################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2025-12-05 03:27:36 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-12-05 03:27:36", "1667880", "wind.silverh1ll.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 03:29:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 03:17:19", "1667879", "fqz.silverh1ll.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 03:18:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 03:08:07", "1667877", "8q1qk.silverh1ll.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 03:10:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:58:17", "1667876", "cloud.silverh1ll.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:59:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:48:19", "1667874", "www.vxucqb.dpdns.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-05 02:47:57", "1667873", "leaf.s0ftbyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:49:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:37:40", "1667871", "spark.s0ftbyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:38:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:27:55", "1667870", "4vc.s0ftbyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:29:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:17:36", "1667868", "g5wyk.s0ftbyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:19:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:07:09", "1667867", "trail.softr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:08:28", "100", "None", "clearfake", "1", "ttakvam" "2025-12-05 01:57:24", "1667866", "light.softr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:58:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 01:47:12", "1667865", "house.softr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:48:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 01:37:41", "1667861", "ss7e.softr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:37:58", "100", "None", "clearfake", "1", "ttakvam" "2025-12-05 01:27:58", "1667860", "crest.riverl1ght.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:29:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 01:18:16", "1667859", "b0.riverl1ght.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:20:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 01:07:51", "1667858", "ox.riverl1ght.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:10:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:57:36", "1667857", "mist.riverl1ght.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:59:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:47:47", "1667856", "i2.windshift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:49:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:37:29", "1667855", "frost.windshift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:39:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:27:26", "1667854", "ma.windshift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:28:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:17:27", "1667851", "x5ust.windshift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:18:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:07:08", "1667850", "nova.brightf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:08:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 23:57:50", "1667843", "2lkz.brightf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:58:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 23:48:01", "1667842", "dawn.brightf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:49:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 23:37:45", "1667839", "bxq.brightf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:39:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 23:27:57", "1667838", "bd.brightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:29:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 23:17:39", "1667837", "bloom.brightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:19:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 23:07:18", "1667836", "gxjo.brightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:08:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 22:57:38", "1667805", "cliff.brightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:58:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 22:48:16", "1667804", "shift.stoneh0use.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:48:39", "100", "None", "clearfake", "1", "ttakvam" "2025-12-04 22:37:51", "1667803", "shadow.stoneh0use.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:39:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 22:28:03", "1667801", "v0k6.stoneh0use.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:29:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 22:17:47", "1667799", "hmo.stoneh0use.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:19:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 22:07:59", "1667798", "28.darkb1rd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:09:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:57:41", "1667797", "caiip.darkb1rd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:59:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:47:23", "1667796", "lake.darkb1rd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:47:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:38:00", "1667795", "forest.darkb1rd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:39:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:28:15", "1667794", "sunrise.deep0asis.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:29:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:16:54", "1667793", "4mjo.deep0asis.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:19:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:08:10", "1667790", "fev5.deep0asis.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:09:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:57:56", "1667788", "field.deep0asis.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:59:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:57:39", "1667786", "jjjgaasda.live", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/c6a83d4a310f3dbeaef1f73bfcbfc96d37856f2dbd32bbd1aa994ff7af15113c/", "None", "0", "abuse_ch" "2025-12-04 20:48:34", "1667785", "7p1e0901tm70n.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:02", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-04 20:48:06", "1667784", "alpha.ironbl0om.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:48:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:38:37", "1667781", "asmweosiqsaaw.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/0b1ecb1d5505123ee64955f4cca064997b0139a31a8bf199097c7ab3d61d6a91/", "None", "0", "abuse_ch" "2025-12-04 20:37:48", "1667780", "silent.ironbl0om.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:39:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:36:51", "1667779", "apdlive.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-12-04 20:27:54", "1667778", "quick.ironbl0om.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:28:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:23:14", "1667748", "nimbsjoa.