "1675498", "crucio-57843.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu" "2025-12-11 13:11:56", "1675356", "dktourandtaxi.in.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-11 08:30:58", "50", "https://bazaar.abuse.ch/browse/", "Js,RAT,RemcosRAT", "1", "OkV" "2025-12-11 13:11:55", "1675357", "malware.dktourandtaxi.in.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-11 08:30:58", "50", "https://bazaar.abuse.ch/browse/", "Js,RAT,RemcosRAT", "1", "OkV" "2025-12-11 13:08:12", "1675504", "soft.ha1fakos0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 13:09:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 12:55:19", "1675479", "joke.ha1fakos0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 13:01:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 12:50:12", "1675477", "syriatelsy.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 05:48:03", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-11 12:48:27", "1675476", "ely.ha1fakos0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 12:49:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 12:38:09", "1675475", "cyberknull.publicvm.com", "domain", "botnet_cc", "win.coinminer", "None", "Coinminer", "", "100", "", "CoinMiner", "0", "abuse_ch" "2025-12-11 12:37:45", "1675474", "core.ha1fakos0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 12:39:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 12:28:01", "1675473", "ocean.f1ippme7re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 12:29:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 12:21:39", "1675472", "lxp1.f1ippme7re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 12:24:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 12:15:29", "1675471", "flip.f1ippme7re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 12:17:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 12:12:45", "1675470", "field.f1ippme7re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 12:13:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 12:07:36", "1675469", "i1.bra9lupt5ev.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 12:09:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 11:57:12", "1675448", "fbk.bra9lupt5ev.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 11:59:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 11:50:35", "1675447", "tqe.bra9lupt5ev.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 11:53:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 11:47:22", "1675446", "f0.bra9lupt5ev.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 11:48:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 11:38:07", "1675445", "648.r0cketf2rm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 11:44:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 11:30:55", "1675444", "cdr.r0cketf2rm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 11:32:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 11:28:14", "1675443", "delta.r0cketf2rm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 11:28:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 11:17:56", "1675442", "letter.r0cketf2rm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 11:24:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 11:05:38", "1675441", "pixel.f1ukomki5s.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 11:09:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 10:57:51", "1675385", "mist.f1ukomki5s.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 11:00:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 10:52:40", "1675384", "wza.f1ukomki5s.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 10:47:27", "1675383", "bgmb.f1ukomki5s.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 10:50:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 10:44:43", "1675382", "5oj6.effu5rep7eh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 10:46:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 10:37:30", "1675381", "flame.effu5rep7eh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 10:42:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 10:27:29", "1675379", "byte.effu5rep7eh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 10:34:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 10:18:22", "1675378", "v8r7.effu5rep7eh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 10:23:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 10:02:57", "1675377", "omega.chel0be7upt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 10:06:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 09:58:18", "1675376", "rocket.chel0be7upt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 09:59:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 09:43:54", "1675375", "nzhr.chel0be7upt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 09:48:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 09:37:42", "1675374", "46.chel0be7upt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 09:43:56", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 09:28:00", "1675373", "gate.po5tr2diat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 09:30:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 09:20:40", "1675372", "fusion.po5tr2diat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 09:23:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 09:17:29", "1675371", "3i.po5tr2diat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 09:18:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 09:05:35", "1675370", "xk.po5tr2diat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 09:10:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 08:54:19", "1675368", "9pt.bu1gep2lest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 08:57:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 08:47:05", "1675364", "trace.bu1gep2lest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 08:54:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 08:34:11", "1675361", "boost.bu1gep2lest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 08:41:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 08:27:23", "1675358", "cxks9.bu1gep2lest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 08:27:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 08:17:41", "1675355", "5idt.c0rres5cour.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 08:18:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 08:08:17", "1675354", "njs.c0rres5cour.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-11 08:10:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 07:52:29", "1675335", "1f3.c0rres5cour.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 07:48:49", "1675334", "clear.c0rres5cour.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 07:37:28", "1675333", "zo.p2rtics2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 07:28:13", "1675330", "h27g.p2rtics2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 07:25:03", "1675329", "crest.p2rtics2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 07:15:24", "1675328", "friday-barbados.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-12-11 13:04:32", "50", "", "c2,xworm", "0", "juroots" "2025-12-11 07:14:46", "1675326", "godblessuswithmoney385.