################################################################
# ThreatFox IOCs: recent domains - CSV format                  #
# Last updated: 2025-12-14 13:27:19 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2025-12-14 13:27:19", "1678879", "stream3.datash1ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 13:18:06", "1678878", "delta.datash1ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 13:24:24", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 13:08:17", "1678677", "zen.cloudv1be.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 13:09:36", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:58:03", "1678676", "altos.cloudv1be.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:59:36", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:47:37", "1678674", "nimbus5.cloudv1be.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:48:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:37:53", "1678673", "cirrus.cloudv1be.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:39:07", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:27:37", "1678672", "6ifg.mistybyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:34:29", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:17:18", "1678671", "whx.mistybyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:19:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:07:32", "1678670", "tq.mistybyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:09:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:01:19", "1678666", "ekmeowprogram.ddns.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251214-ns8gpaxpdt", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-12-14 12:01:06", "1678665", "app.castlerocks.za.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-14 12:01:07", "100", "https://tria.ge/251214-h48nyaslfj", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-12-14 12:00:26", "1678659", "n7xbtfikx.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251214-jdjskaslfq", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-14 12:00:25", "1678658", "ellu2222-37691.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251214-la1m1sfw6c", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-14 12:00:22", "1678657", "S2eeka-62143.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-12-14 12:00:24", "100", "https://tria.ge/251214-n1qlvaxqav", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-14 11:58:14", "1678656", "rock.mistybyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:04:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 11:47:24", "1678652", "jq.darkbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 11:48:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 11:39:30", "1678613", "castlerocks.za.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://www.capesandbox.com/analysis/44589/", "AsyncRAT,botnet,c2,Dcrat", "0", "Amethyste"
"2025-12-14 11:35:00", "1678651", "byte.darkbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 11:42:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 11:26:46", "1678650", "hog.darkbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 11:28:09", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 11:17:02", "1678649", "4n.darkbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 11:18:43", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 11:00:37", "1678642", "crest.rockstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 11:02:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:57:24", "1678640", "mist.rockstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:58:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:47:39", "1678639", "5wnc.rockstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:52:44", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:37:23", "1678638", "delta.rockstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:38:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:27:03", "1678637", "ab.clearl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:32:10", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:17:10", "1678636", "nexus.clearl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:23:52", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:05:05", "1678635", "wt.clearl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:10:16", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:57:52", "1678634", "lj.clearl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:58:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:47:30", "1678633", "po1y8.windst0ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:48:23", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:37:44", "1678632", "hfe.windst0ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:44:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:28:27", "1678631", "556.windst0ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:30:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:17:38", "1678630", "gc31.windst0ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:25:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:09:18", "1678629", "field.wild5ky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:10:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:57:03", "1678628", "13rv.wild5ky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:07:24", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:47:09", "1678627", "63oi.wild5ky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 08:49:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:37:56", "1678625", "q5.wild5ky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 08:43:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:28:04", "1678624", "ember.bluef1re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 08:29:20", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:18:01", "1678623", "trace.bluef1re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 08:19:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:07:29", "1678622", "clear.bluef1re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 08:09:06", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 07:57:43", "1678614", "beta.bluef1re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:59:02", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 07:47:26", "1678612", "mcx.deepcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:49:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 07:46:23", "1678611", "w2li.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "abuse_ch"
"2025-12-14 07:37:09", "1678600", "wqu5.deepcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:38:51", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 07:27:23", "1678599", "wind.deepcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:33:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 07:18:55", "1678598", "5nr.deepcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:19:17", "100", "None", "clearfake", "1", "ttakvam"
"2025-12-14 07:16:58", "1678597", "myrepis.gd", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://bazaar.abuse.ch/sample/80809b3c28022cad38c37667c082ed755561f7d5bfd5cf6415cb6bf0211a2e2a/", "Mirai", "0", "abuse_ch"
"2025-12-14 07:07:22", "1678593", "yminsgdb.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://bazaar.abuse.ch/sample/00949bc1410a9bd508bfb5fa6723e64292a79557531745247bc9c72359a7d1c1/", "RAT,ValleyRAT", "0", "abuse_ch"
"2025-12-14 07:06:44", "1678592", "9q.raincr5st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:10:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 07:03:24", "1678590", "clothcrib.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch"
"2025-12-14 07:03:24", "1678591", "ricestar.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch"
"2025-12-14 07:01:35", "1678588", "relays.buziopoasbubu.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://bazaar.abuse.ch/sample/8f19d0c3444439ed0550153d6c8943ca343154706e473cd7f3458f7f82880c7d/", "ConnectWise,ScreenConnect", "0", "abuse_ch"