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-12-04 19:00:57", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:23:09", "1667753", "deregulatedenergy.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:17:36", "1667777", "tmy.ironbl0om.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:19:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:07:51", "1667775", "vk8w.st0neleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:08:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 19:57:02", "1667762", "r4.st0neleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 19:58:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 19:47:39", "1667761", "fk3v.st0neleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 19:48:59", "100", "None", "clearfake", "1", "ttakvam" "2025-12-04 19:37:57", "1667758", "c1uo.st0neleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 19:39:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 19:28:08", "1667757", "nv47.dreamc0ast.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 19:17:51", "1667756", "nc.dreamc0ast.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 19:07:31", "1667755", "crystal.dreamc0ast.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:57:41", "1667746", "delta.dreamc0ast.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:48:28", "1667743", "ix9.cl0udramble.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:37:39", "1667733", "beta.cl0udramble.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:27:20", "1667732", "lyk4e.cl0udramble.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:18:05", "1667731", "ojlj.cl0udramble.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:08:15", "1667730", "auhf.sunsettrai1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:04:04", "1667729", "Xlnpe-21642.portmap.host", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2025-12-04 19:43:49", "100", "https://tria.ge/251204-pa3zxsgm81", "android,C2,domain,spynote,triage", "0", "DonPasci" "2025-12-04 18:03:46", "1667728", "major-barrier.gl.at.ply.gg", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://tria.ge/251204-rl7hlatpck", "C2,domain,neptunerat,rat,triage", "0", "DonPasci" "2025-12-04 18:02:21", "1667726", "making-council.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251204-ph5tgswjet", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-12-04 18:01:35", "1667725", "blessdx6m50isep.dynuddns.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251204-q6n2batmck", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-04 18:01:23", "1667723", "hackersda-46118.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251204-sdadkaymft", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-04 17:58:02", "1667721", "gamma.sunsettrai1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 17:49:41", "1667720", "dg.sunsettrai1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 17:39:51", "1667719", "g41i6.sunsettrai1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 17:27:34", "1667718", "s8.crystalriver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 17:17:16", "1667717", "8czk.crystalriver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 17:07:32", "1667716", "river.crystalriver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:57:25", "1667715", "dark.crystalriver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:47:08", "1667714", "7e.c0ldstream.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:37:50", "1667713", "myst.c0ldstream.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:28:01", "1667712", "xhmns.c0ldstream.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:17:45", "1667711", "qgvn.c0ldstream.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:07:25", "1667710", "ember.nightblossom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 15:57:39", "1667701", "bright.nightblossom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 15:47:30", "1667700", "sunny.nightblossom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 15:37:13", "1667699", "6hat8.nightblossom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 15:28:27", "1667698", "e4hf.stormpiece.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 15:17:10", "1667697", "dream.stormpiece.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 15:14:27", "1667696", "booksbypatriciaschultz.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 15:14:18", "1667695", "fsdtiototoitweot.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 15:09:03", "1667668", "mahleinc.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2025-12-04 14:08:43", "100", "https://infosec.exchange/@monitorsg/115661689031905300", "KongTuke", "0", "monitorsg" "2025-12-04 15:09:01", "1667672", "gqdbvlxq.suprifitas.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/464b97fc61b3df70c20552e03373f8b8b460e2028731114a1a1245c48e59a31b/", "None", "0", "burger" "2025-12-04 15:07:52", "1667689", "valley.stormpiece.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:58:02", "1667688", "flame.stormpiece.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:48:11", "1667686", "stone.l1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:37:25", "1667684", "og.l1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:27:39", "1667678", "lzsj.l1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:25:24", "1667675", "d4d.automanpk.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 14:25:24", "1667676", "d4d.aqarhoosh.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 14:17:28", "1667671", "gate.l1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:08:05", "1667666", "omega.shadowsprint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:58:19", "1667664", "gold.shadowsprint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:47:59", "1667663", "gui.shadowsprint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:38:09", "1667662", "bk.shadowsprint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:27:57", "1667661", "5g95w.brightpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:17:38", "1667659", "stream.brightpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:08:03", "1667658", "x78.brightpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:58:38", "1667655", "googlecret.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:08", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-04 12:57:59", "1667654", "2v2.space", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 19:48:31", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-04 12:57:36", "1667653", "09.brightpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:47:12", "1667652", "23ra.b2yh7ean.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:37:24", "1667651", "q7.b2yh7ean.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:28:11", "1667650", "xvv.b2yh7ean.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:18:04", "1667649", "twu.b2yh7ean.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:08:42", "1667648", "5b7q.d1sputl2b.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 12:08:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:57:41", "1667642", "s9o.d1sputl2b.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:47:56", "1667641", "64m.d1sputl2b.