################################################################
# ThreatFox IOCs: recent additions - CSV format                #
# Last updated: 2026-03-11 18:34:42 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter"
"2026-03-11 18:34:42", "1763610", "fastcloud.solariana.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 18:31:15", "1763607", "web-spot.solariana.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 18:31:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 18:28:33", "1763606", "clear-sky.solariana.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 18:30:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 18:26:35", "1763602", "bright-9.solariana.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 18:27:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 18:13:02", "1763596", "easygo.altovante.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 18:13:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 18:03:25", "1763591", "192.229.116.233:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260311-pn1fysfs4v", "AS138995,C2,rat,triage,valleyrat", "0", "DonPasci"
"2026-03-11 18:02:06", "1763588", "http://185.143.228.166", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260311-n7e4pad181", "AS29802,C2,stealc,stealer,triage", "0", "DonPasci"
"2026-03-11 18:01:18", "1763586", "wru.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-03-11 18:01:20", "100", "False", "https://tria.ge/260311-tnfh1acz3x", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2026-03-11 18:01:16", "1763585", "nll.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-03-11 18:01:18", "100", "False", "https://tria.ge/260311-tnfh1acz3x", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2026-03-11 18:00:42", "1763583", "trungtammmo.vn", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260311-vssvkagy4r", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-03-11 17:48:43", "1763578", "green-road.altovante.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 17:50:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 17:46:48", "1763577", "openview.ventomaris.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 17:47:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 17:39:24", "1763576", "sun-88.ventomaris.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 17:40:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 17:39:20", "1763575", "pattigame.co.in", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 17:37:12", "1763573", "quickpage.ventomaris.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 17:37:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 17:27:21", "1763565", "blue-forest7.ventomaris.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 17:29:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 17:13:47", "1763561", "hyper-5m4r.checksum.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 17:14:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 17:06:22", "1763560", "patomgroup.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 16:48:55", "1763559", "b0ld3-vector.checksum.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 16:49:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 16:45:16", "1763558", "pathseekersgame.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 16:42:05", "1763557", "mer-forgea.sightup.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 16:42:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 16:37:53", "1763556", "refinewinter.sightup.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 16:38:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 16:32:39", "1763554", "ultra-5tric.sightup.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 16:33:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 16:28:23", "1763553", "brandlea.sightup.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 16:27:16", "1763552", "gqj7b.lovone.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 16:23:00", "1763551", "6lwz4mlu.lovone.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 16:23:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 16:17:36", "1763550", "norven3ex.lovone.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 16:19:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 16:05:28", "1763547", "st0ry-forge.zecmon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 16:02:54", "1763546", "cornpo-loop.zecmon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 16:01:53", "1763545", "186.212.26.68:8081", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "False", "https://search.censys.io/hosts/186.212.26.68", "AS18881,C2,censys,Havoc,TELEFONICA", "0", "DonPasci"
"2026-03-11 16:01:49", "1763544", "118.107.5.135:18080", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "False", "https://search.censys.io/hosts/118.107.5.135", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Hookbot", "0", "DonPasci"
"2026-03-11 16:01:48", "1763543", "159.138.31.252:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/159.138.31.252", "AS136907,C2,censys,HWCLOUDS-AS-AP,Mythic", "0", "DonPasci"
"2026-03-11 16:01:43", "1763542", "172.111.233.102:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://search.censys.io/hosts/172.111.233.102", "AS9009,AsyncRAT,C2,censys,M247,RAT", "0", "DonPasci"
"2026-03-11 16:01:42", "1763541", "172.111.233.102:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://search.censys.io/hosts/172.111.233.102", "AS9009,AsyncRAT,C2,censys,M247,RAT", "0", "DonPasci"
"2026-03-11 16:01:30", "1763540", "84.247.175.188:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "False", "https://search.censys.io/hosts/84.247.175.188", "AS51167,C2,censys,CONTABO,open-dir,payload,Sliver", "0", "DonPasci"
"2026-03-11 16:01:29", "1763539", "45.149.154.190:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "False", "https://search.censys.io/hosts/45.149.154.190", "AS212477,C2,censys,ROYALE-AS,Sliver", "0", "DonPasci"
"2026-03-11 16:01:24", "1763538", "23.254.131.120:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/23.254.131.120", "AS54290,C2,censys,HOSTWINDS,RAT,Remcos", "0", "DonPasci"
"2026-03-11 16:01:23", "1763537", "66.163.123.60:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/66.163.123.60", "AS-GLOBALTELEHOST,AS63023,C2,censys,RAT,Remcos", "0", "DonPasci"
"2026-03-11 16:01:08", "1763536", "156.234.56.112:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.56.112", "AS138415,C2,censys,CobaltStrike,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:01:07", "1763534", "156.234.56.111:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.56.111", "AS138415,C2,censys,CobaltStrike,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:01:07", "1763535", "156.234.74.251:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.74.251", "AS138415,C2,censys,CobaltStrike,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:01:02", "1763533", "103.45.65.67:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/103.45.65.67", "AS152194,C2,censys,CobaltStrike,cs-watermark-666666666,CTGSERVERLIMITED-AS-AP", "0", "DonPasci"
"2026-03-11 16:00:59", "1763532", "156.234.74.226:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.74.226", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:58", "1763531", "156.234.162.254:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.162.254", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:57", "1763530", "156.234.56.119:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.56.119", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:56", "1763529", "156.234.208.73:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.208.73", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:55", "1763528", "23.235.179.105:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/23.235.179.105", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:54", "1763527", "156.234.162.232:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.162.232", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:53", "1763526", "156.234.208.74:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.208.74", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:52", "1763525", "156.234.208.78:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.208.78", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:51", "1763524", "156.234.208.88:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.208.88", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:50", "1763523", "156.234.56.104:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.56.104", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:49", "1763522", "103.41.7.148:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/103.41.7.148", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:48", "1763521", "156.234.74.248:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.74.248", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:47", "1763520", "156.234.166.237:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.166.237", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:46", "1763519", "156.234.202.137:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.202.137", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:45", "1763518", "156.234.162.253:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.162.253", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:44", "1763516", "156.234.56.125:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.56.125", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:44", "1763517", "23.235.179.126:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/23.235.179.126", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:43", "1763515", "156.234.166.249:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.166.249", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:42", "1763514", "156.234.162.227:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.162.227", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:41", "1763512", "156.234.166.251:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.166.251", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:41", "1763513", "103.41.7.143:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/103.41.7.143", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:40", "1763511", "156.234.208.69:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.208.69", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:39", "1763510", "156.234.166.227:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.166.227", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:37", "1763509", "156.234.162.248:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.162.248", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:36", "1763508", "156.234.208.65:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.208.65", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:35", "1763507", "156.234.162.225:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.162.225", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 16:00:34", "1763506", "23.235.179.113:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/23.235.179.113", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 15:54:59", "1763505", "okyc.zecmon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 15:55:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 15:51:58", "1763504", "vvave-cast.zecmon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 15:49:10", "1763503", "metr1-hinge.skyip.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 15:49:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 15:40:56", "1763501", "thicketglobal.skyip.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 15:41:01", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 15:40:24", "1763500", "141.98.234.16:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/592483ce3a4b52d6f34ab5eaf69950dee7ee54506fab316b14735f4f81f31a1c/", "ACRStealer", "0", "abuse_ch"
"2026-03-11 15:35:47", "1763499", "45.150.34.180:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/e9fbb7b8229e0d887460503b0e1c20a9c190bffe7d69e4d2337aaa6d92503f47/", "ACRStealer", "0", "abuse_ch"
"2026-03-11 15:31:07", "1763384", "http://147.45.41.212/784a9f43732c.sh?force=1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 15:31:06", "1763385", "http://147.45.41.212/784a9f43732c?force=1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 15:31:04", "1763394", "lumdraex4.loggin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 15:15:22", "100", "False", "None", "11March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-11 15:25:41", "1763398", "napc.skyip.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 15:29:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 15:19:45", "1763397", "harv3-pulse.loggin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 15:20:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 15:17:49", "1763396", "sub-p3ta.loggin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 15:18:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 15:15:04", "1763395", "41.216.188.74:6093", "ip:port", "botnet_cc", "jar.strrat", "None", "STRRAT", "", "100", "False", "None", "STRRAT", "0", "abuse_ch"
"2026-03-11 15:00:08", "1763392", "104.168.70.172:4550", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260311-pgw5yshs3m", "Remcos", "0", "dyingbreeds_"
"2026-03-11 15:00:08", "1763393", "104.168.70.172:4553", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260311-pgw5yshs3m", "Remcos", "0", "dyingbreeds_"
"2026-03-11 15:00:05", "1763391", "204.10.160.252:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-03-11 16:01:22", "100", "False", "https://tria.ge/260311-p7kvlsfw9y", "Remcos", "0", "dyingbreeds_"
"2026-03-11 14:50:17", "1763390", "5tri2-route.fastlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 14:33:48", "1763389", "exportfjord.fastlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 14:34:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 13:48:24", "1763341", "pageglance.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:24", "1763342", "https://pageglance.icu/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:23", "1763343", "https://pageglance.icu/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:23", "1763344", "websift.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:23", "1763345", "https://websift.icu/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:22", "1763346", "https://websift.icu/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:22", "1763347", "metricspan.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:21", "1763348", "https://metricspan.icu/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:21", "1763349", "https://metricspan.icu/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:20", "1763351", "trackstream.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:20", "1763352", "https://trackstream.icu/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:20", "1763354", "webprobe.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:19", "1763353", "https://trackstream.icu/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:19", "1763356", "https://webprobe.icu/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:18", "1763355", "https://webprobe.icu/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:17", "1763357", "flowchartix.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:17", "1763358", "https://flowchartix.icu/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:17", "1763359", "https://flowchartix.icu/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:15", "1763362", "site-builder.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:15", "1763363", "https://site-builder.icu/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:15", "1763364", "https://site-builder.icu/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:14", "1763365", "datavoyage.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:14", "1763367", "https://datavoyage.icu/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:13", "1763366", "https://datavoyage.icu/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:12", "1763368", "analyticape.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:12", "1763370", "https://analyticape.icu/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:11", "1763371", "https://analyticape.icu/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:11", "1763373", "https://infogauge.icu/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:10", "1763372", "infogauge.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:10", "1763374", "https://infogauge.icu/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:09", "1763375", "lexicongrid.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:09", "1763376", "https://lexicongrid.com/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:08", "1763378", "cogni-path.net", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:07", "1763311", "cdn-assets.cfworkerzet.workers.dev", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 13:48:06", "1763312", "https://cdn-assets.cfworkerzet.workers.dev/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 13:48:05", "1763313", "gate-gri.fastlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 11:52:36", "100", "False", "None", "11March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-11 13:48:05", "1763340", "http://176.124.205.180/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AEZA GROUP LLC,AS210644,unam", "0", "antiphishorg"
"2026-03-11 13:48:03", "1763377", "https://lexicongrid.com/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:02", "1763379", "https://cogni-path.net/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:02", "1763380", "https://cogni-path.net/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:01", "1763381", "xrp-node.ltd", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:01", "1763382", "https://xrp-node.ltd/ext-b.9423bd0b6b22.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:48:00", "1763383", "https://xrp-node.ltd/ext.c3c0a381391c.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT,macOS", "0", "HuntYethHounds"
"2026-03-11 13:38:14", "1763369", "paranj.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 13:25:54", "1763350", "paramotorshirtco.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 12:55:49", "1763339", "paragrafo.org", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 12:12:34", "1763338", "pantografocnc.mx", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 12:02:12", "1763337", "18.162.145.74:8554", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.162.145.74", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-11 12:02:07", "1763336", "165.154.225.36:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/165.154.225.36", "AdaptixC2,AS142002,C2,censys,SCLOUDPTELTD-AS", "0", "DonPasci"
"2026-03-11 12:02:00", "1763335", "176.65.139.43:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "False", "https://search.censys.io/hosts/176.65.139.43", "AS51396,C2,censys,Gafgyt,open-dir,PFCLOUD", "0", "DonPasci"
"2026-03-11 12:01:59", "1763334", "http://217.156.122.75", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260311-hx5npsgt8v", "AS48753,C2,stealc,stealer,triage", "0", "DonPasci"
"2026-03-11 12:01:58", "1763333", "181.214.221.172:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "False", "https://search.censys.io/hosts/181.214.221.172", "AS210356,BATTLEHOST,C2,censys,Gafgyt,open-dir", "0", "DonPasci"