"2025-12-14 07:01:35", "1678589", "app.buziopoasbubu.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://bazaar.abuse.ch/sample/8f19d0c3444439ed0550153d6c8943ca343154706e473cd7f3458f7f82880c7d/", "ConnectWise,ScreenConnect", "0", "abuse_ch"
"2025-12-14 06:58:58", "1678586", "romeroaktorpalimpsest.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/e2754bc0876932908aaeecb3479ee8e8d42a298268e32fc096310c520b0c02ac/", "ClickFix,DeerStealer", "0", "abuse_ch"
"2025-12-14 06:57:54", "1678585", "wave.raincr5st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:00:04", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:47:40", "1678584", "mizh.raincr5st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 06:48:07", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:37:20", "1678582", "qtf.raincr5st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 06:38:33", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:27:31", "1678581", "wkt.softmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 06:33:42", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:17:16", "1678580", "y4uhk.softmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 06:19:05", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:08:00", "1678578", "soft.softmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 06:09:42", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:02:03", "1678577", "hellober-62592.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251214-becfwacm6t", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-12-14 06:00:15", "1678575", "4tqikdkjp.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251214-anerxscj3w", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-14 05:57:13", "1678574", "84u.softmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:58:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 05:48:06", "1678573", "repositorylinux.site", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "CVE-2025-55182", "0", "abuse_ch"
"2025-12-14 05:47:56", "1678572", "cloud.stormf0x.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:54:30", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 05:37:05", "1678571", "mint.stormf0x.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:39:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 05:26:08", "1678535", "tvlounge.aw", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://analytics.dugganusa.com", "None", "0", "duggusa"
"2025-12-14 05:26:08", "1678536", "associacaodejudosi.org", "domain", "payload_delivery", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://analytics.dugganusa.com", "None", "0", "duggusa"
"2025-12-14 05:26:07", "1678537", "asos1.net", "domain", "payload_delivery", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://analytics.dugganusa.com", "None", "0", "duggusa"
"2025-12-14 05:26:07", "1678542", "microsoft.shopmzx.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-12-14 06:01:52", "100", "https://bazaar.abuse.ch/sample/e36f23a8fa59e0d256c28bb433e5e357fe43b5eb14651bc983ef9c043ed25cc2/", "botnet,c2,DcRAT", "1", "Aumeg"
"2025-12-14 05:26:05", "1678543", "verify.shopmzx.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://bazaar.abuse.ch/sample/e36f23a8fa59e0d256c28bb433e5e357fe43b5eb14651bc983ef9c043ed25cc2/", "botnet,c2,DcRAT", "1", "Aumeg"
"2025-12-14 05:22:41", "1678570", "storm.stormf0x.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:28:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 05:17:23", "1678569", "ch.stormf0x.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:19:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 05:07:39", "1678567", "mix.kettle-wisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:14:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:58:23", "1678564", "fizz.kettle-wisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:04:02", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:47:03", "1678563", "odd.kettle-wisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 04:47:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:32:08", "1678562", "cask.kettle-wisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 04:34:43", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:27:59", "1678561", "ejt0w.kettlewisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 04:29:07", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:13:08", "1678560", "89pdo.kettlewisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 04:13:40", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:07:51", "1678559", "r2k.kettlewisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 04:10:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 03:57:25", "1678549", "beta.kettlewisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:59:42", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 03:46:41", "1678548", "ajpl.ripple-cask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:48:21", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 03:37:25", "1678547", "glitch.ripple-cask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:40:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 03:27:02", "1678546", "75z.ripple-cask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:28:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 03:17:19", "1678545", "d6gu.ripple-cask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:18:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 03:07:00", "1678544", "orbit.v0lticrum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:13:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:58:11", "1678541", "vjsjr.v0lticrum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:00:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:46:48", "1678540", "v7rg.v0lticrum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:48:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:37:31", "1678539", "nova.v0lticrum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:40:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:27:43", "1678538", "h4o.snare-plum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:29:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:17:29", "1678534", "qfbmr.snare-plum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:22:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:07:09", "1678531", "paper.snare-plum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:08:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:55:17", "1678530", "trace.snare-plum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:00:52", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:48:04", "1678529", "fax.gl1tchloam.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 01:48:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:37:23", "1678528", "sp5.gl1tchloam.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 01:38:26", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:27:58", "1678527", "xc2i.gl1tchloam.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 01:28:23", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:17:01", "1678526", "pkxq.gl1tchloam.