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:43:36", "1667640", "profyfk.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-12-04 11:37:34", "1667633", "mb3.d1sputl2b.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:27:16", "1667632", "prqkv.ma5kd7unk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:17:25", "1667630", "a83.ma5kd7unk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:08:24", "1667628", "zpj.ma5kd7unk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:58:03", "1667601", "zp3.ma5kd7unk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:47:50", "1667600", "vfzkj.f1owreci7at.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:38:03", "1667599", "cloud.f1owreci7at.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:27:45", "1667598", "q4g.f1owreci7at.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:17:56", "1667597", "dp.f1owreci7at.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:07:34", "1667596", "work.c0mpen5ducky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:57:11", "1667587", "5g.c0mpen5ducky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:48:27", "1667586", "9bg.c0mpen5ducky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:37:11", "1667585", "qc6.c0mpen5ducky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:27:55", "1667584", "gold.cr2ckka7bas.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:18:39", "1667583", "sgxv.cr2ckka7bas.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:07:47", "1667582", "qu.cr2ckka7bas.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 08:57:58", "1667579", "cb.cr2ckka7bas.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 08:56:13", "1667556", "test.my-video-live.cloud", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:11", "1667565", "mail.geo-home.rw", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:10", "1667568", "meet.giooga.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:09", "1667570", "update.giooga.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:47:38", "1667573", "sh.get5tu6ents.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 08:37:18", "1667571", "l2l64.get5tu6ents.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 08:21:43", "1667558", "xrt.automanpk.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:43", "1667559", "xrt.abalawi.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:20:21", "1667548", "cwkx.get5tu6ents.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 08:08:07", "1667530", "z5g4.get5tu6ents.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 07:58:56", "1667505", "ihatemylife.racist.black", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://bazaar.abuse.ch/sample/426d84fd6dea5e277999691fd2c0e0b3f65747ffe309d2437ed8983bc3c2da92/", "Hailbot", "0", "abuse_ch" "2025-12-04 07:57:46", "1667504", "jtg7.lano5cho0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 07:56:36", "1667503", "ilovephysics.48101.online", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://bazaar.abuse.ch/sample/97cd8fe6659fd021a9649cca3bad2c7512fdd3b0b0907c93f097222980771361/", "Hailbot,Mirai", "0", "abuse_ch" "2025-12-04 07:47:56", "1667501", "8ny.lano5cho0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 07:57:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 07:40:22", "1667500", "unitedpowerrangers2025.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/adb9b24067cca8b16838ec25ccc1eb81b289820243e3cd5edde4788633c18746/", "xworm", "0", "abuse_ch" "2025-12-04 07:37:38", "1667498", "97.lano5cho0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 07:27:50", "1667496", "3ut0.lano5cho0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 07:17:35", "1667495", "flmw6.d7um0wl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 07:08:18", "1667494", "bold.d7um0wl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:57:27", "1667493", "l6e.d7um0wl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:50:09", "1667491", "20250703.cmgsx.top", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-04 06:47:12", "1667490", "zd0m.d7um0wl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:45:50", "1667489", "0bot.qzz.io", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-12-04 06:50:24", "100", "https://bazaar.abuse.ch/sample/9f64ea43d9ba0bed705b94251dfbcdc596fc594df8c0d94c512e4573c55b30e5/", "Mirai", "0", "abuse_ch" "2025-12-04 06:36:48", "1667486", "ok.intr0dki5h.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:36:44", "1667485", "cryptoenjoyers.anondns.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/21ac5563cde511f024577ec38b888745db32793e8b7f54228d2c3cce67d0502c/", "CoinMiner", "0", "abuse_ch" "2025-12-04 06:34:05", "1667484", "b3ry.bounceme.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://bazaar.abuse.ch/sample/14fb9997a02cd65be6dd6422c5109b6bafa0fb306135c2b799500360fd936d54/", "Mirai", "0", "abuse_ch" "2025-12-04 06:28:27", "1667482", "tyq.intr0dki5h.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:17:43", "1667481", "m3i.intr0dki5h.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:09:47", "1667153", "safepal.in.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 22:58:18", "75", "https://www.filescan.io/uploads/693099d7856673a0547e11bc/reports/e45857cf-8057-48f1-b4f4-1f9cddcab5df/overview", "c2,Quasar,quasarrat,RAT", "1", "drizenc" "2025-12-04 06:09:45", "1667183", "email.whyyoushouldwalk.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/115658381128024161", "SocGholish", "0", "monitorsg" "2025-12-04 06:09:43", "1667427", "tuc.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://www.virustotal.com/gui/file/1a21e2a177f3a22bf947624c6f7c7f51a674a7e8acfa355b996ba3ae81a0e0a8", "asyncrat,c2", "0", "Amethyste" "2025-12-04 06:07:58", "1667477", "night.intr0dki5h.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:01:54", "1667475", "susanamadre.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251204-aw74faas9e", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-04 06:01:26", "1667474", "ssxzxz.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251204-dyzrmacn7y", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-04 05:57:38", "1667472", "rkrse.be5isg2uze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 06:02:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 05:47:18", "1667471", "nq5.be5isg2uze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 05:37:32", "1667470", "trace.be5isg2uze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 05:28:15", "1667469", "xl978.be5isg2uze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 05:18:21", "1667464", "quick.inf0rmmou7n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 05:07:59", "1667462", "2oh5.inf0rmmou7n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:57:57", "1667461", "vhm7.inf0rmmou7n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:47:39", "1667460", "osn.inf0rmmou7n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:37:47", "1667459", "yo3.n2zemt0ler.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:27:32", "1667458", "xr.n2zemt0ler.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:17:43", "1667457", "mint.n2zemt0ler.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:07:50", "1667456", "6c5k.n2zemt0ler.