"2026-03-11 12:01:53", "1763332", "178.104.39.229:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/178.104.39.229", "AS24940,censys,EvilGoPhish,HETZNER-AS,panel,Phishing", "0", "DonPasci"
"2026-03-11 12:01:42", "1763331", "77.237.245.173:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/77.237.245.173", "AS51167,C2,censys,CONTABO,Covenant", "0", "DonPasci"
"2026-03-11 12:01:35", "1763330", "196.202.83.95:4444", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/196.202.83.95", "AS8452,C2,censys,Quasar,RAT,TE-AS", "0", "DonPasci"
"2026-03-11 12:01:12", "1763329", "185.208.158.38:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/185.208.158.38", "AS42624,C2,censys,RAT,Remcos,SWISSNETWORK02", "0", "DonPasci"
"2026-03-11 12:00:57", "1763328", "ngrokhi2.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-03-11 15:00:10", "100", "False", "https://tria.ge/260311-n3pgkadz5v", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2026-03-11 12:00:53", "1763327", "156.234.74.253:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.74.253", "AS138415,C2,censys,CobaltStrike,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 12:00:44", "1763326", "156.234.56.100:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.56.100", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 12:00:43", "1763325", "23.235.179.116:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/23.235.179.116", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 12:00:42", "1763324", "156.234.162.230:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.162.230", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 12:00:41", "1763323", "14.225.1.88:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/14.225.1.88", "AS135905,C2,censys,CobaltStrike,cs-watermark-987654321,VNPT-AS-VN", "0", "DonPasci"
"2026-03-11 12:00:40", "1763322", "23.235.179.104:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/23.235.179.104", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 12:00:39", "1763321", "156.234.166.242:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.166.242", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 12:00:38", "1763320", "23.235.179.120:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/23.235.179.120", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 12:00:37", "1763319", "156.234.162.237:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.162.237", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 12:00:36", "1763318", "156.234.166.234:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.166.234", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 12:00:35", "1763317", "156.234.162.250:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.162.250", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 12:00:34", "1763316", "156.234.208.72:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.208.72", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 11:58:25", "1763315", "panoramaslz.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 11:56:54", "1763314", "fjnghv.fastlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 11:57:51", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 11:40:03", "1763310", "82.165.51.16:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch"
"2026-03-11 11:37:56", "1763280", "opserver-styles-svg.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:55", "1763281", "https://opserver-styles-svg.click/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:55", "1763282", "https://opserver-styles-svg.click/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:54", "1763283", "image-fonts-awesomeserver.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:54", "1763284", "https://image-fonts-awesomeserver.click/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:54", "1763285", "https://image-fonts-awesomeserver.click/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:53", "1763288", "cdn-compress-image.sbs", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:53", "1763289", "https://cdn-compress-image.sbs/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:53", "1763291", "https://cdn-compress-image.sbs/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:52", "1763292", "oplod-cdn-bootstrap-28.sbs", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:52", "1763293", "https://oplod-cdn-bootstrap-28.sbs/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:52", "1763294", "https://oplod-cdn-bootstrap-28.sbs/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:51", "1763295", "vlns-andb-cdn.sbs", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:51", "1763296", "https://vlns-andb-cdn.sbs/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:51", "1763297", "https://vlns-andb-cdn.sbs/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:50", "1763298", "wldsc-api-cloud.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:50", "1763299", "https://wldsc-api-cloud.click/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:50", "1763300", "cash-js-server.sbs", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:49", "1763301", "https://cash-js-server.sbs/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:49", "1763302", "https://cash-js-server.sbs/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:48", "1763303", "hcountry-cdn.cfd", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:48", "1763304", "https://hcountry-cdn.cfd/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:48", "1763305", "https://hcountry-cdn.cfd/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-11 11:37:47", "1763307", "https://cptoptious.com/jsrepo?rnd=0.4887877064684545", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-11 11:37:46", "1763265", "hw94h.backlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 09:30:17", "100", "False", "None", "11March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-11 11:32:39", "1763308", "pangeaebook.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 11:16:27", "1763306", "panel.sirenadoro.it", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 11:00:12", "1763290", "139.99.235.40:2020", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260311-jdetlsgw9v", "Remcos", "0", "dyingbreeds_"
"2026-03-11 10:57:31", "1763287", "iondawn.checksum.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 17:18:41", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 10:52:04", "1763286", "119.45.127.240:18081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-11 17:48:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-03-11 10:42:57", "1763279", "n4rro5-panel.checksum.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 17:20:09", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 10:33:58", "1763278", "civilsandbo.whitelist.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 10:34:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 10:31:48", "1763277", "rhyfpa2f.whitelist.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 10:32:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 10:29:46", "1763276", "panaderiaconfiteriasanfrancisco.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 10:26:13", "1763275", "root3-layer.whitelist.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 10:31:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 10:20:16", "1763274", "ukixhx.whitelist.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 10:21:08", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 10:14:27", "1763273", "zrvkmhps.bestlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 10:15:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 10:11:28", "1763272", "palomareis.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 10:05:51", "1763271", "ch3ck-spark.bestlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 10:06:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 09:53:50", "1763270", "uth9.bestlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 09:54:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 09:47:15", "1763269", "gran-pra.bestlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 09:50:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 09:41:11", "1763268", "ri4w.backlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 09:46:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 09:35:52", "1763267", "palani.photography", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 09:35:09", "1763266", "parsegri.backlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 09:35:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 09:26:37", "1763264", "zloapobikahy23.bond", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/c62a9df821108cbea00280c292a7787350715f1252d4e0a3371f039783145486/", "None", "0", "abuse_ch"
"2026-03-11 09:23:49", "1763263", "9rfio.backlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 09:24:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 09:21:49", "1763262", "pakphthalates.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 09:17:47", "1763261", "flowpassive.logcheck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 09:18:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 09:11:27", "1763260", "iqkd.logcheck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 09:11:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 09:11:19", "1763259", "45.9.122.125:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/bd6c1844db5e44310542a69aa4ba433430d25a2622c98cf819247330b8826c64/", "ACRStealer", "0", "abuse_ch"
"2026-03-11 09:06:58", "1763258", "neo-tru3.logcheck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 09:08:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 08:58:00", "1763257", "modern8-signal.logcheck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 08:58:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 08:51:37", "1763256", "rkxv.keysum.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 08:53:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 08:51:18", "1763255", "64.81.30.113:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "50", "False", "https://app.any.run/tasks/259d2cc4-fecf-410b-83ba-4b9250815b9e/", "c2,gh0st", "0", "juroots"
"2026-03-11 08:49:07", "1763254", "pages.edenstanley.co.uk", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 08:45:03", "1763253", "genefrost.keysum.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 08:50:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 08:39:13", "1763252", "188.227.16.6:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "reverseshell", "0", "juroots"
"2026-03-11 08:38:43", "1763251", "tr4c-craft.keysum.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 08:39:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 08:35:54", "1763250", "padsante.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 08:33:43", "1763249", "8uasm.keysum.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 08:34:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 08:30:43", "1763248", "192.3.176.252:8780", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2026-03-11 11:01:43", "75", "False", "https://bazaar.abuse.ch/sample/1828531fbc67051335ec19f5e7ff29b3567afb12e3bd30acbb2e59f153728364/", "xworm", "0", "abuse_ch"
"2026-03-11 08:28:10", "1763247", "5wif5-leaf.testload.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 08:28:55", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 08:22:21", "1763245", "crat-mas.testload.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 08:23:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 08:18:03", "1763244", "padel-ancises.fr", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 08:13:28", "1763243", "jvrkh.testload.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 08:14:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 08:10:35", "1763242", "158.94.210.210:5590", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2026-03-11 11:01:47", "75", "False", "https://bazaar.abuse.ch/sample/4f5d1c5ad71e3be6754c31542735633c0be9224feae128e2bb4cec533e85c33e/", "xworm", "0", "abuse_ch"
"2026-03-11 08:10:29", "1763241", "asybk.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b2bf943f220397f11ded2b2b5992002f93be60605d91b8b8dfae28b4d862540f/", "asyncrat", "0", "abuse_ch"
"2026-03-11 08:10:25", "1763240", "asy.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b2bf943f220397f11ded2b2b5992002f93be60605d91b8b8dfae28b4d862540f/", "asyncrat", "0", "abuse_ch"
"2026-03-11 08:08:08", "1763232", "74.0.32.148:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:08:08", "1763233", "74.0.48.159:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:08:08", "1763234", "74.0.48.160:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:08:08", "1763235", "74.0.48.164:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:08:08", "1763236", "148.251.39.123:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:08:08", "1763237", "148.251.39.124:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:08:08", "1763238", "148.251.39.125:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:08:08", "1763239", "148.251.39.126:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:07:34", "1763228", "dgg.paihost.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:07:34", "1763229", "dgg.ssffaa18.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:07:34", "1763230", "epy.nexs.com.bd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:07:34", "1763231", "epy.ssffaa18.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:07:07", "1763227", "80.76.49.161:8041", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/cd3152f3d8ff824027549d4ef43a2cb9b42bb004e139a7911fdf79844be75e95/", "ConnectWise,ScreenConnect", "0", "abuse_ch"
"2026-03-11 08:06:54", "1763222", "https://74.0.48.164/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:54", "1763223", "https://148.251.39.123/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:54", "1763224", "https://148.251.39.124/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:54", "1763225", "https://148.251.39.125/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:54", "1763226", "https://148.251.39.126/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:53", "1763216", "https://epy.ssffaa18.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:53", "1763217", "https://dgg.paihost.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:53", "1763218", "https://dgg.ssffaa18.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:53", "1763219", "https://74.0.32.148/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:53", "1763220", "https://74.0.48.159/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:53", "1763221", "https://74.0.48.160/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:52", "1763215", "https://epy.nexs.com.bd/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-11 08:06:33", "1763214", "audiosolar.testload.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 08:07:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 08:01:48", "1763213", "168.245.203.190:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.190", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-11 08:01:47", "1763212", "103.177.47.150:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.47.150", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-11 08:01:46", "1763211", "13.246.12.206:19999", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.246.12.206", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-11 08:01:45", "1763210", "103.177.47.145:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.47.145", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-11 08:01:44", "1763209", "103.177.47.160:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.47.160", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-11 08:01:30", "1763208", "154.201.81.44:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/154.201.81.44", "AS137899,c2,c2-redirector,censys,ILAYERLIMITED-AS-AP,RedGuard", "0", "DonPasci"
"2026-03-11 08:01:19", "1763207", "118.107.5.135:8088", "ip:port", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "100", "False", "https://search.censys.io/hosts/118.107.5.135", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Ermac,panel", "0", "DonPasci"
"2026-03-11 08:01:15", "1763206", "91.92.243.97:22754", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "False", "https://search.censys.io/hosts/91.92.243.97", "AS202412,C2,censys,OMEGATECH-AS,RAT,Venom", "0", "DonPasci"
"2026-03-11 08:01:13", "1763205", "192.30.242.138:7000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "False", "https://search.censys.io/hosts/192.30.242.138", "AS396073,C2,censys,MAJESTIC-HOSTING-01,RAT,Venom", "0", "DonPasci"
"2026-03-11 08:01:07", "1763204", "193.143.1.69:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "https://search.censys.io/hosts/193.143.1.69", "AS198953,C2,censys,PROTON66,RAT,Sectop", "0", "DonPasci"
"2026-03-11 08:00:34", "1763203", "156.234.216.57:47611", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.216.57", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-11 07:53:53", "1763202", "packpros.co.za", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 07:52:51", "1763201", "crestrai.backtest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 07:53:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 07:43:18", "1763200", "inv0ic-line.backtest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 07:44:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 07:38:01", "1763199", "lumvenos.backtest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 07:39:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 07:29:00", "1763198", "bridg3-scope.backtest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 07:30:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 07:28:16", "1763197", "pablorichter.com.ar", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 07:21:00", "1763196", "pabanor.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 07:18:47", "1763195", "alt-un1oad.lockoak.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 07:20:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 07:16:53", "1763191", "sysanalyticweb.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "LoJax,rootkit", "0", "juroots"
"2026-03-11 07:16:53", "1763192", "elaxo.org", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "LoJax,rootkit", "0", "juroots"
"2026-03-11 07:16:53", "1763193", "rpcnetconnect.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "LoJax,rootkit", "0", "juroots"
"2026-03-11 07:16:53", "1763194", "lxwo.org", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "LoJax,rootkit", "0", "juroots"
"2026-03-11 07:16:52", "1763185", "jflynci.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "LoJax,rootkit", "0", "juroots"
"2026-03-11 07:16:52", "1763186", "ikmtrust.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "LoJax,rootkit", "0", "juroots"
"2026-03-11 07:16:52", "1763187", "webstp.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "LoJax,rootkit", "0", "juroots"
"2026-03-11 07:16:52", "1763188", "secao.org", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "LoJax,rootkit", "0", "juroots"
"2026-03-11 07:16:52", "1763189", "remotepx.net", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "LoJax,rootkit", "0", "juroots"
"2026-03-11 07:16:52", "1763190", "rdsnets.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "LoJax,rootkit", "0", "juroots"
"2026-03-11 07:15:35", "1763184", "45.157.233.163:7000", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-03-11 11:00:30", "75", "False", "https://bazaar.abuse.ch/sample/8d7041ff5a0d74c5e24fd22a06a71c247dd16d880c65827b148533f71516fa6e/", "quasar", "0", "abuse_ch"