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 01:23:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:07:49", "1678525", "rfz.snareplum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 01:09:04", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:57:27", "1678524", "hth.snareplum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:59:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:47:37", "1678523", "patch.snareplum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:50:44", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:37:25", "1678522", "vx7.snareplum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:38:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:27:02", "1678521", "bmz0.ripplecask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:32:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:14:08", "1678520", "omega.ripplecask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:16:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:06:58", "1678519", "crum.ripplecask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:09:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 23:57:09", "1678512", "ripple.ripplecask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:59:07", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 23:47:49", "1678511", "33zy.quenchorbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:50:16", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 23:37:32", "1678510", "jd.quenchorbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:41:09", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 23:27:42", "1678509", "knurl.quenchorbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:33:21", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 23:17:23", "1678508", "gamma.quenchorbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:19:52", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 23:07:06", "1678507", "3mu0h.paper-knurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:10:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:58:18", "1678468", "94u4p.paper-knurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:59:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:43:58", "1678467", "pixel.paper-knurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:51:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:39:45", "1678466", "shift.paper-knurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:42:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:37:09", "1678465", "tkn.zigm0scope.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:37:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:27:49", "1678464", "tureq.zigm0scope.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:33:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:11:29", "1678463", "2df.zigm0scope.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:14:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:07:48", "1678462", "le2.zigm0scope.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:09:44", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:57:29", "1678461", "zig.quench-orbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:59:06", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:41:01", "1678460", "h7rl1.quench-orbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:42:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:37:22", "1678459", "alpha.quench-orbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:38:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:28:05", "1678458", "delta.quench-orbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:30:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:18:23", "1678457", "volt.m1xthatch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:20:24", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:07:57", "1678456", "5br.m1xthatch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:10:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:57:44", "1678453", "kettle.m1xthatch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:58:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:47:50", "1678452", "thatch.m1xthatch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:49:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:37:34", "1678451", "psmds.br1stlefax.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:44:49", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:27:20", "1678450", "ped.br1stlefax.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:29:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:18:36", "1678449", "plum.br1stlefax.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:20:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:07:17", "1678448", "spark.br1stlefax.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:09:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:03:29", "1678434", "github.u9myanmar.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-13 23:01:48", "100", "https://search.censys.io/hosts/170.168.89.225+github.u9myanmar.store", "AS-GLOBALTELEHOST,AS63023,censys,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-12-13 20:02:44", "1678430", "credcoopbeneficios.shop", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-13 23:01:27", "100", "https://search.censys.io/hosts/185.208.159.162+credcoopbeneficios.shop", "AS42624,C2,censys,Havoc,SWISSNETWORK02", "0", "DonPasci"
"2025-12-13 19:57:51", "1678238", "warp.paperknurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:00:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 19:48:11", "1678237", "wisp.paperknurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:49:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 19:32:51", "1678236", "4zx.paperknurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:36:20", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 19:25:42", "1678235", "6rr5.paperknurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:32:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 19:13:53", "1678234", "silk.ciears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:16:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 19:07:42", "1678233", "hush2.ciears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:08:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:57:21", "1678232", "plush.ciears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:04:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:48:29", "1678230", "satin.ciears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 18:48:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:37:16", "1678197", "haze.hiiistorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 18:39:51", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:26:57", "1678196", "squall2.hiiistorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 18:28:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:18:09", "1678195", "thunder.hiiistorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 18:20:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:01:40", "1678194", "surge.hiiistorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 18:08:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:00:14", "1678184", "nightmare6732-46415.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251213-qlcgsafz8d", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-13 17:58:00", "1678183", "glare3.m1stycl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:59:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 17:45:27", "1678182", "zenith.m1stycl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:47:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 17:37:29", "1678179", "azur.m1stycl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:38:41", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 17:27:53", "1678178", "wisp5.m1stycl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:32:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 17:17:17", "1678177", "mist.m1stycl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:19:02", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 17:07:03", "1678176", "rime.fr0stgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:07:57", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:58:13", "1678175", "hoar2.fr0stgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:04:33", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:42:41", "1678174", "firn.fr0stgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:44:16", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:38:03", "1678173", "basin2.rockfieid.