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:02:58", "1667450", "aighk.it.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-04 11:01:29", "100", "https://search.censys.io/hosts/172.67.183.143+aighk.it.com", "AS13335,C2,censys,CLOUDFLARENET,Havoc", "0", "DonPasci" "2025-12-04 03:58:12", "1667443", "nk.d0nit7then.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 03:56:58", "1667441", "s1.auv.one", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:17", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-04 03:56:58", "1667442", "s1.biodog.dpdns.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:17", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-04 03:47:16", "1667440", "ecve.d0nit7then.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 03:37:59", "1667438", "rwp.d0nit7then.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 03:27:38", "1667437", "spark.d0nit7then.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 03:18:29", "1667436", "hzqp.ar2kchd1ans.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 03:07:35", "1667435", "2vo6.ar2kchd1ans.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:57:19", "1667433", "h83d8.ar2kchd1ans.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:47:39", "1667432", "da.ar2kchd1ans.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:38:15", "1667431", "d6.gend2rlu1l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:27:35", "1667430", "7dm.gend2rlu1l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:18:13", "1667429", "ut2.gend2rlu1l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:07:59", "1667428", "sky.gend2rlu1l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:58:26", "1667425", "31.getp0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:48:16", "1667424", "owl.getp0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:38:05", "1667423", "wind.getp0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:27:34", "1667422", "ex.getp0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:18:23", "1667421", "5o.8oodt1me.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:07:57", "1667420", "l8iwt.8oodt1me.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:58:10", "1667198", "soft.8oodt1me.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:48:17", "1667189", "cloudy.8oodt1me.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:38:05", "1667188", "rrc.nevp0yob5tet.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:27:44", "1667187", "qr4z.nevp0yob5tet.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:17:27", "1667186", "wild.nevp0yob5tet.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:07:37", "1667184", "gate.nevp0yob5tet.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 23:57:19", "1667175", "fox.rub1er5ane.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 23:47:31", "1667174", "stone.rub1er5ane.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 23:38:20", "1667173", "group.rub1er5ane.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 23:28:03", "1667172", "hip.rub1er5ane.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 23:18:10", "1667171", "dw.ant1er5noos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 23:07:53", "1667170", "deep.ant1er5noos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:57:35", "1667155", "22754.ant1er5noos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:47:46", "1667154", "5k.ant1er5noos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:39:30", "1667149", "hollow.c0uperu8nia.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:27:39", "1667146", "ridge.c0uperu8nia.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:18:23", "1667141", "b3fas.c0uperu8nia.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:08:15", "1667140", "3vc.c0uperu8nia.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 22:13:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:56:53", "1667139", "valley.r2dire5our.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 22:07:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:48:47", "1667138", "light.r2dire5our.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:37:52", "1667137", "coast.r2dire5our.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:28:05", "1667136", "clear.r2dire5our.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:17:42", "1667135", "gamma.rainb0rne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:07:19", "1667134", "h4v.rainb0rne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:57:36", "1667133", "bdmqf.rainb0rne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:47:43", "1667132", "owl.rainb0rne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:37:59", "1667131", "o5.mystleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:28:12", "1667130", "sck.mystleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:17:57", "1667129", "gate.mystleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:08:08", "1667128", "85y.mystleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:02:24", "1667120", "packgerrr.testingweblink.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-03 23:00:46", "100", "https://search.censys.io/hosts/188.166.156.56+packgerrr.testingweblink.com", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-12-03 20:02:23", "1667119", "ngylp.testingweblink.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-03 23:00:46", "100", "https://search.censys.io/hosts/188.166.156.56+ngylp.testingweblink.com", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-12-03 19:57:45", "1667103", "1w.br1ghtlake.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 19:47:29", "1667102", "gold.br1ghtlake.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 19:37:43", "1667099", "uun3l.br1ghtlake.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 19:44:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 19:28:27", "1667097", "bold.br1ghtlake.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 19:19:26", "1667093", "territorycaption.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "https://bazaar.abuse.ch/sample/1a4279bf33cd9302c4aae6e05ff9d9ef2de1ddc83da1518a8a2f84d241873f9a/", "OffLoader", "0", "abuse_ch" "2025-12-03 19:17:05", "1667092", "hvug.deepvalley.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 19:07:18", "1667087", "nova.deepvalley.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:57:54", "1667085", "cloud.deepvalley.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:47:45", "1667079", "hq82.deepvalley.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:37:56", "1667077", "rain.silentcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:27:36", "1667076", "8tx1k.silentcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:17:54", "1667075", "6zq.silentcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:07:32", "1667074", "silent.silentcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:01:39", "1667073", "xxblessingswealthyblessedman.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-03 18:01:40", "100", "https://tria.ge/251203-rmj4padj6t", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 18:01:25", "1667071", "leading-mass.