"2026-03-11 07:15:30", "1763183", "196.251.107.24:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9100e92ceb94455d3159c4273b47a4d635f1d6b8add68e7c775e1849d3d1a9da/", "asyncrat", "0", "abuse_ch"
"2026-03-11 07:15:20", "1763182", "198.23.177.196:7768", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-03-11 07:15:03", "1763179", "controller.airdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-03-11 07:15:03", "1763180", "grasruths.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-03-11 07:15:03", "1763181", "ocampus.freeddns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-03-11 07:14:39", "1763178", "cnc.ryanbio.studio", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "False", "", "c2,mirai", "0", "juroots"
"2026-03-11 07:12:58", "1763177", "http://45.150.32.124/fe8c4bbf5a1549fb.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "False", "https://urlscan.io/result/019cdbbd-d6bf-721d-8f37-edc5d90694d4", "c2,stealc,urlscan", "0", "juroots"
"2026-03-11 07:12:56", "1763176", "http://37.221.66.166/4a815a53876a4172.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "False", "https://urlscan.io/result/019cdbbd-d129-713b-920d-7bceb4538412", "c2,stealc,urlscan", "0", "juroots"
"2026-03-11 07:12:51", "1763175", "http://151.243.113.74/18fbf0e3b92f4383.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "False", "https://urlscan.io/result/019cdbbd-bb2e-76ad-937b-b22e13079eed", "c2,stealc,urlscan", "0", "juroots"
"2026-03-11 07:12:49", "1763174", "http://94.103.1.199/1e7cce2a32b54656.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "False", "https://urlscan.io/result/019cdbbd-b494-76de-b4c8-4499dcd29960", "c2,stealc,urlscan", "0", "juroots"
"2026-03-11 07:11:08", "1763173", "nwul2j.lockoak.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 07:12:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 07:07:29", "1763172", "badgewing.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch"
"2026-03-11 07:03:48", "1763171", "111.229.48.203:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-03-11 07:03:38", "1763170", "60.247.206.23:7443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2026-03-11 07:02:51", "1763169", "biiev.lockoak.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 07:03:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 07:01:43", "1763168", "216.250.252.227:443", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260311-exbh3ses2s", "XWorm", "0", "dyingbreeds_"
"2026-03-11 07:00:25", "1763166", "sehrli-qandolatchi.ru.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260311-hbrvqaat5r", "quasar", "0", "dyingbreeds_"
"2026-03-11 07:00:25", "1763167", "xn--365-9l4bza4h.jpn.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260311-hbrvqaat5r", "quasar", "0", "dyingbreeds_"
"2026-03-11 07:00:04", "1763165", "sleepythunder89023.4nmn.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260311-g764vafz7t", "Remcos", "0", "dyingbreeds_"
"2026-03-11 06:57:03", "1763164", "timb-point.lockoak.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 06:57:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 06:47:29", "1763162", "fast-web.luminos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 06:47:22", "100", "False", "None", "11March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-11 06:46:47", "1763163", "64.89.161.178:486", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch"
"2026-03-11 06:45:37", "1763161", "5yjbyh7h.legalspeckle.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-03-11 06:45:10", "1763160", "0c3eoh5p.legalspeckle.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 06:45:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 06:39:01", "1763159", "gold-day.luminos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 06:39:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 06:37:44", "1763158", "ozeninsaat.pro", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 06:34:56", "1763017", "77.91.65.172:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "RacWatchin8872"
"2026-03-11 06:34:55", "1763018", "77.91.96.253:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "RacWatchin8872"
"2026-03-11 06:34:55", "1763019", "91.92.242.4:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "RacWatchin8872"
"2026-03-11 06:34:54", "1763020", "23.94.252.49:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "RacWatchin8872"
"2026-03-11 06:34:53", "1763021", "158.94.211.17:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "RacWatchin8872"
"2026-03-11 06:34:53", "1763022", "144.208.127.64:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "RacWatchin8872"
"2026-03-11 06:34:52", "1763023", "144.172.101.155:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "RacWatchin8872"
"2026-03-11 06:34:52", "1763024", "166.88.2.38:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "RacWatchin8872"
"2026-03-11 06:34:52", "1763029", "bermanlawrsk.com", "domain", "botnet_cc", "js.ether_rat", "None", "EtherRAT", "", "50", "False", "", "EtherRat", "0", "RacWatchin8872"
"2026-03-11 06:34:51", "1763030", "aurineuroth.com", "domain", "botnet_cc", "js.ether_rat", "None", "EtherRAT", "", "50", "False", "", "EtherRat", "0", "RacWatchin8872"
"2026-03-11 06:34:51", "1763031", "wpuadmin.shop", "domain", "botnet_cc", "js.ether_rat", "None", "EtherRAT", "", "50", "False", "", "EtherRat", "0", "RacWatchin8872"
"2026-03-11 06:34:50", "1763157", "space-hub.luminos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 06:35:21", "100", "False", "None", "11March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-11 06:34:48", "1763032", "palshona.com", "domain", "botnet_cc", "js.ether_rat", "None", "EtherRAT", "", "50", "False", "", "EtherRat", "0", "RacWatchin8872"
"2026-03-11 06:34:47", "1763033", "chjunhao.com", "domain", "botnet_cc", "js.ether_rat", "None", "EtherRAT", "", "50", "False", "", "EtherRat", "0", "RacWatchin8872"
"2026-03-11 06:34:46", "1763036", "ct-11q.moxitron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 22:16:43", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-11 06:34:46", "1763040", "logs.bestshopppingday.com", "domain", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "None", "0", "suspicious_link"
"2026-03-11 06:34:46", "1763041", "mh.bestshopppingday.com", "domain", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "None", "0", "suspicious_link"
"2026-03-11 06:34:37", "1763141", "up-down.velante.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 05:52:43", "100", "False", "None", "11March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-11 06:34:36", "1763146", "point-v.velante.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 06:02:53", "100", "False", "None", "11March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-11 06:23:35", "1763154", "night-0.luminos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 06:24:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 06:19:28", "1763153", "oyohjengkol.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 06:12:54", "1763152", "all-stars.velante.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 06:13:27", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 06:04:18", "1763151", "103.27.156.29:5737", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "100", "False", "https://tria.ge/260311-dzhvhafv7j", "AS44486,C2,orcus,rat,triage", "0", "DonPasci"
"2026-03-11 06:03:05", "1763150", "wuu.whaoqking.top", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260311-f2exqsg15l", "C2,domain,rat,triage,valleyrat", "0", "DonPasci"
"2026-03-11 06:02:54", "1763147", "http://213.176.72.200", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260311-ecqghadw3z", "AS207957,C2,stealc,stealer,triage", "0", "DonPasci"
"2026-03-11 06:02:54", "1763148", "http://178.22.31.97", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260311-d8t9wsfx2k", "AS215540,C2,stealc,stealer,triage", "0", "DonPasci"
"2026-03-11 06:02:54", "1763149", "http://176.65.144.44", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260311-bwfjvsev9j", "AS51852,C2,stealc,stealer,triage", "0", "DonPasci"
"2026-03-11 06:01:15", "1763145", "170.168.61.188:8907", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-03-11 07:00:27", "100", "False", "https://tria.ge/260311-epyzeadz4w", "AS63023,C2,quasar,rat,triage", "0", "DonPasci"
"2026-03-11 06:00:52", "1763144", "144.208.127.174:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-03-11 07:00:15", "100", "False", "https://tria.ge/260311-dwswasc18t", "AS395092,C2,rat,remcos,triage", "0", "DonPasci"
"2026-03-11 06:00:41", "1763143", "mu19rs2vmk.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-03-11 07:01:53", "100", "False", "https://tria.ge/260311-d9axmsdv6y", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-03-11 06:00:40", "1763142", "soe8j24fm3.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-03-11 07:01:50", "100", "False", "https://tria.ge/260311-egdnhafy8r", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-03-11 05:50:17", "1763140", "206.206.77.224:22151", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-03-11 05:46:03", "1763139", "owninidaho.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 05:34:56", "1763138", "soft-touch.velante.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 05:36:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 05:29:17", "1763136", "owc1.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 05:25:03", "1763135", "free-99.silvura.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 05:26:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 05:16:50", "1763134", "land-site.silvura.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 05:17:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 05:11:21", "1763133", "quick-go.silvura.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 05:12:04", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 05:05:13", "1763132", "70.178.121.217:4103", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "None", "Meterpreter", "0", "abuse_ch"
"2026-03-11 05:01:23", "1763131", "small-hub.silvura.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 05:01:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 04:52:54", "1763130", "ouzourilada.fr", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 04:50:14", "1763129", "deep-sea.estoria.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 04:51:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 04:36:33", "1763128", "sunny9.estoria.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 04:37:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 04:23:40", "1763127", "new-place.estoria.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 04:29:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 04:17:21", "1763126", "wild-cat.estoria.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 04:18:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 04:15:40", "1763125", "ourlifecolours.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 04:11:55", "1763124", "start01.alverto.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 04:13:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 04:08:17", "1763123", "top-map.alverto.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 04:09:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 04:04:54", "1763122", "ourcarboniskilling.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 04:01:50", "1763121", "123.57.34.41:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/123.57.34.41", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,open-dir", "0", "DonPasci"
"2026-03-11 04:01:40", "1763120", "51.255.77.201:8888", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "False", "https://search.censys.io/hosts/51.255.77.201", "AS16276,C2,censys,hacktool,Mimikatz,open-dir,OVH", "0", "DonPasci"
"2026-03-11 04:01:29", "1763119", "3.237.179.174:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "False", "https://search.censys.io/hosts/3.237.179.174", "AMAZON-AES,AS14618,C2,censys,moobot", "0", "DonPasci"
"2026-03-11 04:01:18", "1763118", "13.51.178.252:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "False", "https://search.censys.io/hosts/13.51.178.252", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci"
"2026-03-11 04:00:59", "1763117", "163.172.39.176:42793", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "False", "https://search.censys.io/hosts/163.172.39.176", "AS12876,C2,censys,Online,Sliver", "0", "DonPasci"
"2026-03-11 04:00:36", "1763116", "118.25.10.65:65010", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/118.25.10.65", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci"
"2026-03-11 04:00:33", "1763115", "141.11.243.20:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/141.11.243.20", "AS49581,C2,censys,CobaltStrike,cs-watermark-987654321,FERDINANDZINK", "0", "DonPasci"
"2026-03-11 04:00:32", "1763114", "106.52.170.131:32703", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/106.52.170.131", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2026-03-11 03:58:24", "1763113", "easy-fix.alverto.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 03:59:10", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 03:56:57", "1763112", "ou-stivnaumov.edu.mk", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 03:50:16", "1763111", "long-way.alverto.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 03:51:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 03:41:03", "1763110", "super-day.novalis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 03:41:13", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 03:25:39", "1763107", "oticasolarvision.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 03:22:47", "1763106", "best7.novalis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 03:24:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 03:04:43", "1763105", "otepaa.biathlon.ee", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 03:01:14", "1763104", "otec.inducampus.cl", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 02:49:24", "1763103", "only-one.novalis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 02:49:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 02:42:12", "1763102", "otaviocardoso.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 02:33:04", "1763101", "bright-up.novalis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 02:33:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 02:24:30", "1763100", "hot-line.mirante.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 02:25:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 02:17:06", "1763099", "clear-sky.mirante.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 02:18:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 02:08:05", "1763098", "simpleweb.mirante.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 02:08:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 02:06:50", "1763097", "osnovy-matematiki.ru", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 02:05:23", "1763096", "dream-12.mirante.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 02:06:13", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 02:00:56", "1763095", "nextstep.solenta.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 02:01:42", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 01:53:27", "1763094", "osmunda.ohioplants.org", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 01:52:32", "1763093", "old-3.solenta.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 01:53:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 01:50:19", "1763092", "big-city.solenta.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 01:51:00", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 01:45:35", "1763091", "coolstory.solenta.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 01:45:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 01:37:30", "1763090", "just-do.valora.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 01:38:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 01:29:39", "1763086", "green-land.valora.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 01:30:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 01:25:16", "1763085", "oshikawagp.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 01:23:09", "1763084", "osgoodcreative.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 01:22:18", "1763083", "top88.valora.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 01:23:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 01:19:28", "1763082", "lucky-point.valora.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 01:19:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 01:11:47", "1763081", "oscarchefibiza.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 01:06:03", "1763080", "myfolder.eluvia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 01:06:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 01:00:21", "1763079", "fast-9.eluvia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 01:01:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 00:55:27", "1763078", "openview.eluvia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 00:56:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 00:50:56", "1763077", "blue-sky4.eluvia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 00:52:08", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-11 00:44:14", "1763076", "osazeosoba.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 00:41:13", "1763075", "vw-8.weldoxis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 00:43:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 00:38:45", "1763074", "st-4.weldoxis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 00:39:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 00:29:59", "1763071", "qr-2.weldoxis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 00:31:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 00:27:37", "1763070", "mx-9.weldoxis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 00:28:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 00:17:04", "1763069", "l0t05.exoruby.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 00:17:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 00:14:42", "1763068", "orthotraumabg.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-11 00:13:53", "1763067", "k7r11.exoruby.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 00:14:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 00:07:16", "1763066", "j1m44.exoruby.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 00:08:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 00:02:35", "1763065", "h9v22.exoruby.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-11 00:05:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-11 00:01:48", "1763064", "196.74.218.26:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/196.74.218.26", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci"
"2026-03-11 00:01:47", "1763063", "168.245.203.120:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.120", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-11 00:01:19", "1763062", "38.47.97.219:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "False", "https://search.censys.io/hosts/38.47.97.219", "AS400464,C2,censys,Havoc,VMISS", "0", "DonPasci"
"2026-03-11 00:00:58", "1763061", "45.133.180.146:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/45.133.180.146", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci"