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:40:05", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:26:53", "1678147", "quarry.rockfieid.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:28:10", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:14:23", "1678146", "ledge.rockfieid.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:20:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:07:36", "1678145", "delta.deepbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:09:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 15:57:17", "1678136", "fjord1.deepbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:03:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 15:47:01", "1678135", "zephyr.deepbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 15:47:41", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 15:38:13", "1678134", "grove.deepbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 15:38:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 15:27:53", "1677838", "noct.n1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 15:18:14", "1677837", "swell4.n1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 15:07:45", "1677836", "crest.n1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:59:34", "1677834", "nimbus3.stormpixei.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 15:00:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:51:50", "1677833", "aurora.stormpixei.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:53:52", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:48:10", "1677832", "drift2.stormpixei.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:49:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:36:18", "1677831", "glint.stormpixei.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:37:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:27:31", "1677829", "squall.stormpixei.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:33:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:18:41", "1677828", "weft.tangleflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:20:32", "100", "None", "clearfake", "1", "ttakvam"
"2025-12-13 14:07:53", "1677827", "snarl.tangleflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:08:30", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:57:06", "1677826", "eddy.tangleflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:58:09", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:47:49", "1677825", "whip.tangleflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:49:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:33:57", "1677823", "braid.tangleflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:37:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:23:41", "1677822", "spar.plume-anchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:26:57", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:17:28", "1677820", "boom.plume-anchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:22:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:07:34", "1677819", "rope.plume-anchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:08:36", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:58:19", "1677818", "dock.plume-anchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:59:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:46:59", "1677816", "maw.c1rclefang.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:53:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:37:12", "1677815", "prong.c1rclefang.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:39:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:27:54", "1677814", "gnash.c1rclefang.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:34:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:17:34", "1677813", "orbit.c1rclefang.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:20:49", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:07:51", "1677812", "seal.hollow-zip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:13:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:01:31", "1677807", "minedonate10.waizerfly.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251213-ldpd6adz6h", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-12-13 12:01:15", "1677806", "login.10x.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-13 12:01:16", "100", "https://tria.ge/251213-g5mbnads2a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-12-13 12:01:13", "1677805", "version3.spc.jp.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-13 12:01:14", "100", "https://tria.ge/251213-dj7hxsck5w", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-12-13 12:00:47", "1677801", "atthewr.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-13 17:40:09", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-12-13 12:00:47", "1677802", "injecto.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-13 17:40:09", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-12-13 12:00:47", "1677803", "phytonr.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-13 17:40:09", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-12-13 12:00:47", "1677804", "proselw.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-13 17:40:09", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-12-13 12:00:46", "1677800", "peshmef.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-13 17:40:09", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-12-13 12:00:18", "1677799", "dedefoenumnigga-44957.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251213-h2f6xa1nbp", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-13 11:58:33", "1677798", "twine.hollow-zip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:59:16", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 11:47:14", "1677797", "vault.hollow-zip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:53:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 11:37:26", "1677796", "thrust.r0bintorque.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:39:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 11:27:11", "1677795", "shear.r0bintorque.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:28:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 11:18:23", "1677794", "axle.r0bintorque.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:20:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 11:08:04", "1677793", "bind.hollowzip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:09:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:57:44", "1677765", "pouch.hollowzip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:04:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:43:48", "1677764", "wrap.hollowzip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:46:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:37:33", "1677763", "crypt.hollowzip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:43:05", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:28:19", "1677762", "chain.plumeanchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:29:24", "100", "None", "clearfake", "1", "ttakvam"