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-12-11 07:14:35", "1675325", "ssofhoseuegsgrfnuy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675305", "slpsrgpsrhojifdijy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675306", "srndndubsbsifurfd.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675307", "srndndubsbsifurfd.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675308", "srndndubsbsifurfd.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675309", "srndndubsbsifurfd.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675310", "srndndubsbsifurfda.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675311", "srndndubsbsifurfdf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675312", "srndndubsbsifurfdi.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675313", "srndndubsbsifurfdo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675314", "srndndubsbsifurfdt.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675315", "srndndubsbsifurfdy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675316", "ssofhoseuegsgrfnj.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675317", "ssofhoseuegsgrfnja.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675318", "ssofhoseuegsgrfnji.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675319", "ssofhoseuegsgrfnjo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675320", "ssofhoseuegsgrfnjt.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675321", "ssofhoseuegsgrfnu.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675322", "ssofhoseuegsgrfnu.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675323", "ssofhoseuegsgrfnu.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:34", "1675324", "ssofhoseuegsgrfnuf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675286", "sfiusihuisisifgmr.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675287", "sfiusihuisisifgmr.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675288", "sfiusihuisisifgmr.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675289", "sfiusihuisisifgmr.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675290", "sfiusihuisisifgmr.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675291", "sfiusihuisisifgmr.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675292", "sfiusihuisisifgmrf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675293", "sfiusihuisisifgmri.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675294", "sfiusihuisisifgmro.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675295", "sfiusihuisisifgmrt.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675296", "sfiusihuisisifgmry.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675297", "slpsrgpsrhojifdij.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675298", "slpsrgpsrhojifdij.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675299", "slpsrgpsrhojifdij.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675300", "slpsrgpsrhojifdija.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675301", "slpsrgpsrhojifdijf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675302", "slpsrgpsrhojifdiji.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675303", "slpsrgpsrhojifdijo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:33", "1675304", "slpsrgpsrhojifdijt.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675268", "nousiieiffgogogooi.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675269", "nousiieiffgogogooo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675270", "nousiieiffgogogoot.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675271", "nousiieiffgogogooy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675272", "seusiiusuiuifiuui.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675273", "seusiiusuiuifiuui.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675274", "seusiiusuiuifiuui.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675275", "seusiiusuiuifiuui.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675276", "seusiiusuiuifiuui.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675277", "seusiiusuiuifiuui.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675278", "seusiiusuiuifiuui.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675279", "seusiiusuiuifiuuia.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675280", "seusiiusuiuifiuuif.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675281", "seusiiusuiuifiuuii.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675282", "seusiiusuiuifiuuio.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675283", "seusiiusuiuifiuuit.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675284", "seusiiusuiuifiuuiy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:32", "1675285", "sfiusihuisisifgmr.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675248", "nnososoosjfeuhueua.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675249", "nnososoosjfeuhueuf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675250", "nnososoosjfeuhueui.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675251", "nnososoosjfeuhueuo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675252", "nnososoosjfeuhueut.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675253", "nnososoosjfeuhueuy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675254", "noeuaoenriusfiruu.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675255", "noeuaoenriusfiruu.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675256", "noeuaoenriusfiruu.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675257", "noeuaoenriusfiruua.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675258", "noeuaoenriusfiruuf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675259", "noeuaoenriusfiruui.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675260", "noeuaoenriusfiruuo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675261", "noeuaoenriusfiruut.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675262", "noeuaoenriusfiruuy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675263", "nousiieiffgogogoo.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675264", "nousiieiffgogogoo.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675265", "nousiieiffgogogoo.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675266", "nousiieiffgogogooa.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:31", "1675267", "nousiieiffgogogoof.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675229", "fuihaihueifnnnvndf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675230", "fuihaihueifnnnvndi.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675231", "fuihaihueifnnnvndo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675232", "fuihaihueifnnnvndt.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675233", "fuihaihueifnnnvndy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675234", "iuirshriuisruruuf.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675235", "iuirshriuisruruuf.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675236", "iuirshriuisruruuf.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675237", "iuirshriuisruruuf.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675238", "iuirshriuisruruufa.