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251203-vga6da1nex", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-03 17:57:11", "1667070", "daty.cloudr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:48:26", "1667069", "f6o.cloudr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:44:11", "1667066", "night.cloudr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:37:57", "1667065", "bo4m7.cloudr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:35:20", "1667064", "hollow.sunr1dge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:31:08", "1667063", "cliff.sunr1dge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:32:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:27:57", "1667062", "xgp.sunr1dge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:28:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:17:40", "1667061", "myst.sunr1dge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:24:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:08:59", "1667060", "f96.f1recliff.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:11:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:05:47", "1667059", "crest.f1recliff.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:08:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:57:21", "1667058", "2y5a.f1recliff.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:04:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:45:50", "1667055", "kfhdx.f1recliff.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 16:49:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:44:49", "1667052", "kalongo.ru", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-12-03 16:39:07", "1667050", "field.l1ghtforest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 16:41:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:31:27", "1667043", "tiny-queen-ada8.mowal67825.workers.dev", "domain", "botnet_cc", "win.smokedham", "None", "SMOKEDHAM", "", "100", "None", "c2,SMOKEDHAM", "0", "pancak3lullz" "2025-12-03 16:25:30", "1667048", "valley.l1ghtforest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 16:35:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:10:15", "1667047", "m22u9.l1ghtforest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 16:14:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:06:09", "1667042", "flame.l1ghtforest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 16:10:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:00:17", "1667030", "reasonachiever.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-12-03 16:00:17", "1667031", "workradihleba.live", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-12-03 15:57:55", "1667029", "dhi.windc0ve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 15:48:15", "1667028", "anr8p.windc0ve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 15:52:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 15:45:37", "1667006", "cpanel.succeedwithaffiliatemarketing.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/115656273471277964", "SocGholish", "0", "monitorsg" "2025-12-03 15:45:37", "1667009", "mossyden2011.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/d41701aa-8f4d-4b1e-9522-4c1c3d0d6892", "MaskGramStealer", "0", "burger" "2025-12-03 15:34:53", "1667027", "td2qd.windc0ve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 15:36:35", "100", "None", "clearfake", "1", "ttakvam" "2025-12-03 15:23:23", "1667008", "sz0.windc0ve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 15:26:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 15:12:48", "1667007", "4f.softshadow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 15:18:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 15:02:21", "1666988", "k0h.softshadow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 15:10:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:56:17", "1666981", "wew.automanpk.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 14:56:17", "1666982", "wew.abalawi.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 14:55:08", "1666978", "sunrise.softshadow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:58:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:51:27", "1666977", "clear.softshadow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:48:05", "1666975", "4rx0l.skyhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:48:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:46:43", "1666973", "deathshop.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-12-03 14:45:03", "1666972", "pe2.skyhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:38:16", "1666970", "fox.skyhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:40:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:30:04", "1666969", "forest.skyhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:33:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:24:48", "1666968", "k8yq6.ch2pernev0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:26:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:20:08", "1666967", "trace.ch2pernev0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:22:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:18:52", "1666966", "screwbirth.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "Offstealer", "0", "abuse_ch" "2025-12-03 14:12:51", "1666965", "gate.ch2pernev0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:18:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:07:04", "1666959", "iao3.ch2pernev0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:06:37", "1666958", "qqplive.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-12-03 14:02:29", "1666955", "t4r7.chimef2ce1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:58:22", "1666954", "r6tb5.chimef2ce1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:59:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:43:40", "1666953", "1yoye.chimef2ce1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:43:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:39:35", "1666952", "ts.chimef2ce1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:31:20", "1666950", "28xt8.id1otre5ist.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:36:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:27:07", "1666949", "mint.id1otre5ist.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:29:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:11:14", "1666948", "aehz.id1otre5ist.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:16:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:03:55", "1666947", "p9.id1otre5ist.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:01:45", "1666946", "j0.f1y5agacious.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:02:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:58:05", "1666945", "vdf.f1y5agacious.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:54:09", "1666942", "xeno-roblox.lol", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "stealer", "0", "burger" "2025-12-03 12:54:09", "1666944", "vqjhg08j-5500.euw.devtunnels.ms", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/dc8fb465d9b20ffd3e35e6b505ccd3ba82eb752f7ee2840a13ff4975dfaacaca/", "AgentTesla", "0", "burger" "2025-12-03 12:47:48", "1666943", "e9.f1y5agacious.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:51:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:33:30", "1666941", "soft.f1y5agacious.