"2025-12-13 10:11:22", "1677761", "reef.plumeanchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:12:26", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:06:12", "1677760", "moor.plumeanchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:08:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:01:25", "1677759", "port.plumeanchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:02:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:57:18", "1677758", "keel.plumeanchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:59:04", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:48:16", "1677757", "lid.sn0cklejar.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:49:40", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:38:12", "1677756", "cask.sn0cklejar.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:45:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:28:53", "1677753", "pickle.sn0cklejar.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:32:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:17:38", "1677742", "snare.sn0cklejar.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:28:15", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:07:48", "1677729", "scrape.gravel-whisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:08:40", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:57:29", "1677728", "swirl.gravel-whisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:58:47", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:47:30", "1677724", "quarry.gravel-whisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:48:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:44:32", "1677719", "glow.b1tcascade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:45:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:37:13", "1677717", "rill.b1tcascade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:39:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:32:13", "1677716", "delta.b1tcascade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:35:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:28:21", "1677715", "byte.b1tcascade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:30:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:18:44", "1677714", "lathe.vex-timber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:20:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:07:50", "1677713", "join.vex-timber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:09:50", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:03:10", "1676965", "ity.keyzsoft.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://bazaar.abuse.ch/sample/8d9d18fb397ea5ae52f56dc47e7336bb88d781e26b4a109a4ce5cfa728771655/", "c2,domain,vidar", "0", "burger"
"2025-12-13 08:00:58", "1676773", "ace-batiment.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2025-12-13 08:00:48", "1677518", "renviox.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/72e8e71d1592778c338a9a458a1f35b08e722139dfb59b4f1ba0fd7aa099a6b7/", "None", "0", "burger"
"2025-12-13 08:00:48", "1677536", "instance-p3rfvx-relay.screenconnect.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "FraudulentUse,Screenconnect", "0", "Gi7w0rm"
"2025-12-13 08:00:47", "1677537", "effinghampodiatriclore.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "DeerStealer,DonutLoader,HijackLoader", "0", "Gi7w0rm"
"2025-12-13 08:00:40", "1677658", "www.10x.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-13 12:01:15", "100", "https://www.virustotal.com/gui/file/d3c04371fa3aceeaf08182349f912d1a0265fbed122388391ac4b836fac88cdd", "AsyncRAT,botnet,c2", "0", "Amethyste"
"2025-12-13 07:57:56", "1677683", "pine.vex-timber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:00:20", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 07:48:14", "1677670", "stathub.quest", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/", "PureHVNC", "0", "abuse_ch"
"2025-12-13 07:48:14", "1677671", "stategiq.quest", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/", "PureHVNC", "0", "abuse_ch"
"2025-12-13 07:48:14", "1677672", "mktblend.monster", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/", "PureHVNC", "0", "abuse_ch"
"2025-12-13 07:48:14", "1677673", "dsgnfwd.xyz", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/", "PureHVNC", "0", "abuse_ch"
"2025-12-13 07:48:14", "1677674", "dndhub.xyz", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/", "PureHVNC", "0", "abuse_ch"
"2025-12-13 07:47:40", "1677669", "axle.vextimber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 07:55:02", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 07:37:48", "1677668", "grain.vextimber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 07:40:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 07:27:28", "1677667", "mill.vextimber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 07:29:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 07:20:24", "1677666", "bulinco.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/94e6cf4122215224008285277ee1f4df61a7739c8c85ed569f112d70ce8b998f/", "xworm", "0", "abuse_ch"
"2025-12-13 07:17:15", "1677665", "fir.vextimber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 07:17:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 07:08:26", "1677664", "rumble.murmurplex.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 07:14:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:57:14", "1677663", "hum.murmurplex.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:58:50", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:46:54", "1677662", "loom.murmurplex.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:49:30", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:42:14", "1677661", "whorl.murmurplex.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:46:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:39:00", "1677660", "echo.murmurplex.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:39:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:27:41", "1677659", "ridge.gravelwhisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:29:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:17:52", "1677657", "spur.gravelwhisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:19:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:07:36", "1677656", "silt.gravelwhisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:13:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:01:31", "1677655", "v2.91clubgamez.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-13 06:01:32", "100", "https://tria.ge/251213-bcztdsykcl", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-12-13 05:57:21", "1677652", "harrow.gravelwhisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:58:24", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 05:48:34", "1677651", "2yri.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:49:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 05:38:10", "1677650", "m18.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:39:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 05:26:53", "1677649", "oel6h.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:27:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 05:18:06", "1677648", "mwqkv.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:19:05", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 05:07:59", "1677647", "gqs5d.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:10:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:57:59", "1677646", "t1i.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:00:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:47:39", "1677645", "gamma.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:48:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:37:18", "1677644", "gwe.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:38:43", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:27:36", "1677643", "soft.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:29:26", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:18:57", "1677642", "a0a.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:19:05", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:08:02", "1677641", "h819.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:09:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 03:58:09", "1677617", "nx.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:00:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 03:42:46", "1677616", "i5xu.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:49:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 03:38:02", "1677615", "flare.