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675239", "iuirshriuisruruuff.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675240", "iuirshriuisruruufi.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675241", "iuirshriuisruruufo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675242", "iuirshriuisruruuft.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675243", "iuirshriuisruruufy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675244", "nnososoosjfeuhueu.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675245", "nnososoosjfeuhueu.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675246", "nnososoosjfeuhueu.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:30", "1675247", "nnososoosjfeuhueu.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675210", "fiiauediehduefuget.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675211", "fiiauediehduefugey.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675212", "fuaiuebndieufeufu.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675213", "fuaiuebndieufeufu.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675214", "fuaiuebndieufeufu.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675215", "fuaiuebndieufeufua.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675216", "fuaiuebndieufeufuf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675217", "fuaiuebndieufeufui.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675218", "fuaiuebndieufeufuo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675219", "fuaiuebndieufeufut.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675220", "fuaiuebndieufeufuy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675221", "fuihaihueifnnnvnd.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675222", "fuihaihueifnnnvnd.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675223", "fuihaihueifnnnvnd.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675224", "fuihaihueifnnnvnd.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675225", "fuihaihueifnnnvnd.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675226", "fuihaihueifnnnvnd.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675227", "fuihaihueifnnnvnd.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:29", "1675228", "fuihaihueifnnnvnda.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675190", "fihsifuiiusuiuduf.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675191", "fihsifuiiusuiuduf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675192", "fihsifuiiusuiuduf.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675193", "fihsifuiiusuiuduf.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675194", "fihsifuiiusuiuduf.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675195", "fihsifuiiusuiuduf.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675196", "fihsifuiiusuiudufa.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675197", "fihsifuiiusuiuduff.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675198", "fihsifuiiusuiudufi.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675199", "fihsifuiiusuiudufo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675200", "fihsifuiiusuiuduft.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675201", "fihsifuiiusuiudufy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675202", "fiiauediehduefuge.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675203", "fiiauediehduefuge.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675204", "fiiauediehduefuge.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675205", "fiiauediehduefuge.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675206", "fiiauediehduefugea.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675207", "fiiauediehduefugef.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675208", "fiiauediehduefugei.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:28", "1675209", "fiiauediehduefugeo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675172", "fieieienfsnirgrni.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675173", "fieieienfsnirgrni.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675174", "fieieienfsnirgrni.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675175", "fieieienfsnirgrni.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675176", "fieieienfsnirgrnia.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675177", "fieieienfsnirgrnif.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675178", "fieieienfsnirgrnii.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675179", "fieieienfsnirgrnio.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675180", "fieieienfsnirgrnit.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675181", "fieieienfsnirgrniy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675182", "fifiehsueuufidhfi.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675183", "fifiehsueuufidhfi.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675184", "fifiehsueuufidhfia.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675185", "fifiehsueuufidhfii.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675186", "fifiehsueuufidhfio.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675187", "fifiehsueuufidhfit.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675188", "fifiehsueuufidhfiy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:27", "1675189", "fihsifuiiusuiuduf.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675155", "eoroooskfogihisrg.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675156", "eoroooskfogihisrg.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675157", "eoroooskfogihisrg.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675158", "eoroooskfogihisrga.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675159", "eoroooskfogihisrgf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675160", "eoroooskfogihisrgi.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675161", "eoroooskfogihisrgo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675162", "eoroooskfogihisrgt.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675163", "eoroooskfogihisrgy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675164", "eseusiiusuiuifiuui.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675165", "esfiusihuisisifgmr.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675166", "eslpsrgpsrhojifdij.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675167", "esrndndubsbsifurfd.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675168", "essofhoseuegsgrfnu.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675169", "fieieienfsnirgrni.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675170", "fieieienfsnirgrni.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:26", "1675171", "fieieienfsnirgrni.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675137", "eiifngjfksisiufjfi.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675138", "eiifngjfksisiufjfo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675139", "eiifngjfksisiufjft.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675140", "eiifngjfksisiufjfy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675141", "eiuirshriuisruruuf.