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:40:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:24:39", "1666938", "bgh8.1ndu5trinsh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:29:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:20:33", "1666937", "gma.1ndu5trinsh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:22:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:16:20", "1666936", "ijry.1ndu5trinsh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:11:30", "1666935", "6nb.1ndu5trinsh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:15:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:08:31", "1666934", "n9.0prichpe7ch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:11:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:01:41", "1666930", "vuloinsioscollid.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-jhysaawrcn", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:41", "1666931", "tallymostfavor.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-jhysaawrcn", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:40", "1666927", "playercollectionpros.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-j2xz4axkcq", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:40", "1666928", "valueforcollections.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-j2xz4axkcq", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:40", "1666929", "manymandyills.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-jhysaawrcn", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:39", "1666926", "practicalplayercontact.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-j2xz4axkcq", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:24", "1666924", "you-friends.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251203-m7c4nawlfw", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-03 12:01:11", "1666922", "qqes.0prichpe7ch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:03:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:54:27", "1666921", "24.0prichpe7ch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:56:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:46:11", "1666920", "e1.0prichpe7ch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:52:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:37:56", "1666919", "delta.lo0kferti1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:40:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:28:06", "1666918", "4dh11.lo0kferti1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:35:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:17:48", "1666917", "0yna.lo0kferti1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:20:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:09:52", "1666916", "86.lo0kferti1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:11:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:05:32", "1666915", "tw926.lu8eti5chkom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:05:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:57:36", "1666901", "sa.lu8eti5chkom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:59:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:47:20", "1666900", "kbrx.lu8eti5chkom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:51:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:44:15", "1666899", "wf.lu8eti5chkom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:46:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:41:03", "1666897", "ndcwsww.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "c2,SetcodeRat", "0", "juroots" "2025-12-03 10:41:03", "1666898", "xiongdaylf.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "c2,SetcodeRat", "0", "juroots" "2025-12-03 10:41:02", "1666895", "xionger.cc", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "c2,SetcodeRat", "0", "juroots" "2025-12-03 10:41:02", "1666896", "ssllndac.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "c2,SetcodeRat", "0", "juroots" "2025-12-03 10:36:21", "1666890", "oj.c1ubmel0dic.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:31:37", "1666886", "dsourceva.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-12-03 10:27:00", "1666889", "aq.c1ubmel0dic.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:31:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:17:23", "1666885", "4p2h.c1ubmel0dic.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:18:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:07:55", "1666884", "47.c1ubmel0dic.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:14:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:04:28", "1666883", "631cf.ant1d5ulphur.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:07:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:55:34", "1666882", "llosj.ant1d5ulphur.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:59:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:51:57", "1666881", "1y6v.ant1d5ulphur.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:53:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:47:43", "1666880", "vzfk0.ant1d5ulphur.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:51:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:38:29", "1666879", "ur.b1eedu4yuk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:42:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:34:42", "1666878", "p2.b1eedu4yuk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:37:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:29:56", "1666877", "i4qt.b1eedu4yuk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:34:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:26:17", "1666876", "i2t0.b1eedu4yuk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:29:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:22:32", "1666875", "66nx.bep0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:23:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:17:27", "1666874", "m3edx.bep0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:21:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:13:10", "1666873", "7yya2.bep0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:07:28", "1666871", "xi.bep0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:10:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:58:11", "1666870", "ao2.bul1upd2ted.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:00:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:47:52", "1666863", "596y.bul1upd2ted.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:49:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:45:22", "1666860", "flowbilding.ydns.eu", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/e9a2e9ce85efba103622a6abf25c4e0d280eb5ca8012e43db46b5394b8a1db10/", "quasar", "0", "abuse_ch" "2025-12-03 08:42:30", "1666857", "qppe.bul1upd2ted.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:43:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:38:12", "1666856", "ewp3.bul1upd2ted.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:42:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:33:49", "1666844", "skt.automanpk.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:33:49", "1666845", "skt.abalawi.