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:40:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 03:28:41", "1677614", "iyp61.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:30:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 03:17:23", "1677613", "deep.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:19:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 03:07:34", "1677612", "w10ok.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:12:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:57:21", "1677610", "yxvgh.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:59:22", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:47:03", "1677608", "champ.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:52:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:36:11", "1677607", "zh8qj.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:39:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:28:01", "1677606", "fh9.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:28:42", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:17:40", "1677605", "blood.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:23:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:07:50", "1677604", "8y.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:09:47", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:57:37", "1677603", "dsav5.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:00:06", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:47:45", "1677602", "crest.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:49:49", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:37:35", "1677601", "book.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:43:03", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:27:38", "1677600", "di.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:33:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:17:24", "1677599", "dz4y1.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:24:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:07:06", "1677598", "lqd.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:08:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:55:44", "1677596", "wy1.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:57:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:48:02", "1677595", "ocean.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:49:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:38:11", "1677594", "shadow.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:39:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:27:20", "1677593", "z6.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:28:07", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:17:33", "1677592", "bridge.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:23:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:07:20", "1677591", "light.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:09:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 23:57:27", "1677583", "yzmbi.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:58:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 23:47:09", "1677582", "storm.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:49:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 23:36:51", "1677581", "wild.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:40:03", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 23:22:00", "1677580", "guard.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:25:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 23:17:00", "1677579", "trace.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:21:23", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 23:07:47", "1677578", "spark.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:09:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:57:26", "1677542", "jtp4r.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:59:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:47:44", "1677541", "ember.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:49:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:37:50", "1677540", "2ic.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:40:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:29:05", "1677538", "neuro.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:31:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:19:11", "1677535", "byte.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:23:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:07:57", "1677534", "zeq3.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:09:50", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:57:40", "1677533", "mint.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:00:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:47:52", "1677532", "sabr6.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:51:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:44:45", "1677531", "epfe.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:45:51", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:37:31", "1677530", "p8.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:38:50", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:28:39", "1677528", "field.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:35:06", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:25:25", "1677527", "m9dbmhskb.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/ee28b64d4e17826527e6ee7bdf9ac22f8adb5d2c06ed533e8206f9fceecdcd8c/", "xworm", "0", "abuse_ch"
"2025-12-12 21:17:21", "1677526", "q1.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:19:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:07:31", "1677524", "bbpa.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:10:33", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:58:44", "1677522", "dndhub.xyz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClickFix,PureHVNC", "0", "threatcat_ch"
"2025-12-12 20:57:17", "1677521", "vdf.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:59:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:47:00", "1677520", "core.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:47:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:38:08", "1677519", "3w.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:39:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:27:53", "1677517", "z4l.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:29:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:17:33", "1677516", "lq.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:19:32", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:07:47", "1677514", "yl90o.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:14:23", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:03:02", "1677501", "fpt.dfp.abdullah-sharif.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-12 23:01:33", "100", "https://search.censys.io/hosts/45.32.154.228+fpt.dfp.abdullah-sharif.com", "AS-VULTR,AS20473,C2,censys,Havoc", "0", "DonPasci"
"2025-12-12 20:03:01", "1677499", "arabsea.testingweblink.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-12 23:01:33", "100", "https://search.censys.io/hosts/188.166.156.56+arabsea.testingweblink.com", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci"
"2025-12-12 20:03:01", "1677500", "adfs.abdullah-sharif.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-12 23:01:33", "100", "https://search.censys.io/hosts/45.32.154.228+adfs.abdullah-sharif.com", "AS-VULTR,AS20473,C2,censys,Havoc", "0", "DonPasci"