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675142", "ennososoosjfeuhueu.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675143", "enoeuaoenriusfiruu.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675144", "enousiieiffgogogoo.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675145", "eofihsishihiursgu.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675146", "eofihsishihiursgu.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675147", "eofihsishihiursgu.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675148", "eofihsishihiursgua.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675149", "eofihsishihiursguf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675150", "eofihsishihiursgui.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675151", "eofihsishihiursguo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675152", "eofihsishihiursgut.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675153", "eofihsishihiursguy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:25", "1675154", "eoroooskfogihisrg.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675120", "aiiaiafrzrueuedury.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675121", "eafeifieuuufufufuf.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675122", "eaiiaiafrzrueuedur.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675123", "eeiifngjfksisiufjf.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675124", "eeofihsishihiursgu.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675125", "eeoroooskfogihisrg.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675126", "efieieienfsnirgrni.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675127", "efifiehsueuufidhfi.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675128", "efihsifuiiusuiuduf.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675129", "efiiauediehduefuge.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675130", "efuaiuebndieufeufu.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675131", "efuihaihueifnnnvnd.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675132", "eiifngjfksisiufjf.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675133", "eiifngjfksisiufjf.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675134", "eiifngjfksisiufjf.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675135", "eiifngjfksisiufjfa.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:24", "1675136", "eiifngjfksisiufjff.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675101", "afeifieuuufufufuf.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675102", "afeifieuuufufufuf.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675103", "afeifieuuufufufuf.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675104", "afeifieuuufufufuf.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675105", "afeifieuuufufufufa.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675106", "afeifieuuufufufuff.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675107", "afeifieuuufufufufi.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675108", "afeifieuuufufufufo.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675109", "afeifieuuufufufuft.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675110", "afeifieuuufufufufy.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675111", "aiiaiafrzrueuedur.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675112", "aiiaiafrzrueuedur.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675113", "aiiaiafrzrueuedur.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675114", "aiiaiafrzrueuedur.net", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675115", "aiiaiafrzrueuedura.biz", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675116", "aiiaiafrzrueuedurf.in", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675117", "aiiaiafrzrueueduri.info", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675118", "aiiaiafrzrueueduro.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:14:23", "1675119", "aiiaiafrzrueuedurt.com", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-11 07:13:14", "1674864", "bounty.p2rtics2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 07:13:07", "1674856", "6hmcw0.sa.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-11 07:13:07", "1674857", "dxyiz.ru.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-11 07:13:07", "1674858", "e2bet-link.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-11 07:13:07", "1674859", "malware.6hmcw0.sa.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-11 07:13:07", "1674860", "malware.dxyiz.ru.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-11 07:13:07", "1674861", "malware.e2bet-link.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-11 07:13:07", "1674862", "phising.dxyiz.ru.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-11 07:13:07", "1674863", "sex.6hmcw0.sa.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-11 07:12:09", "1674849", "kissyou.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-11 07:12:09", "1674850", "syperzina52-35743.portmap.host", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-11 13:04:32", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-11 07:09:34", "1674845", "v4x.impa5sj0ke.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 07:01:50", "1674836", "jtt.impa5sj0ke.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 06:57:11", "1674751", "ma.impa5sj0ke.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 06:51:54", "1674733", "yessigmaurlahhahahfunnytypeshi67.wiped-protected.xyz", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-11 13:04:32", "100", "https://bazaar.abuse.ch/sample/3677cb257e0a44363a98879ab3570f48114f35cc10e340a861aae098dac34df3/", "QuasarRAT,RAT", "0", "abuse_ch" "2025-12-11 06:47:49", "1674732", "bqiy0.impa5sj0ke.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 06:47:14", "1674729", "microservice-update-s2-bucket.cc", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "None", "0", "abuse_ch" "2025-12-11 06:47:14", "1674730", "microservice-update-s1-bucket.cc", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "None", "0", "abuse_ch" "2025-12-11 06:47:14", "1674731", "s3-updatehub.cc", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "None", "0", "abuse_ch" "2025-12-11 06:37:35", "1674728", "bright.bwenina.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 06:29:50", "1674727", "sky.bwenina.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 06:26:40", "1674726", "river.bwenina.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 06:23:19", "1674725", "repositorylinux.publicvm.com", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "CVE-2025-55182,Mirai", "0", "abuse_ch" "2025-12-11 06:17:23", "1674724", "ember.bwenina.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 06:08:37", "1674723", "gamma.ep1che2ded.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-11 06:02:05", "1674704", "lora.con-ip.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-11 07:14:46", "100", "https://tria.ge/251211-c8k6jsgr9w", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-11 05:58:49", "1674703", "y5jyv.ep1che2ded.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 890