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:33:49", "1666846", "sk.ti.milkos.gr", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:28:09", "1666833", "clear.kira5l2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:30:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:21:53", "1666832", "bold.kira5l2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:27:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:18:04", "1666831", "mnt.kira5l2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:20:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:07:22", "1666830", "h2t.kira5l2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:16:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:56:45", "1666810", "black.racist.black", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-12-04 07:58:56", "100", "https://bazaar.abuse.ch/sample/c48e7e301c663a0edc7a4372d7e1fcf837c0a5c4a56bfc1f8c2c7e2e2b7ccf8a/", "Hailbot,Mirai", "0", "abuse_ch" "2025-12-03 07:56:32", "1666808", "xe.ap2rthyub2n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:58:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:48:17", "1666806", "3gaz.ap2rthyub2n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:51:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:42:33", "1666803", "6cyd.ap2rthyub2n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:46:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:37:19", "1666802", "guard.ap2rthyub2n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:40:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:30:22", "1666801", "transamadocollections.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/68b20156f91380f18d34a84d51f7be308c494edebf353462331b3eb2212cd953/", "xworm", "0", "abuse_ch" "2025-12-03 07:30:21", "1666800", "forsizillenazzlle.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/68b20156f91380f18d34a84d51f7be308c494edebf353462331b3eb2212cd953/", "xworm", "0", "abuse_ch" "2025-12-03 07:25:59", "1666799", "4bv1v.sl0bozh5treak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:20:15", "1666797", "4j.sl0bozh5treak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:25:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:15:29", "1666796", "xword3.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/85a1f1233894080f2ad174004d240fec588ec2c941824f71ca10b4e65602b50b/", "xworm", "0", "abuse_ch" "2025-12-03 07:15:27", "1666795", "xword1.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/bd1c03ebbcedd44270163b446545ccb9eae0cbc918f640e1c5ae339410ea7a1e/", "xworm", "0", "abuse_ch" "2025-12-03 07:14:49", "1666322", "midiavideostv.click", "domain", "botnet_cc", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:48", "1666323", "cargafactura.life", "domain", "botnet_cc", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:48", "1666325", "url27.shop", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:48", "1666326", "adbd.tech", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:47", "1666327", "archivosdwn.cloud", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:47", "1666328", "cfdimex.cloud", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:47", "1666330", "facturas.co.in", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:46", "1666329", "facturacioncontable.com", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:45", "1666331", "facturasm.cloud", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:45", "1666332", "facturasmex.cloud", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:44", "1666333", "satventasfac.tech", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:44", "1666334", "starlinkspacex.com.br", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "2025-12-02 19:49:35", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:43", "1666335", "ventasmex123.com.mx", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:42", "1666336", "salvec.tech", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:40", "1666337", "archivesautomacion.ddns.net", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:38", "1666399", "bgfi-groupe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/195.24.237.60+bgfi-groupe.com", "AS60223,C2,censys", "0", "dyingbreeds_" "2025-12-03 07:14:27", "1666741", "dcragonz.sa.com", "domain", "botnet_cc", "win.vanillarat", "None", "vanillarat", "", "75", "https://www.virustotal.com/gui/domain/dcragonz.sa.com", "c2,vanillrat", "0", "Amethyste" "2025-12-03 07:07:50", "1666794", "ctfi.sl0bozh5treak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:09:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:04:40", "1666793", "3js3.sl0bozh5treak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:03:26", "1666792", "salespe.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-12-03 07:02:39", "1666790", "mpannukwugaegbummadu.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-12-03 07:02:06", "1666789", "crystal.adv0cal1egat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:02:03", "1666786", "srv1200.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-03 07:02:03", "1666787", "srv1300.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-03 07:02:03", "1666788", "srv1400.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-03 07:02:02", "1666785", "srv1000.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-03 07:01:20", "1666771", "phising.vn168.im", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-12-03 07:01:20", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666772", "sex.55clubz.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666773", "sex.aml-bot.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666774", "sex.diamondtechnologies.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666775", "sex.jobdekho.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666776", "sex.jujutsukaisenmanga.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666777", "sex.updos.uk.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666778", "sex.vn168.casa", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666779", "sex.vn168.im", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666780", "socolivezs.ca", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666781", "v2.socolivezs.ca", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666782", "v2.visioncomputer.inleeakali", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-12-03 07:01:20", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666783", "v3.socolivezs.ca", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666784", "v3.visioncomputer.inleeakali", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666755", "55clubz.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666756", "akska22323.dynuddns.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666757", "aml-bot.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666758", "cc.vn168.im", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666759", "diamondtechnologies.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666760", "dunntstars.duckdns.org", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666761", "jobdekho.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666762", "malware.55clubz.