"2026-03-11 00:00:34", "1763060", "36.212.7.2:10443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/36.212.7.2", "AS9808,C2,censys,CHINAMOBILE-CN,CobaltStrike,cs-watermark-666666", "0", "DonPasci"
"2026-03-10 23:57:50", "1763059", "t_n_9.nivoxis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 23:58:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 23:55:17", "1763058", "orleansdrivingschool.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 23:50:22", "1763057", "r_p_4.nivoxis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 23:50:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 23:45:34", "1763056", "q_v_3.nivoxis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 23:46:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 23:44:24", "1763055", "ork.eplace.com.ua", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 23:29:54", "1763054", "z_x_9.nivoxis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 23:31:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 23:26:09", "1763053", "88-m02.bryzand.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 23:27:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 23:19:57", "1763052", "55-j30.bryzand.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 23:20:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 23:16:38", "1763051", "11-k44.bryzand.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 23:16:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 23:07:23", "1763050", "99-f21.bryzand.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 23:11:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 23:01:42", "1763049", "162.246.185.228:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260310-y9lz5abx2m", "XWorm", "0", "dyingbreeds_"
"2026-03-10 23:00:22", "1763048", "18.222.233.217:2408", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260310-y54dlsbw6p", "Remcos", "0", "dyingbreeds_"
"2026-03-10 23:00:17", "1763047", "185.196.9.203:44441", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260310-zabksabx4k", "Remcos", "0", "dyingbreeds_"
"2026-03-10 23:00:06", "1763046", "windowslavesclient.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260310-zlxbmabz2n", "Remcos", "0", "dyingbreeds_"
"2026-03-10 23:00:03", "1763045", "gen2101.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260310-zm2mqsg15v", "Remcos", "0", "dyingbreeds_"
"2026-03-10 22:58:14", "1763044", "original.oraclinzel.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 22:49:05", "1763043", "w_t8.quonaris.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 22:49:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 22:37:34", "1763042", "p_r4.quonaris.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 22:38:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 22:31:07", "1763039", "m_z2.quonaris.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 22:29:56", "1763038", "k_x9.quonaris.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 22:23:06", "1763037", "dv-77k.moxitron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 22:23:43", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 22:11:10", "1763035", "br-44z.moxitron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 22:12:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 21:57:34", "1763034", "ap-90x.moxitron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 21:57:50", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 21:51:47", "1763028", "0-rw1-t.jelvax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 21:52:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 21:46:48", "1763027", "5-sw8-q.jelvax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 21:47:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 21:42:06", "1763026", "2-nw4-z.jelvax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 21:43:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 21:41:04", "1763025", "order.purplewaveofficial.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 21:36:04", "1763016", "7-tw9-x.jelvax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 21:37:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 21:32:20", "1763015", "v1107.fythoria.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 21:33:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 21:16:08", "1763014", "orangejack.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 21:15:19", "1763013", "c5543.fythoria.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 21:15:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 21:06:04", "1763012", "oralrays.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 21:02:44", "1763011", "gjkz2erq.easyyear.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 21:02:20", "1763010", "iry0pqwo.easyyear.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 21:02:55", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-03-10 20:59:59", "1763009", "x2281.fythoria.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 21:01:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 20:55:10", "1763008", "115.231.176.234:23641", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "None", "NjRAT", "0", "abuse_ch"
"2026-03-10 20:47:19", "1763007", "optiontradersundaram.in", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 20:45:07", "1763006", "196.251.107.24:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-03-10 23:00:25", "100", "False", "None", "QuasarRAT,RAT", "0", "abuse_ch"
"2026-03-10 20:43:14", "1763005", "q9910.fythoria.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 20:44:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 20:39:39", "1763004", "w_77j3.zindulo.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 20:39:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 20:34:46", "1763003", "r_44v0.zindulo.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 20:35:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 20:31:23", "1763002", "m_11q8.zindulo.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 20:32:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 20:30:09", "1763001", "196.251.107.24:5552", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "None", "NjRAT", "0", "abuse_ch"
"2026-03-10 20:28:30", "1763000", "b_99x2.zindulo.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 20:29:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 20:23:04", "1762999", "k77.vokriz.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 20:23:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 20:14:51", "1762998", "v-qr14.vokriz.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 20:15:12", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 20:10:52", "1762997", "z1-mk88.vokriz.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 20:10:57", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 20:05:58", "1762996", "opstecnologia.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 20:01:59", "1762995", "200.34.168.72:443", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/200.34.168.72", "Alestra,,AS11172,C2,censys,PowershellEmpire", "0", "DonPasci"
"2026-03-10 20:01:54", "1762992", "54.199.30.71:2082", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.199.30.71", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 20:01:54", "1762993", "54.199.30.71:18082", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.199.30.71", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 20:01:54", "1762994", "43.217.132.207:8081", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.217.132.207", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 20:01:53", "1762991", "192.248.191.226:8080", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/192.248.191.226", "AS-VULTR,AS20473,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 20:01:37", "1762990", "176.124.205.180:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/176.124.205.180", "AEZA-AS,AS210644,C2,censys,panel,Unam", "0", "DonPasci"
"2026-03-10 20:01:27", "1762989", "69.167.11.185:443", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "https://search.censys.io/hosts/69.167.11.185", "AS40861,C2,censys,DcRAT,PARAD-40-ASN,RAT", "0", "DonPasci"
"2026-03-10 20:01:23", "1762987", "www.zvg6wbuu.shop", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/118.107.47.86+www.zvg6wbuu.shop", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Quasar,RAT", "0", "DonPasci"
"2026-03-10 20:01:23", "1762988", "www.sh1h4pk5.shop", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/118.107.47.86+www.sh1h4pk5.shop", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Quasar,RAT", "0", "DonPasci"
"2026-03-10 20:01:22", "1762985", "www.ta65we2n.shop", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/118.107.47.86+www.ta65we2n.shop", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Quasar,RAT", "0", "DonPasci"
"2026-03-10 20:01:22", "1762986", "www.q1qjjz7r.shop", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/118.107.47.86+www.q1qjjz7r.shop", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Quasar,RAT", "0", "DonPasci"
"2026-03-10 20:01:21", "1762984", "www.xteo346x.shop", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/118.107.47.86+www.xteo346x.shop", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Quasar,RAT", "0", "DonPasci"
"2026-03-10 20:01:19", "1762983", "102.117.161.30:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/102.117.161.30", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci"
"2026-03-10 20:01:14", "1762982", "172.111.233.102:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://search.censys.io/hosts/172.111.233.102", "AS9009,AsyncRAT,C2,censys,M247,RAT", "0", "DonPasci"
"2026-03-10 20:01:06", "1762981", "x9-pt22.vokriz.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 20:06:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 20:01:03", "1762980", "64.188.93.213:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "False", "https://search.censys.io/hosts/64.188.93.213", "AS213877,C2,censys,Sliver,U1HOST-AS", "0", "DonPasci"
"2026-03-10 20:00:57", "1762979", "104.250.169.103:3011", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/104.250.169.103", "AS212238,C2,CDNEXT,censys,RAT,Remcos", "0", "DonPasci"
"2026-03-10 20:00:56", "1762978", "192.109.200.121:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/192.109.200.121", "AS51396,C2,censys,PFCLOUD,RAT,Remcos", "0", "DonPasci"
"2026-03-10 20:00:51", "1762977", "89.167.118.94:443", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://search.censys.io/hosts/89.167.118.94", "AS24940,C2,censys,HETZNER-AS,panel,Stealer,Stealit", "0", "DonPasci"
"2026-03-10 20:00:40", "1762976", "129.226.188.105:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/129.226.188.105", "AS132203,C2,censys,CobaltStrike,TENCENT-NET-AP-CN", "0", "DonPasci"
"2026-03-10 20:00:37", "1762975", "106.14.31.36:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-11 17:48:50", "100", "False", "https://search.censys.io/hosts/106.14.31.36", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-0", "0", "DonPasci"
"2026-03-10 20:00:36", "1762974", "91.92.241.247:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/91.92.241.247", "AS202412,C2,censys,CobaltStrike,cs-watermark-666666666,OMEGATECH-AS", "0", "DonPasci"
"2026-03-10 19:54:17", "1762973", "opositadiferente.es", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 19:50:12", "1762972", "v1120.brythos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 19:52:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 19:43:34", "1762971", "c5549.brythos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 19:44:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 19:42:27", "1762970", "xxblessingswealths.minhaempresa.tv", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-03-10 19:42:04", "1762969", "https://api.telegram.org/bot8090741855:AAGaFpiYMEzBGakUFm7D8tV7ye1JfBrSC6I/", "url", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "50", "False", "", "agenttesla,c2", "0", "juroots"
"2026-03-10 19:39:08", "1762968", "cdklskjd.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/3c78c8b86ddec02a671907c723fe654b474797b5d19a8acdaa2af3251f655736/", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-03-10 19:36:28", "1762967", "x8821.brythos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 19:36:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 19:33:01", "1762965", "z0091.brythos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 19:35:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 19:29:20", "1762964", "e7f6.jovianth.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 19:30:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 19:29:02", "1762963", "on-line-degree.dealpackrat.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 19:26:27", "1762855", "https://axiomatlas.us/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/axiomatlas.us", "ClickFix", "0", "CarsonWilliams"
"2026-03-10 19:26:26", "1762861", "80.78.19.96:3000", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "None", "0", "solostalking"
"2026-03-10 19:26:26", "1762862", "evilmirror.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/solostalking/status/2031403162486321265", "None", "0", "solostalking"
"2026-03-10 19:26:25", "1762881", "jd899-x.dervishcore.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:01:25", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 19:26:25", "1762888", "n-44-b9.velotronic.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:26:08", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 19:26:24", "1762896", "https://questions-pme.com/comment-choisir-ses-viennoiseries-les-criteres-de-qualite-a-connaitre/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/questions-pme.com", "ClickFix", "0", "CarsonWilliams"
"2026-03-10 19:26:24", "1762901", "https://seahorsemethod.com/owner", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-03-10 19:08:04", "100", "True", "None", "KongTuke", "0", "monitorsg"
"2026-03-10 19:26:23", "1762902", "seahorsemethod.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-03-10 19:08:06", "100", "True", "None", "KongTuke", "0", "monitorsg"
"2026-03-10 19:21:40", "1762962", "c3d4.jovianth.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 19:22:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 19:14:58", "1762961", "a9b8.jovianth.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 19:11:09", "1762960", "x1y2.jovianth.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 19:11:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 19:04:08", "1762959", "wr776.vylocore.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 19:04:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 19:00:26", "1762942", "8xx.rest", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762943", "8xx.tech", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762944", "8xx.today", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762945", "alfredknight.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762946", "alfrescodining.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762947", "aviele.gb.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762948", "bdotz.sa.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762949", "cartrade.in.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762950", "debttoequity.africa.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762951", "deshdrohi.in.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-03-10 19:00:26", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762952", "fwq.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762953", "internet.hu.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762954", "link58.win", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762955", "magicalalpha.gb.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762956", "northstar.us.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762957", "srlotaodie.za.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:26", "1762958", "ukp.us.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762919", "58win.immo", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762920", "58win.it.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762921", "58win.voto", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762922", "58win0j.cn.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762923", "58winuk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762924", "7cd.us.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762925", "888vnd-linkmoi2026.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762926", "888vnd-online.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762927", "888vnd.cc", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762928", "888vnd.fun", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762929", "888vnd.info", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762930", "888vnd.supply", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762931", "888vndbet.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762932", "888vndclub.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762933", "888vndvip.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762934", "8xx-game.team", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762935", "8xx-vn.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762936", "8xx.casa", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762937", "8xx.co.uk", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762938", "8xx.life", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762939", "8xx.lol", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762940", "8xx.mom", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:25", "1762941", "8xx.onl", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:24", "1762915", "58win-2026.site", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:24", "1762916", "58win-58win.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:24", "1762917", "58win.band", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 19:00:24", "1762918", "58win.cfd", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-wsvjtsfv8w", "quasar", "0", "dyingbreeds_"
"2026-03-10 18:58:54", "1762914", "pt554.vylocore.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 18:59:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 18:52:45", "1762913", "mj118.vylocore.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 18:54:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 18:46:03", "1762912", "kx992.vylocore.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 18:51:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 18:42:23", "1762911", "88dd44.quobix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 18:43:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 18:37:30", "1762910", "44cc33.quobix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 18:32:42", "1762909", "99bb22.quobix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 18:33:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 18:25:13", "1762908", "55aa11.quobix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 18:26:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 18:21:03", "1762907", "y11m.zylotech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 18:22:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 18:17:16", "1762906", "openskyonlineservices.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 18:17:15", "1762905", "t88j.zylotech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 18:17:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 18:16:13", "1762904", "108.187.4.221:447", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-03-10 18:14:50", "1762903", "r55k.zylotech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 18:15:29", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 18:05:19", "1762900", "78.107.248.247:1488", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260310-vwszqsey8t", "AS8402,C2,njrat,triage", "0", "DonPasci"