"2025-12-12 19:57:28", "1677480", "short.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:02:41", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 19:47:50", "1677478", "6xy2.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:53:42", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 19:35:18", "1677477", "fdvfr.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:41:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 19:27:04", "1677476", "hill.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:27:56", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 19:17:16", "1677474", "dur71.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:19:44", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 19:07:59", "1677473", "flame.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:10:36", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:52:35", "1677461", "beta.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:02:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:46:50", "1677459", "k5i.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:48:30", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:38:03", "1677009", "omega.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:39:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:27:14", "1676975", "6t5.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:28:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:17:26", "1676974", "river.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:19:24", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:07:12", "1676973", "au.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:09:21", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:02:58", "1676972", "sodendick-39162.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251212-vd96astldy", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-12-12 18:02:13", "1676970", "1.tcp.clar.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-qwd4csdm2w", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-12 18:02:12", "1676969", "8.tcp.clar.top", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-qzd8ja1qbq", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-12 18:02:11", "1676966", "entire-so.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-wdyypstnaq", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-12 18:02:11", "1676967", "dad9idois-44752.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-tnvypatjdz", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-12 17:58:28", "1676771", "xk8.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:59:47", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:48:03", "1676770", "hdbg.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:49:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:34:40", "1676767", "sdsu.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:35:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:28:01", "1676766", "2vv6.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:28:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:17:44", "1676763", "inter.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:19:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:07:26", "1676762", "wind.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:08:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:05:28", "1676761", "leqdger.click", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake,ClickFix", "0", "threatcat_ch"
"2025-12-12 16:57:48", "1676759", "8cu.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:04:03", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 16:52:46", "1676757", "9vq0tzgx64793.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 12:48:00", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-12-12 16:47:23", "1676756", "i6.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:49:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 16:38:05", "1676754", "1tza.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:39:21", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 16:27:15", "1676742", "mouc.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:32:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 16:24:07", "1676702", "intercttp.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/ffd46048b8ead14d5bd8c05d340fe00b6695093dac18ad55eda6d74457fe29ae/", "c2", "0", "burger"
"2025-12-12 16:24:07", "1676706", "italy-divine.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu"
"2025-12-12 16:24:05", "1676721", "content-v2-verisoiu.icu", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-14 11:00:13", "100", "", "stealc", "0", "amznemu"
"2025-12-12 16:24:04", "1676722", "joyeriatauro.com", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "stealc", "0", "amznemu"
"2025-12-12 16:18:01", "1676737", "alpha.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:20:15", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 16:07:45", "1676736", "z9s.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:09:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 15:58:18", "1676723", "peak.nightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:00:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 15:48:26", "1676717", "zj3m0.nightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:48:50", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 15:37:49", "1676707", "branch.nightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:39:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 15:28:28", "1676704", "uqdz.nightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:29:59", "100", "None", "clearfake", "1", "ttakvam"
"2025-12-12 15:21:25", "1676703", "clear.brightgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:22:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 15:11:54", "1676701", "t84g.brightgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:14:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 15:08:17", "1676697", "i3o.brightgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 15:10:56", "100", "None", "clearfake", "1", "ttakvam"
"2025-12-12 14:57:28", "1676689", "oput.brightgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 14:58:40", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 14:41:10", "1676678", "hcg.cloudreach.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 14:51:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 14:37:25", "1676677", "ihokolkasdiemh.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/178.16.53.88", "c2,censys,domain,Latrodectus", "0", "DonPasci"
"2025-12-12 14:36:05", "1676676", "aniradodokloiure.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://threatfox.abuse.ch/ioc/1673816/", "c2,censys,domain,Latrodectus", "0", "DonPasci"
"2025-12-12 14:34:57", "1676675", "jiontrusdergaseol.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/158.94.209.164", "c2,censys,domain,Latrodectus", "0", "DonPasci"
"2025-12-12 14:34:08", "1676674", "gastroikoliojauiol.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/158.94.209.173", "c2,censys,domain,Latrodectus", "0", "DonPasci"
"2025-12-12 14:29:53", "1676641", "kevincheat.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/f4d788440fe7232667ab1c1062ee6521001c93f4f3f7dc32feb303cf420b64fe/", "None", "0", "burger"
"2025-12-12 14:29:52", "1676645", "buradakimvar.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://www.virustotal.com/gui/domain/buradakimvar.xyz/relations", "c2,stealer", "0", "burger"
"2025-12-12 14:08:47", "1676650", "s9ps.cloudreach.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 14:10:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 13:57:23", "1676649", "tp.cloudreach.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 14:18:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 13:50:13", "1676648", "cwci.oceandrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 13:51:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 13:46:01", "1676647", "ic7y.oceandrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 13:47:22", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 13:37:16", "1676646", "gsv54.oceandrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 13:38:50", "100", "None", "ClearFake", "0", "threatcat_ch"
# Number of entries: 363