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666763", "malware.aml-bot.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666764", "malware.diamondtechnologies.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666765", "malware.jobdekho.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666766", "malware.jujutsukaisenmanga.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666767", "malware.updos.uk.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-12-03 07:01:20", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666768", "malware.vn168.casa", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-12-03 07:01:20", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666769", "malware.vn168.im", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666770", "phising.diamondtechnologies.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:00:56", "1666753", "www.xlz.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:56", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:56", "1666754", "www.xoilac.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:56", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666746", "91p.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:55", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666747", "ck.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:55", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666748", "dooeys.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666749", "gatex.dooeys.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666750", "soco.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:55", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666751", "www.xl365.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:56", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666752", "www.xlvi.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:56", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 06:55:46", "1666743", "flame.adv0cal1egat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:01:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:47:32", "1666742", "shadow.adv0cal1egat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:48:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:37:57", "1666740", "qkp.adv0cal1egat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:39:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:34:44", "1666739", "qyjs.c2rndiv1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:36:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:27:22", "1666738", "6far5.c2rndiv1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:28:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:20:03", "1666737", "river.c2rndiv1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:17:41", "1666736", "coast.c2rndiv1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:19:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:14:16", "1666735", "gd5do.b2rvshap0v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:15:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:08:28", "1666731", "atd.b2rvshap0v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:03:49", "1666730", "fexgmail.zapto.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2025-12-03 07:01:43", "100", "https://tria.ge/251203-btqxta1jcs", "C2,domain,nanocore,rat,triage", "0", "DonPasci" "2025-12-03 06:02:07", "1666728", "4ycip.b2rvshap0v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:02:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:02:00", "1666725", "copyright-closed-communication-monster.trycloudflare.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251203-ee6w9stqap", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-12-03 06:02:00", "1666726", "types-pleasant.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 07:02:23", "100", "https://tria.ge/251203-ed3s8aem4w", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-12-03 06:02:00", "1666727", "my-client.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251203-cqvx2a1mcx", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-12-03 06:01:40", "1666724", "proxaa23w.kozow.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251203-dxyg6shw5e", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-03 06:01:12", "1666722", "smayham.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251203-e5bh2svjep", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-03 05:57:00", "1666720", "secure.b2rvshap0v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:01:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:48:13", "1666719", "pql.pu5herw0man.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 05:50:20", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:37:53", "1666718", "gp.pu5herw0man.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 05:47:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:31:35", "1666713", "b2b.pu5herw0man.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:27:32", "1666712", "omega.pu5herw0man.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:17:38", "1666710", "uno.dicti0nvica1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 05:23:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:07:17", "1666709", "2i.dicti0nvica1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 05:09:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:04:40", "1666708", "i6.dicti0nvica1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:57:26", "1666707", "fuxb.dicti0nvica1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 05:03:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:51:10", "1666706", "7anki.p7ecunder8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:57:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:48:28", "1666705", "bright.p7ecunder8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:49:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:38:07", "1666704", "pixel.p7ecunder8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:40:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:27:47", "1666514", "3x7.p7ecunder8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:29:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:18:22", "1666512", "a64.f1auntre6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:20:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:07:46", "1666511", "cpy.f1auntre6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:13:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:02:36", "1666507", "9dv8.f1auntre6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:04:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 03:59:50", "1666467", "magic.f1auntre6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 03:55:36", "1666466", "9ujw.de5criptun1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 03:51:22", "1666465", "pw0kt.de5criptun1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 03:54:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 03:47:48", "1666463", "7jb.de5criptun1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 03:49:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 03:37:22", "1666462", "amber.de5criptun1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 03:40:40", "100", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 473