"2026-03-10 18:04:42", "1762899", "https://nonobody123.com", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260310-t5ja8aew7y", "C2,stealc,stealer,triage", "0", "DonPasci"
"2026-03-10 18:02:20", "1762898", "pet.eu.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-03-10 19:00:31", "100", "False", "https://tria.ge/260310-tdehyset4x", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2026-03-10 18:02:07", "1762897", "yee.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-03-10 19:00:31", "100", "False", "https://tria.ge/260310-tdehyset4x", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2026-03-10 17:59:35", "1762895", "w22p.zylotech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 18:00:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 17:56:00", "1762894", "fny913.zenithax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:56:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 17:51:44", "1762893", "dxt405.zenithax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:53:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 17:47:31", "1762892", "brs812.zenithax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:48:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 17:39:47", "1762891", "qlm299.zenithax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:41:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 17:35:07", "1762890", "z-66-d4.velotronic.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:35:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 17:29:29", "1762889", "x-12-c7.velotronic.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:30:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 17:19:14", "1762887", "onlymaster.ru", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 17:18:12", "1762886", "v-89-a2.velotronic.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:18:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 17:13:15", "1762885", "mn776-t.dervishcore.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:14:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 17:09:55", "1762884", "lp440-q.dervishcore.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:10:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 17:03:32", "1762883", "ka221-z.dervishcore.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 17:04:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 17:01:30", "1762882", "192.163.168.49:447", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-03-10 16:57:03", "1762880", "w1n_554p.quantomix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 16:57:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 16:52:30", "1762879", "r5h_882c.quantomix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 16:53:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 16:51:02", "1762878", "onlinestore.footballtoolbox.net", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 16:46:40", "1762877", "m2q_119x.quantomix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 16:47:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 16:40:11", "1762876", "b7y_400z.quantomix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 16:40:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 16:35:52", "1762875", "p9d-x77j.xylophis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 16:36:21", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 16:30:29", "1762874", "http://love.negro.ink:1994/Vre", "url", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "False", "None", "Vjw0rm", "0", "abuse_ch"
"2026-03-10 16:28:58", "1762873", "k3l-55v6.xylophis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 16:29:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 16:26:45", "1762869", "flp.nexs.com.bd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 16:26:45", "1762870", "flp.ssffaa18.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 16:26:45", "1762871", "pix.nexs.com.bd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 16:26:45", "1762872", "pix.ssffaa18.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 16:26:32", "1762867", "https://pix.nexs.com.bd/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 16:26:32", "1762868", "https://pix.ssffaa18.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 16:26:31", "1762865", "https://flp.nexs.com.bd/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 16:26:31", "1762866", "https://flp.ssffaa18.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 16:22:02", "1762864", "z8t-m11q.xylophis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 16:23:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 16:16:57", "1762863", "a4x-99f2.xylophis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 16:18:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 16:10:36", "1762860", "learsup.webback.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 16:11:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 16:08:41", "1762859", "online.itehcmc.travel", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 16:06:57", "1762858", "importuni.webback.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 16:08:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 16:02:48", "1762857", "comp7-stack.webback.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 16:04:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 16:01:18", "1762856", "91.92.241.2:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "https://search.censys.io/hosts/91.92.241.2", "AS202412,C2,censys,OMEGATECH-AS,RAT,Sectop", "0", "DonPasci"
"2026-03-10 16:00:58", "1762854", "85.206.168.238:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/85.206.168.238", "AS61272,C2,censys,IST-AS,RAT,Remcos", "0", "DonPasci"
"2026-03-10 16:00:55", "1762853", "172.245.155.96:80", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/172.245.155.96", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci"
"2026-03-10 16:00:35", "1762852", "156.234.21.211:3715", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.21.211", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-10 15:57:35", "1762851", "hodz.webback.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 15:57:57", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 15:55:29", "1762828", "layotra.appcheck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 14:58:02", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 15:55:27", "1762833", "https://skrumchus.com/4d9h.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg"
"2026-03-10 15:55:27", "1762834", "skrumchus.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-03-10 15:09:41", "100", "True", "None", "KongTuke", "0", "monitorsg"
"2026-03-10 15:55:26", "1762835", "https://skrumchus.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg"
"2026-03-10 15:55:24", "1762836", "https://tandaainvestments.com/views", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg"
"2026-03-10 15:55:24", "1762837", "picture.jeaniescottmedia.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/116205515659147601", "SocGholish", "0", "monitorsg"
"2026-03-10 15:55:23", "1762839", "85.158.111.100:22623", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "c2,Doppelganger,KadNap", "0", "BlackLotusLabs"
"2026-03-10 15:55:22", "1762840", "89.46.38.74:26273", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "c2,Doppelganger,KadNap", "0", "BlackLotusLabs"
"2026-03-10 15:55:21", "1762841", "91.193.19.226:35773", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "c2,Doppelganger,KadNap", "0", "BlackLotusLabs"
"2026-03-10 15:55:20", "1762842", "79.141.161.152:31812", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "c2,Doppelganger,KadNap", "0", "BlackLotusLabs"
"2026-03-10 15:55:19", "1762843", "212.104.141.88:13107", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "c2,Doppelganger,KadNap", "0", "BlackLotusLabs"
"2026-03-10 15:55:18", "1762844", "154.7.253.12:21555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "c2,Doppelganger,KadNap", "0", "BlackLotusLabs"
"2026-03-10 15:50:56", "1762850", "canv-shi.oakstart.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 15:51:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 15:45:45", "1762849", "nd77.oakstart.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 15:47:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 15:37:15", "1762848", "runtim-grid.oakstart.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 15:37:30", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 15:27:59", "1762847", "fdgq.oakstart.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 15:28:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 15:23:04", "1762846", "sub-ve1v.starload.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 15:23:59", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 15:16:34", "1762845", "rs95h.starload.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 15:17:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 15:11:42", "1762838", "outl-grove.starload.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 15:12:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 15:09:17", "1762832", "metric2-route.starload.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 15:09:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 15:04:43", "1762831", "r3cor-wave.appcheck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 15:05:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 15:01:30", "1762830", "85.137.253.58:9090", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2026-03-10 15:05:28", "75", "False", "https://bazaar.abuse.ch/sample/ab698f4886e3adbe6babe8f2a2cd1324a8c06ef68227408af2ce7b1671cf5178/", "xworm", "0", "abuse_ch"
"2026-03-10 15:00:28", "1762829", "typecvd.chickenkiller.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260310-r7bm2sdy4x", "quasar", "0", "dyingbreeds_"
"2026-03-10 14:51:27", "1762827", "zen-draum.appcheck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 14:52:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 14:43:07", "1762826", "quormarkix.appcheck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 14:44:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 14:39:40", "1762825", "chefacto.appdeck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 14:40:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 14:33:52", "1762824", "merlineos4.appdeck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 14:34:18", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 14:30:47", "1762822", "http://77.91.65.172", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/b51b24c1c572fbfdae34b94d29fc9c7e43b74c2e04ef854ef3a33f07779bfda4/", "stealc", "0", "abuse_ch"
"2026-03-10 14:29:29", "1762821", "thr3a-reach.appdeck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 14:30:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 14:23:21", "1762773", "78ylo.starapi.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 11:16:05", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 14:23:21", "1762774", "focufield.moondev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 11:18:37", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 14:23:20", "1762776", "sdkwinter.moondev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 11:30:05", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 14:23:20", "1762793", "188.137.224.103:80", "ip:port", "botnet_cc", "win.ncctrojan", "None", "nccTrojan", "", "100", "True", "", "opendir", "0", "ThreatOpsX"
"2026-03-10 14:23:18", "1762805", "https://www.chauffage-conseil.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.chauffage-conseil.com", "ClickFix", "0", "CarsonWilliams"
"2026-03-10 14:23:17", "1762810", "splitboos.decktop.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 13:38:05", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 14:18:44", "1762820", "signalcraft.appdeck.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 14:19:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 14:13:16", "1762819", "handlerasset.winlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 14:13:46", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 14:07:38", "1762818", "arkcoreex.winlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 14:08:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 14:06:08", "1762817", "ondasdebienestar.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 14:01:58", "1762816", "nobclo.winlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 14:03:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 13:57:58", "1762815", "dispatchercasc.winlog.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 13:59:21", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 13:51:05", "1762814", "icetermi.decktop.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 13:51:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 13:46:35", "1762813", "1ink9-bridge.decktop.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 13:46:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 13:40:04", "1762812", "invoicepixe.decktop.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 13:41:11", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 13:34:04", "1762811", "omznov.ru", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 13:26:20", "1762809", "velnex4ex.soldop.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 13:28:29", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 13:20:20", "1762808", "en3vikif.soldop.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 13:21:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 13:14:44", "1762807", "tqiauc.soldop.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 13:15:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 13:01:52", "1762806", "h4rd-cache.soldop.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 13:02:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 12:55:42", "1762804", "dispatc-tra.windev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 12:57:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 12:49:29", "1762803", "vor-crestet.windev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 12:50:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 12:48:03", "1762802", "omm77.org", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 12:43:39", "1762801", "v4ul6-scope.windev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 12:44:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 12:38:17", "1762800", "open1-branch.windev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 12:38:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 12:32:28", "1762798", "basa-cod.skyroad.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 12:33:13", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 12:26:24", "1762797", "mastoken.skyroad.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 12:27:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 12:25:29", "1762796", "omerghazali.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 12:19:54", "1762795", "st0n-index.skyroad.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 12:20:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 12:13:42", "1762794", "72jk.skyroad.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 12:14:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 12:07:55", "1762792", "kt9p9evj.lighthouseup.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-03-10 12:07:25", "1762791", "ak83mo4q.lighthouseup.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 12:07:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 12:05:52", "1762790", "gath3r1-phase.skybit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 12:07:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 12:03:43", "1762789", "http://178.20.209.136", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260310-lkdw1aew8y", "AS210644,C2,stealc,stealer,triage", "0", "DonPasci"
"2026-03-10 12:01:32", "1762788", "194.59.31.69:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://search.censys.io/hosts/194.59.31.69", "AS399486,AsyncRAT,C2,censys,RAT,VIRTUO", "0", "DonPasci"
"2026-03-10 12:01:14", "1762787", "23.80.90.225:8080", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-03-11 07:00:12", "100", "False", "https://search.censys.io/hosts/23.80.90.225", "AS395954,C2,censys,LEASEWEB-USA-LAX,RAT,Remcos", "0", "DonPasci"
"2026-03-10 12:00:57", "1762786", "106.14.31.36:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-11 17:48:50", "100", "False", "https://search.censys.io/hosts/106.14.31.36", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-0", "0", "DonPasci"
"2026-03-10 12:00:52", "1762785", "27.124.21.46:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-11 07:05:04", "100", "False", "https://search.censys.io/hosts/27.124.21.46", "AS152194,C2,censys,CobaltStrike,cs-watermark-1234567890,CTGSERVERLIMITED-AS-AP", "0", "DonPasci"
"2026-03-10 12:00:47", "1762784", "103.246.244.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/103.246.244.175", "AS55933,C2,censys,CLOUDIE-AS-AP,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2026-03-10 12:00:40", "1762783", "23.248.213.187:37612", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/23.248.213.187", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-10 12:00:35", "1762782", "141.195.112.192:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/141.195.112.192", "AS26383,ASNET,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2026-03-10 11:57:09", "1762781", "om.data1.co.za", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 11:52:11", "1762780", "glyphcrest.skybit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 11:52:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 11:46:51", "1762779", "t3rm-trace.skybit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 11:47:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 11:40:19", "1762778", "xhepy.skybit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 11:41:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 11:35:11", "1762777", "5xt2jam.moondev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 11:36:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 11:22:47", "1762775", "canvsoc.moondev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 11:22:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 11:05:35", "1762772", "st4r-field.starapi.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 11:12:59", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 11:02:27", "1762771", "oldmillpastry.ca", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 11:00:11", "1762768", "www.lilonbag.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260310-lqbzlaez3s", "Remcos", "0", "dyingbreeds_"
"2026-03-10 11:00:11", "1762769", "www.lilonbagbackup1.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260310-lqbzlaez3s", "Remcos", "0", "dyingbreeds_"
"2026-03-10 11:00:11", "1762770", "www.lilonbagbackup2.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260310-lqbzlaez3s", "Remcos", "0", "dyingbreeds_"
"2026-03-10 10:49:21", "1762748", "grovalue.rockapp.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 09:21:39", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 10:43:19", "1762767", "kelcoreet.starapi.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 10:43:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 10:37:12", "1762766", "nad1d.starapi.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 10:37:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 10:31:40", "1762764", "kelmesha3.ironhub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 10:33:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 10:25:04", "1762763", "old.latribu.es", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 10:25:00", "1762762", "eastvine.ironhub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 10:26:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 10:18:56", "1762761", "garde-sha.ironhub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 10:20:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 10:10:21", "1762760", "goodpeopleswhitbrigheartwinthisindustryi.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-03-10 11:00:05", "75", "False", "https://bazaar.abuse.ch/sample/ed925501e749cdc073143ed948ec8a93c6b6a4b76304d9c6a76c6faabc8d048e/", "remcos", "0", "abuse_ch"
"2026-03-10 10:02:34", "1762759", "u68ojr.ironhub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 10:02:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 09:50:50", "1762758", "48z9.lakeweb.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 09:56:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 09:45:32", "1762757", "207.148.123.69:8888", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/490a5bf534bc615c35443551adf8e23208a2b89b694cbeaa678f5206117b053c/", "valleyrat_s2", "0", "abuse_ch"
"2026-03-10 09:45:28", "1762756", "207.148.123.69:80", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/490a5bf534bc615c35443551adf8e23208a2b89b694cbeaa678f5206117b053c/", "valleyrat_s2", "0", "abuse_ch"
"2026-03-10 09:45:00", "1762755", "supplybrave.lakeweb.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 09:46:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 09:40:12", "1762754", "207.148.123.69:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-03-10 09:38:40", "1762753", "quornexum.lakeweb.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 09:39:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 09:32:28", "1762752", "vellithos7.lakeweb.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 09:33:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 09:26:49", "1762751", "lagoo-craft.rockapp.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 09:28:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 09:24:52", "1762750", "n5s8iqqg.arabtransplant.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-03-10 09:24:39", "1762749", "ettnt00m.arabtransplant.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 09:25:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 09:19:12", "1762747", "okaizen.co", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 09:14:46", "1762746", "studiosha.rockapp.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 09:16:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 09:08:56", "1762745", "importsan.rockapp.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 09:09:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 09:07:27", "1762744", "ohome.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 09:02:00", "1762743", "kel-tideix.goldsys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 09:02:27", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 08:56:38", "1762742", "freshdark.goldsys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 08:57:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 08:50:27", "1762741", "45.88.186.189:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-03-10 11:00:28", "75", "False", "https://bazaar.abuse.ch/sample/3b46e6a3843acbce890fa4fb3525ad232617f65e1d758a1a54c9c38ce78ddcfb/", "quasar", "0", "abuse_ch"
"2026-03-10 08:50:12", "1762740", "buildsprou.goldsys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 08:52:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 08:43:17", "1762739", "x2zev.goldsys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 08:44:55", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 08:41:02", "1762737", "drownthinsaltroutese.pw", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "c2,lumma", "0", "juroots"
"2026-03-10 08:41:02", "1762738", "sausagenighte.online", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "c2,lumma", "0", "juroots"
"2026-03-10 08:38:56", "1762736", "https://ndocs0link.dns.army/?naps", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlquery.net/report/b62e846b-96be-4707-84fa-52bff50301e5", "c2,kimsuky,urlquery", "0", "juroots"
"2026-03-10 08:38:55", "1762734", "https://a7f3q.v6.navy/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlquery.net/report/6b6cba2b-aa51-4e53-bc2c-af972f74cc7c", "c2,kimsuky,urlquery", "0", "juroots"
"2026-03-10 08:38:55", "1762735", "https://3tg8i.dns.army/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlquery.net/report/39ccef33-d0bb-47c9-a55b-2c31e8e64ee5", "c2,kimsuky,urlquery", "0", "juroots"
"2026-03-10 08:38:01", "1762733", "https://ddww989.win/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://urlquery.net/report/656280a6-045f-4b55-9de8-f44bdcb188b2", "c2,unam,urlquery", "0", "juroots"
"2026-03-10 08:37:46", "1762731", "https://manisarehber.xyz/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "False", "https://urlquery.net/report/4557e2a1-79e6-4373-a2c4-25ad2887f5ff", "c2,hookbot,urlquery", "0", "juroots"
"2026-03-10 08:37:44", "1762730", "ioqdz.winddev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 08:38:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 08:37:15", "1762729", "http://209.74.81.37/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "False", "https://urlscan.io/result/019cd6e4-a5b0-76ae-8a7f-bf2cdc0fa13f", "c2,hookbot,urlscan", "0", "juroots"
"2026-03-10 08:36:43", "1762728", "http://link-nid-log.oq7n2.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019cd6e4-2ba2-73ca-ab86-c780fbd13844", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-10 08:36:42", "1762727", "http://link-nid-log.oc9bk.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019cd6e4-2759-72fa-ae28-63e567353bc6", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-10 08:36:23", "1762726", "https://193.233.112.44/383ccd496f3c5eee.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "False", "https://urlscan.io/result/019cd6e3-db8e-719c-93d1-198337148c43", "c2,stealc,urlscan", "0", "juroots"
"2026-03-10 08:36:21", "1762725", "oficinadeingles.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 08:36:17", "1762724", "https://196.251.107.23/04ca1421433e0038.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "False", "https://urlscan.io/result/019cd6e3-c4d0-7129-b106-89deac807875", "c2,stealc,urlscan", "0", "juroots"
"2026-03-10 08:36:15", "1762723", "http://korea.008009008.xyz/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019cd6e3-bafc-7329-9e59-036bdc0488cc", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:36:13", "1762722", "https://korea.008009008.xyz/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019cd6e3-b5fa-746b-9cea-94ed840faebb", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:36:12", "1762721", "https://amte03.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019cd6e3-af86-751d-8629-7dac80ce5cc5", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:36:10", "1762720", "https://www.hact08.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019cd6e3-a844-7396-a978-17a10fc5ad0e", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:36:08", "1762719", "https://amte11.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019cd6e3-a10a-7768-b652-6970b535bb4b", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:36:06", "1762718", "https://amte02.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019cd6e3-99ee-72d3-8a53-5afff2f70907", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:36:05", "1762717", "https://amte07.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019cd6e3-940d-71b9-90d4-10a72cca2833", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:36:02", "1762716", "https://amte04.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019cd6e3-87d4-70a9-b19e-033783166321", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:36:00", "1762715", "http://hk.zgao.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-10 08:36:13", "50", "False", "https://urlscan.io/result/019cd6e3-8132-71a6-9699-3c0ab0af9300", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:35:59", "1762714", "https://amt05.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019cd6e3-7d2b-726d-8c20-c2d0c6a1f3b6", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:35:57", "1762713", "https://youxiaobao.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019cd6e3-7746-701d-b354-57903fe98ad7", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:35:56", "1762712", "https://amte05.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019cd6e3-7196-766b-bc63-e646f7addaf3", "c2,spynote,urlscan", "0", "juroots"
"2026-03-10 08:33:46", "1762711", "parityfinancialgroup.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-03-10 08:33:31", "1762710", "118.122.8.155:12436", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/118.122.8.155#12436", "c2,netbus,shodan", "0", "juroots"
"2026-03-10 08:33:14", "1762709", "217.76.53.94:31337", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "50", "False", "https://www.shodan.io/host/217.76.53.94#31337", "adaptixc2,c2,shodan", "0", "juroots"
"2026-03-10 08:32:47", "1762708", "chatwithsite.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-03-10 08:32:30", "1762707", "151.59.34.242:8080", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "50", "False", "https://www.shodan.io/host/151.59.34.242#8080", "c2,sectop,shodan", "0", "juroots"
"2026-03-10 08:32:10", "1762706", "118.122.8.155:2404", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "False", "https://www.shodan.io/host/118.122.8.155#2404", "c2,netsupport,shodan", "0", "juroots"
"2026-03-10 08:31:49", "1762705", "gepula.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-03-10 08:31:37", "1762704", "meta-tr3n.winddev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 08:32:08", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 08:31:25", "1762703", "154.179.12.157:54984", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "False", "https://www.shodan.io/host/154.179.12.157#54984", "c2,nanocore,shodan", "0", "juroots"
"2026-03-10 08:31:11", "1762702", "45.92.1.70:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/45.92.1.70#5555", "c2,evilginx,shodan", "0", "juroots"
"2026-03-10 08:30:45", "1762701", "13.235.64.225:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "False", "https://www.shodan.io/host/13.235.64.225#80", "bruteratel,c2,shodan", "0", "juroots"
"2026-03-10 08:30:22", "1762700", "175.27.236.4:12453", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/175.27.236.4#12453", "c2,Mythic,shodan", "0", "juroots"
"2026-03-10 08:30:21", "1762699", "175.27.236.4:7777", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/175.27.236.4#7777", "c2,Mythic,shodan", "0", "juroots"
"2026-03-10 08:30:18", "1762692", "thundut.biz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-03-10 08:30:18", "1762693", "mexicwc.biz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-03-10 08:30:18", "1762694", "workltt.quest", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-03-10 08:30:18", "1762695", "watchhr.biz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-03-10 08:30:18", "1762696", "lumpeem.quest", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-03-10 08:30:18", "1762697", "genusne.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-03-10 08:30:18", "1762698", "egyptnf.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-03-10 08:29:43", "1762691", "118.194.248.246:443", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://www.shodan.io/host/118.194.248.246#443", "c2,kimsuky,shodan", "0", "juroots"
"2026-03-10 08:29:22", "1762688", "146.190.15.59:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/146.190.15.59#443", "c2,powersploit,shodan", "0", "juroots"
"2026-03-10 08:29:22", "1762689", "65.183.45.88:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/65.183.45.88#443", "c2,powersploit,shodan", "0", "juroots"
"2026-03-10 08:29:22", "1762690", "38.103.18.138:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/38.103.18.138#443", "c2,powersploit,shodan", "0", "juroots"
"2026-03-10 08:29:21", "1762687", "64.41.150.6:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/64.41.150.6#443", "c2,powersploit,shodan", "0", "juroots"
"2026-03-10 08:29:06", "1762686", "185.246.87.245:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/185.246.87.245#443", "c2,gophish,phishing,shodan", "0", "juroots"
"2026-03-10 08:29:05", "1762683", "64.25.109.212:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/64.25.109.212#3333", "c2,gophish,phishing,shodan", "0", "juroots"
"2026-03-10 08:29:05", "1762684", "100.28.249.22:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/100.28.249.22#443", "c2,gophish,phishing,shodan", "0", "juroots"
"2026-03-10 08:29:05", "1762685", "104.168.133.116:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/104.168.133.116#443", "c2,gophish,phishing,shodan", "0", "juroots"
"2026-03-10 08:29:04", "1762680", "101.32.243.51:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/101.32.243.51#4433", "c2,gophish,phishing,shodan", "0", "juroots"
"2026-03-10 08:29:04", "1762681", "34.175.221.125:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/34.175.221.125#443", "c2,gophish,phishing,shodan", "0", "juroots"
"2026-03-10 08:29:04", "1762682", "129.151.224.192:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/129.151.224.192#3333", "c2,gophish,phishing,shodan", "0", "juroots"
"2026-03-10 08:29:03", "1762678", "109.128.152.65:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/109.128.152.65#8443", "c2,gophish,phishing,shodan", "0", "juroots"
"2026-03-10 08:29:03", "1762679", "47.111.166.212:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/47.111.166.212#3333", "c2,gophish,phishing,shodan", "0", "juroots"
"2026-03-10 08:29:02", "1762677", "116.254.103.206:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/116.254.103.206#443", "c2,gophish,phishing,shodan", "0", "juroots"
"2026-03-10 08:28:46", "1762676", "45.32.82.190:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/45.32.82.190#443", "c2,panda,shodan", "0", "juroots"
"2026-03-10 08:28:45", "1762673", "49.51.202.206:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/49.51.202.206#443", "c2,panda,shodan", "0", "juroots"
"2026-03-10 08:28:45", "1762674", "115.190.54.238:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/115.190.54.238#443", "c2,panda,shodan", "0", "juroots"
"2026-03-10 08:28:45", "1762675", "144.202.88.120:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/144.202.88.120#443", "c2,panda,shodan", "0", "juroots"
"2026-03-10 08:28:44", "1762670", "154.197.220.164:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/154.197.220.164#443", "c2,panda,shodan", "0", "juroots"
"2026-03-10 08:28:44", "1762671", "154.196.101.212:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/154.196.101.212#443", "c2,panda,shodan", "0", "juroots"
"2026-03-10 08:28:44", "1762672", "211.149.241.136:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/211.149.241.136#443", "c2,panda,shodan", "0", "juroots"
"2026-03-10 08:28:43", "1762669", "213.150.194.34:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/213.150.194.34#443", "c2,panda,shodan", "0", "juroots"
"2026-03-10 08:28:41", "1762668", "156.225.28.60:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/156.225.28.60#443", "c2,panda,shodan", "0", "juroots"
"2026-03-10 08:28:04", "1762666", "80.94.92.133:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/80.94.92.133#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:28:04", "1762667", "144.172.102.223:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/144.172.102.223#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:28:03", "1762664", "96.9.124.190:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/96.9.124.190#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:28:03", "1762665", "5.188.227.91:1337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/5.188.227.91#1337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:28:02", "1762663", "38.29.212.164:1337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/38.29.212.164#1337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:28:01", "1762660", "194.163.191.78:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/194.163.191.78#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:28:01", "1762661", "157.230.30.196:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/157.230.30.196#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:28:01", "1762662", "5.188.227.90:1337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/5.188.227.90#1337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:28:00", "1762656", "142.91.103.176:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/142.91.103.176#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:28:00", "1762657", "192.227.239.42:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/192.227.239.42#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:28:00", "1762658", "2.58.56.130:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/2.58.56.130#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:28:00", "1762659", "158.180.236.197:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/158.180.236.197#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:27:59", "1762652", "45.153.129.33:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/45.153.129.33#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:27:59", "1762653", "144.31.106.169:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/144.31.106.169#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:27:59", "1762654", "67.213.210.24:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/67.213.210.24#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:27:59", "1762655", "84.247.166.79:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/84.247.166.79#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:27:58", "1762650", "23.247.253.245:1337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/23.247.253.245#1337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:27:58", "1762651", "46.225.219.248:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/46.225.219.248#31337", "c2,shodan,sliver", "0", "juroots"
"2026-03-10 08:27:41", "1762649", "45.9.249.179:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-10 08:27:42", "50", "False", "https://www.shodan.io/host/45.9.249.179#443", "c2,cobaltstrike,shodan", "0", "juroots"
"2026-03-10 08:27:40", "1762648", "129.212.183.99:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-10 08:27:41", "50", "False", "https://www.shodan.io/host/129.212.183.99#443", "c2,cobaltstrike,shodan", "0", "juroots"
"2026-03-10 08:27:39", "1762645", "139.224.16.185:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-10 08:27:42", "50", "False", "https://www.shodan.io/host/139.224.16.185#50050", "c2,cobaltstrike,shodan", "0", "juroots"
"2026-03-10 08:27:39", "1762646", "14.103.150.186:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-10 08:27:42", "50", "False", "https://www.shodan.io/host/14.103.150.186#50050", "c2,cobaltstrike,shodan", "0", "juroots"
"2026-03-10 08:27:39", "1762647", "52.151.31.52:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-10 08:27:42", "50", "False", "https://www.shodan.io/host/52.151.31.52#50050", "c2,cobaltstrike,shodan", "0", "juroots"
"2026-03-10 08:27:38", "1762643", "3.38.253.157:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "https://www.shodan.io/host/3.38.253.157#80", "c2,cobaltstrike,shodan", "0", "juroots"
"2026-03-10 08:27:38", "1762644", "86.106.143.213:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "https://www.shodan.io/host/86.106.143.213#80", "c2,cobaltstrike,shodan", "0", "juroots"
"2026-03-10 08:27:37", "1762640", "80.94.95.27:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "https://www.shodan.io/host/80.94.95.27#8443", "c2,cobaltstrike,shodan", "0", "juroots"
"2026-03-10 08:27:37", "1762641", "86.106.143.213:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-10 08:27:41", "50", "False", "https://www.shodan.io/host/86.106.143.213#443", "c2,cobaltstrike,shodan", "0", "juroots"
"2026-03-10 08:27:37", "1762642", "34.255.254.176:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "https://www.shodan.io/host/34.255.254.176#80", "c2,cobaltstrike,shodan", "0", "juroots"
"2026-03-10 08:27:31", "1762639", "63.180.14.7:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-10 08:27:42", "50", "False", "https://www.shodan.io/host/63.180.14.7#443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots"
"2026-03-10 08:27:30", "1762638", "172.86.107.2:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-10 08:27:36", "50", "False", "https://www.shodan.io/host/172.86.107.2#8443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots"
"2026-03-10 08:23:44", "1762637", "lum-forgear.winddev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 08:24:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 08:19:25", "1762636", "report-gold.winddev.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 08:20:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 08:12:15", "1762635", "mhrmjphd.oaknet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 08:13:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 08:08:05", "1762631", "ttt.physiocardiff.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 08:08:05", "1762632", "ttt.cricketmatters.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 08:08:05", "1762633", "ttt.walesseniorscricket.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 08:08:05", "1762634", "tto.walesseniorscricket.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 08:07:49", "1762629", "https://ttt.walesseniorscricket.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 08:07:49", "1762630", "https://tto.walesseniorscricket.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 08:07:48", "1762624", "https://telegram.me/v1d2v", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 08:07:48", "1762625", "https://telegram.me/pr55ii", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 08:07:48", "1762626", "https://steamcommunity.com/profiles/76561198732697044", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 08:07:48", "1762627", "https://ttt.physiocardiff.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 08:07:48", "1762628", "https://ttt.cricketmatters.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 08:07:28", "1762623", "deploymesh.oaknet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 08:08:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 08:01:46", "1762622", "13.135.66.208:103", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.135.66.208", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 08:01:45", "1762621", "168.245.203.146:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.146", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 08:01:44", "1762620", "13.228.203.196:43442", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.228.203.196", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 08:01:41", "1762619", "128.0.118.86:8090", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/128.0.118.86", "AS16276,C2,censys,Nosviak,OVH,Panel", "0", "DonPasci"
"2026-03-10 08:01:18", "1762618", "171.232.69.79:5000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "False", "https://search.censys.io/hosts/171.232.69.79", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci"
"2026-03-10 08:01:16", "1762617", "13.60.26.78:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "False", "https://search.censys.io/hosts/13.60.26.78", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci"
"2026-03-10 08:01:15", "1762616", "15.135.111.228:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "False", "https://search.censys.io/hosts/15.135.111.228", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci"
"2026-03-10 08:01:12", "1762615", "190.255.91.222:3584", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/190.255.91.222", "AS3816,C2,censys,COLOMBIA,Quasar,RAT", "0", "DonPasci"
"2026-03-10 08:01:05", "1762614", "154.53.50.197:30500", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://search.censys.io/hosts/154.53.50.197", "AS40021,AsyncRAT,C2,censys,CONTABO-40021,RAT", "0", "DonPasci"
"2026-03-10 08:01:03", "1762613", "47.84.3.75:21731", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/47.84.3.75", "ALIBABA-CN-NET,AS45102,C2,censys,Supershell", "0", "DonPasci"
"2026-03-10 08:00:51", "1762612", "jbstvz.oaknet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 08:01:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 08:00:50", "1762611", "45.94.31.123:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/45.94.31.123", "028f45e8dd4f225cb46a7d8003745a3a7f55d3a0,AS210558,C2,censys,RAT,Remcos", "0", "DonPasci"
"2026-03-10 07:57:43", "1762607", "151.247.193.181:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 07:57:43", "1762608", "77.221.148.56:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 07:57:43", "1762609", "74.0.32.147:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 07:57:43", "1762610", "147.45.45.43:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 07:57:07", "1762603", "https://151.247.193.181/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 07:57:07", "1762604", "https://77.221.148.56/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 07:57:07", "1762605", "https://74.0.32.147/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 07:57:07", "1762606", "https://147.45.45.43/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-10 07:55:54", "1762602", "p4cket-signal.oaknet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 07:57:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 07:48:59", "1762601", "t3mp0-zone.sunbit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 07:49:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 07:42:22", "1762600", "c1ip-scope.sunbit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 07:43:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 07:37:45", "1762599", "oefenen.hnwc.nl", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 07:37:03", "1762598", "91.214.78.85:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/dd9d5a825771588aa9173933dba188bb40815188774e72381f20c0590fc01d81/", "ACRStealer", "0", "abuse_ch"
"2026-03-10 07:36:29", "1762597", "nodesteri.sunbit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 07:37:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 07:35:26", "1762596", "141.98.234.25:443", "ip:port", "botnet_cc", "win.amatera", "None", "Amatera", "", "75", "False", "https://bazaar.abuse.ch/sample/a39eca46f834e874975e46eeda652906ab3576735fe930cec7e284560c6145ca/", "AmateraStealer", "0", "abuse_ch"
"2026-03-10 07:30:48", "1762591", "odysseyturismo.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 07:30:19", "1762590", "parceldusk.sunbit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 07:31:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 07:24:18", "1762589", "glob-k2.siliconcanyon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 07:25:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 07:19:39", "1762588", "unit-r1.siliconcanyon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 07:21:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 07:19:31", "1762587", "odszkodowania.net.pl", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 07:16:15", "1762586", "45.251.240.244:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2026-03-10 07:15:47", "1762585", "123.57.107.10:9443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-11 07:03:41", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-03-10 07:15:38", "1762584", "198.23.227.141:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-03-10 07:13:17", "1762583", "sili-h7.siliconcanyon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 07:14:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 07:10:22", "1762582", "odontofamiliachile.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 07:06:42", "1762581", "pl5-zw18.siliconcanyon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 07:07:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 07:01:07", "1762580", "104.161.43.231:5829", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "False", "https://tria.ge/260310-exbtvaay8z", "RedLineStealer", "0", "dyingbreeds_"
"2026-03-10 07:01:01", "1762579", "192.144.32.84:60820", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "False", "https://tria.ge/260310-g5dphsey6l", "RedLineStealer", "0", "dyingbreeds_"
"2026-03-10 07:00:24", "1762578", "node-s0.quartzhorizon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 07:01:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 06:58:22", "1762577", "octelnet.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 06:54:17", "1762576", "orig-m4.quartzhorizon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:54:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 06:53:05", "1762575", "octcampinas.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 06:48:33", "1762574", "quar-c2.quartzhorizon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:49:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 06:45:40", "1762523", "kv9-rt14.signalforest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 03:59:08", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 06:45:40", "1762566", "auth-z1.motiongravity.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:11:41", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 06:45:37", "1762511", "4829226d61849279ee5e2b683550146c485309a117687e8f3c0ee082404ccf46", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://tria.ge/260309-2tkc5sgv7n", "chatgpt-lure,github-distribution,infostealer", "1", "littlepaw33"
"2026-03-10 06:45:36", "1762522", "fad3d429172932b72e50f52af169a80439464e3538d97810509090e2e6cdf32a", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://tria.ge/260309-2tkc5sgv7n", "C2,Exe,Stealer", "1", "littlepaw33"
"2026-03-10 06:45:33", "1762508", "ax7-qr92.patternshadow.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:45:23", "100", "False", "None", "10March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 06:45:31", "1762503", "171.25.158.78:1999", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "False", "None", "mirai", "0", "seckle"
"2026-03-10 06:45:25", "1762393", "onlineverifyportal.us", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:24", "1762395", "https://kernsjewe.com/swe.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-09 18:42:48", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:24", "1762396", "https://kernsjewe.com/fras.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:24", "1762397", "https://kernsjewe.com/download.php?file=RVJVAUQL.msi&token=a9f3c8e12d9b4a7f5e6c1b0d2e8f9a3c7d6e5f1a2b3c4d5e6f7a8b9c0d1e2f", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:22", "1762398", "https://onlineverifyportal.us", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-10 07:31:03", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:21", "1762399", "kernsjewe.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:20", "1762413", "syst-sync.centurionix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 19:28:12", "100", "False", "None", "9March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 06:45:19", "1762414", "cent-base.centurionix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 23:45:53", "100", "False", "None", "9March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 06:45:18", "1762416", "infra-hub.altimetrica.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 23:49:30", "100", "False", "None", "9March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 06:45:16", "1762401", "secureverlfication.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:15", "1762402", "https://kernsjewe.com/osw.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:14", "1762403", "https://kernsjewe.com/fest.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:13", "1762404", "https://kernsjewe.com/download.php?file=IYXORQYO.msi&token=a9f3c8e12d9b4a7f5e6c1b0d2e8f9a3c7d6e5f1a2b3c4d5e6f7a8b9c0d1e2f3", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:12", "1762406", "https://secureverlfication.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-10 07:31:03", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:11", "1762407", "verificatlonhost.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:10", "1762409", "https://verificatlonhost.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-10 07:31:03", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:06", "1762384", "merfluxor5.costfee.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 18:10:06", "100", "False", "None", "9March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-03-10 06:45:05", "1762382", "http://178.16.53.70", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:04", "1762377", "http://172.94.9.187/9cca20c6df659f72/mycptpl.bin", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-09 18:07:50", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:03", "1762373", "https://captioto.com/jsrepo?rnd=0.6238959459611098", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-11 11:27:12", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-10 06:45:01", "1762360", "tandaainvestments.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-03-09 23:11:31", "100", "True", "None", "KongTuke", "0", "monitorsg"
"2026-03-10 06:45:00", "1762359", "https://tandaainvestments.com/reader", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-03-09 23:11:30", "100", "True", "None", "KongTuke", "0", "monitorsg"
"2026-03-10 06:44:59", "1762358", "https://ewar4pres.com/5w8j.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-03-10 06:11:12", "100", "True", "None", "KongTuke", "0", "monitorsg"
"2026-03-10 06:42:51", "1762573", "hx9-mv33.quartzhorizon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:43:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 06:34:23", "1762572", "flow-x3.staticmotion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:35:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 06:32:51", "1762571", "ocifrovkatomsk.ru", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 06:30:44", "1762570", "srv-p8.staticmotion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:31:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 06:29:34", "1762569", "ociat.com.ua", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 06:23:55", "1762568", "stat-d6.staticmotion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:26:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 06:17:18", "1762567", "jn2-bt04.staticmotion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:22:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 06:10:21", "1762565", "iqqppe36.cigarettecombin.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-03-10 06:09:26", "1762564", "0g16he5f.cigarettecombin.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:10:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 06:08:06", "1762563", "web-k9.motiongravity.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:08:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 06:05:04", "1762562", "108.187.14.101:8888", "ip:port", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "False", "https://tria.ge/260310-cfm5fagx8t", "android,AS138995,C2,spynote,triage", "0", "DonPasci"
"2026-03-10 06:02:32", "1762561", "dodyjarah-64527.portmap.host", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://tria.ge/260310-eca2tads7n", "C2,domain,neptunerat,rat,triage", "0", "DonPasci"
"2026-03-10 06:02:15", "1762559", "154.211.5.176:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260310-f6355aes7k", "AS400619,C2,rat,triage,valleyrat", "0", "DonPasci"
"2026-03-10 06:02:15", "1762560", "154.211.5.176:8888", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260310-f6355aes7k", "AS400619,C2,rat,triage,valleyrat", "0", "DonPasci"
"2026-03-10 06:02:14", "1762555", "206.238.115.154:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260310-f66k9aes7p", "AS399077,C2,rat,triage,valleyrat", "0", "DonPasci"
"2026-03-10 06:02:14", "1762556", "moti-u5.motiongravity.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:02:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 06:02:14", "1762557", "108.187.7.20:996", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260310-e4bgnaaz81", "AS138995,C2,rat,triage,valleyrat", "0", "DonPasci"
"2026-03-10 06:02:14", "1762558", "108.187.7.20:997", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260310-e4bgnaaz81", "AS138995,C2,rat,triage,valleyrat", "0", "DonPasci"
"2026-03-10 06:00:36", "1762554", "driftit-34835.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-03-10 07:01:56", "100", "False", "https://tria.ge/260310-ft1jgabs61", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-03-10 05:58:57", "1762553", "cr4-xw90.motiongravity.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 06:01:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 05:52:47", "1762552", "data-f6.orbitcapture.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 05:54:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 05:46:38", "1762551", "edge-v3.orbitcapture.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 05:47:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 05:40:46", "1762550", "occidentalingenieria.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 05:32:34", "1762549", "orbi-q7.orbitcapture.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 05:41:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 05:25:44", "1762548", "ym8-st11.orbitcapture.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 05:18:24", "1762547", "link-y5.vertexanchor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 05:20:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 05:13:13", "1762546", "host-b1.vertexanchor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 05:16:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 05:11:02", "1762545", "vert-n2.vertexanchor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 05:12:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 05:10:41", "1762544", "observametropoli.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 05:01:02", "1762543", "lp3-qv06.vertexanchor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 05:01:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 04:50:03", "1762542", "core-t9.tensorfield.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 04:52:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 04:43:21", "1762541", "main-p4.tensorfield.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 04:48:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 04:38:54", "1762540", "obrasmata.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 04:37:42", "1762539", "tens-r8.tensorfield.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 04:39:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 04:26:18", "1762538", "bz1-gh55.tensorfield.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 04:34:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 04:25:09", "1762537", "obranova.safirerealestate.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 04:19:25", "1762536", "site-w7.signalforest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 04:19:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 04:16:26", "1762535", "obitelji3plus.hr", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 04:11:55", "1762534", "entry-m0.signalforest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 04:13:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 04:05:10", "1762533", "sign-j3.signalforest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 04:05:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 04:01:50", "1762532", "13.208.209.101:5901", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.208.209.101", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 04:01:49", "1762530", "103.197.190.87:8080", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.197.190.87", "AS133800,C2,censys,hacktool,IDNIC-BIZNETGIO-AS-ID,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 04:01:49", "1762531", "18.192.62.89:55514", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.192.62.89", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 04:01:48", "1762529", "168.245.203.62:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.62", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 04:01:23", "1762528", "13.159.101.255:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "100", "False", "https://search.censys.io/hosts/13.159.101.255", "AMAZON-02,AS16509,BRC4,C2,censys", "0", "DonPasci"
"2026-03-10 04:01:22", "1762527", "102.98.126.152:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "https://search.censys.io/hosts/102.98.126.152", "AS36925,ASMedi,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2026-03-10 04:01:18", "1762526", "202.95.17.188:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/202.95.17.188", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Quasar,RAT", "0", "DonPasci"
"2026-03-10 04:01:13", "1762525", "46.149.76.204:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "https://search.censys.io/hosts/46.149.76.204", "AS216071,C2,censys,RAT,Sectop,VDSINA", "0", "DonPasci"
"2026-03-10 04:01:10", "1762524", "160.187.146.97:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://search.censys.io/hosts/160.187.146.97", "AS151858,AsyncRAT,C2,censys,INTERDIGI-VN,RAT", "0", "DonPasci"
"2026-03-10 03:50:51", "1762521", "root-x2.metricfusion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 03:53:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 03:25:04", "1762518", "metr-k44.metricfusion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 03:49:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 03:05:38", "1762517", "serv-z9.metricfusion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 03:08:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 03:03:25", "1762516", "tw4-nw08.metricfusion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 03:04:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 03:01:42", "1762515", "windowsupdateservice.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260310-awc83aat3r", "XWorm", "0", "dyingbreeds_"
"2026-03-10 03:01:41", "1762514", "6.tcp.vip.cpolar.cn", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260310-a6kqwsfv3t", "XWorm", "0", "dyingbreeds_"
"2026-03-10 03:01:00", "1762513", "192.144.32.84:16383", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "False", "https://tria.ge/260310-cvhhhabz7k", "RedLineStealer", "0", "dyingbreeds_"
"2026-03-10 02:57:14", "1762512", "local-s1.patternshadow.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:58:25", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 02:53:46", "1762510", "patt-f21.patternshadow.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:54:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 02:49:12", "1762509", "dist-mx5.patternshadow.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:51:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-10 02:14:29", "1762507", "nutrisana.com.uy", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 02:00:13", "1762506", "nutrieat.es", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 01:12:45", "1762504", "nurmodaevi.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 00:50:20", "1762502", "nur2.bollorock.cz", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-10 00:13:28", "1762501", "blocked.eero.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-10 00:01:50", "1762500", "168.245.203.59:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.59", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 00:01:49", "1762499", "168.245.203.32:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.32", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 00:01:48", "1762498", "196.74.220.25:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/196.74.220.25", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci"
"2026-03-10 00:01:47", "1762497", "168.245.203.42:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.42", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 00:01:46", "1762495", "13.127.239.61:44818", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.127.239.61", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 00:01:46", "1762496", "168.245.203.40:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.40", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 00:01:45", "1762494", "15.152.41.164:3390", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.152.41.164", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-10 00:01:19", "1762493", "41.251.116.52:81", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "https://search.censys.io/hosts/41.251.116.52", "AS36903,C2,censys,DcRAT,MT-MPLS,RAT", "0", "DonPasci"
"2026-03-10 00:01:13", "1762492", "107.172.3.15:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/107.172.3.15", "AS-COLOCROSSING,AS36352,C2,censys,Mythic", "0", "DonPasci"
"2026-03-10 00:01:09", "1762491", "46.149.73.237:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "https://search.censys.io/hosts/46.149.73.237", "AS216071,C2,censys,RAT,Sectop,VDSINA", "0", "DonPasci"
"2026-03-10 00:00:33", "1762490", "23.248.213.122:30502", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/23.248.213.122", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-10 00:00:32", "1762488", "35.159.33.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/35.159.33.8", "AMAZON-02,AS16509,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2026-03-10 00:00:32", "1762489", "115.29.231.140:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-11 07:03:47", "100", "False", "https://search.censys.io/hosts/115.29.231.140", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2026-03-09 23:51:32", "1762487", "nuevaimagen.esnaj.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-09 23:11:31", "1762485", "stru-run.structovista.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 23:12:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 23:10:10", "1762484", "nslwzqa.org", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-09 23:07:25", "1762483", "link-net.structovista.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 23:07:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 23:04:44", "1762482", "nsgpara.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-09 23:02:27", "1762481", "stru-v77.structovista.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 23:03:38", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-09 23:00:21", "1762480", "172.245.4.221:2406", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-03-10 20:00:55", "100", "False", "https://tria.ge/260309-yzhjyscy8q", "Remcos", "0", "dyingbreeds_"
"2026-03-09 23:00:08", "1762479", "dytdttyhhmjfjtydukytdtdrtrtjrttgyuttfdtd.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260309-zbec3ah15v", "Remcos", "0", "dyingbreeds_"
"2026-03-09 22:53:33", "1762478", "link-node.structovista.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:42:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 22:48:44", "1762477", "gala-net.galactoview.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 22:49:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 22:42:51", "1762476", "tech-base.galactoview.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:31:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 22:36:37", "1762475", "103.65.230.86:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://x.com/g0njxa/status/2031034087801012435", "AS207728,c2,EUROHOSTER,meshagent,rat", "0", "DonPasci"
"2026-03-09 22:35:06", "1762474", "91.231.222.220:5620", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-03-10 20:01:13", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch"
"2026-03-09 22:33:21", "1762473", "77.221.149.33:80", "ip:port", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "https://x.com/suyog41/status/2029181206739468337", "AEZA-AS,AS210644,c2,loader", "0", "DonPasci"
"2026-03-09 22:25:49", "1762471", "gala-v11.galactoview.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:28:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 22:22:33", "1762470", "tech-ref.galactoview.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:23:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 22:19:23", "1762469", "sync-unit.synchromesh.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:19:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 22:15:59", "1762468", "npj.app", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-09 22:14:28", "1762467", "flow-gate.synchromesh.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:14:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 22:08:15", "1762466", "sync-v09.synchromesh.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:10:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 22:04:42", "1762465", "flow-logic.synchromesh.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 22:05:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 22:00:34", "1762464", "vibr-flow.vibratronic.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 02:02:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 21:52:49", "1762463", "term-sync.vibratronic.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 01:55:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 21:47:27", "1762462", "38.147.170.252:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-11 17:49:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-03-09 21:47:22", "1762461", "vibr-v08.vibratronic.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 01:52:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 21:46:16", "1762460", "193.42.25.65:1444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-11 17:49:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-03-09 21:44:57", "1762459", "172.86.107.2:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-11 17:49:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-03-09 21:39:56", "1762458", "www.cloudflara.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-11 17:48:46", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-03-09 21:37:07", "1762457", "term-way.vibratronic.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 01:38:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 21:33:32", "1762456", "obsi-base.obsidianix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 01:32:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 21:24:08", "1762454", "main-sys.obsidianix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 01:28:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 21:16:44", "1762453", "obsi-v6.obsidianix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 01:21:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 21:13:17", "1762452", "main-peak.obsidianix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 01:18:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 21:05:57", "1762451", "spec-node.spectrometric.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 21:08:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 21:01:13", "1762450", "vult-hub.spectrometric.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 00:59:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:58:18", "1762449", "f0fjv96k.demogsystemat.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-03-09 20:56:42", "1762448", "yhcy21oo.demogsystemat.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 20:57:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:53:55", "1762447", "spec-v05.spectrometric.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 00:54:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:49:11", "1762446", "vult-vault.spectrometric.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 00:51:20", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-03-09 20:42:27", "1762445", "novo.blockerbrasil.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-09 20:40:46", "1762444", "prim-data.primordialis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 00:44:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:39:04", "1762443", "novikon.nikolaev.ua", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-09 20:35:27", "1762442", "logic-sync.primordialis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 20:36:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:30:53", "1762440", "prim-v44.primordialis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 20:31:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:25:17", "1762439", "logic-core.primordialis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 00:31:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:20:22", "1762438", "quan-edge.quantovault.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 00:28:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:16:12", "1762437", "data-unit.quantovault.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 00:23:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:11:06", "1762436", "quan-v3.quantovault.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 00:21:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:06:33", "1762435", "data-gate.quantovault.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 00:16:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:05:28", "1762434", "alti-flow.altimetrica.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 00:13:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 20:02:22", "1762433", "16.170.165.141:80", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/16.170.165.141", "AMAZON-02,AS16509,C2,censys,PowershellEmpire", "0", "DonPasci"
"2026-03-09 20:02:16", "1762432", "47.129.168.50:8389", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/47.129.168.50", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-09 20:02:13", "1762431", "47.129.168.50:389", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/47.129.168.50", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-03-09 20:02:04", "1762430", "85.137.253.58:9000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://search.censys.io/hosts/85.137.253.58", "AS215428,C2,censys,open-dir,SHINOMIYA,Xworm", "0", "DonPasci"
"2026-03-09 20:01:38", "1762429", "www.7dk5l721.shop", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/118.107.47.86+www.7dk5l721.shop", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Quasar,RAT", "0", "DonPasci"
"2026-03-09 20:01:36", "1762428", "www.nlmz602h.shop", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/118.107.47.86+www.nlmz602h.shop", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Quasar,RAT", "0", "DonPasci"
"2026-03-09 20:01:34", "1762427", "www.r15p5l5b.shop", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/118.107.47.86+www.r15p5l5b.shop", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Quasar,RAT", "0", "DonPasci"
"2026-03-09 20:01:32", "1762426", "www.kludt8zn.shop", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://search.censys.io/hosts/118.107.47.86+www.kludt8zn.shop", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Quasar,RAT", "0", "DonPasci"
"2026-03-09 20:01:28", "1762425", "34.154.84.183:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/34.154.84.183", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Mythic", "0", "DonPasci"
"2026-03-09 20:01:10", "1762424", "93.113.25.85:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "False", "https://search.censys.io/hosts/93.113.25.85", "AS214209,C2,censys,INTERNET-MAGNATE,Sliver", "0", "DonPasci"
"2026-03-09 20:01:04", "1762423", "103.82.24.104:80", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/103.82.24.104", "AS135905,C2,censys,RAT,Remcos,VNPT-AS-VN", "0", "DonPasci"
"2026-03-09 20:00:38", "1762422", "185.239.69.238:2083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/185.239.69.238", "AS25820,C2,censys,CobaltStrike,cs-watermark-100000,IT7NET", "0", "DonPasci"
"2026-03-09 20:00:36", "1762421", "101.32.36.2:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-11 07:03:57", "100", "False", "https://search.censys.io/hosts/101.32.36.2", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci"
"2026-03-09 20:00:34", "1762420", "156.234.21.209:30502", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.21.209", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-03-09 20:00:32", "1762419", "87.106.216.140:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/87.106.216.140", "AS8560,C2,censys,CobaltStrike,cs-watermark-987654321,IONOS-AS", "0", "DonPasci"
"2026-03-09 19:58:46", "1762418", "infra-net.altimetrica.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 20:04:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 19:53:47", "1762417", "alti-v12.altimetrica.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-10 00:01:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 19:23:40", "1762412", "cent-v01.centurionix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 23:31:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 19:20:12", "1762411", "syst-node.centurionix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 23:18:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 19:15:55", "1762410", "notepad.promadesign.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-03-09 18:55:17", "1762408", "u1tr5-bridge.lookback.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 18:58:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 18:51:41", "1762405", "3zwcexo.lookback.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 18:51:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 18:45:43", "1762400", "sp4rrow-phase.lookback.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-09 18:51:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-03-09 18:40:13", "1762394", "mars-sort.lookback.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
# Number of entries: 1054