################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2026-02-19 02:21:42 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-02-19 02:21:42", "1750617", "greenleaf.natureway.city", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 02:22:01", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-19 02:18:48", "1750616", "fastgate.cloudbridge.city", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 02:19:07", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-19 02:15:21", "1750615", "21.yunduans.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/93dc23aac6771621ff743b5c17e3550532df31dcc576b06090fe1a3342060910/", "valleyrat_s2", "0", "abuse_ch" "2026-02-19 02:15:12", "1750614", "openport.cloudbridge.city", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-19 02:00:53", "1750611", "swiftcore.cloudbridge.city", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 02:01:41", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-19 01:51:53", "1750610", "greenleaf.mint5ship.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 01:52:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 01:46:40", "1750609", "shipfresh.mint5ship.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 01:47:24", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-19 01:42:54", "1750608", "shiftpoint.fastlane.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 01:43:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 01:38:50", "1750606", "drivelogic.fastlane.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 01:39:08", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-19 01:32:33", "1750605", "roadrunner.fastlane.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 01:34:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 01:26:57", "1750604", "quickpath.fastlane.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 01:31:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 01:17:17", "1750603", "chillstream.snowwind.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 01:18:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 01:13:40", "1750602", "purewhite.snowwind.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 01:14:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 01:08:41", "1750601", "wintertrack.snowwind.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 01:05:27", "1750600", "coldbreeze.snowwind.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 01:06:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 01:00:06", "1750599", "sweetstock.plum63box.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 01:00:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 00:54:07", "1750598", "boxstore.plum63box.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 00:54:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 00:43:24", "1750597", "redplum.plum63box.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 00:44:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 00:30:23", "1750595", "fruitcase.plum63box.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 00:31:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 00:18:00", "1750594", "solidleaf.rockwood.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 00:19:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 00:05:43", "1750593", "stonepath.rockwood.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 00:07:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-19 00:02:55", "1750592", "78.12.9.38:59161", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/78.12.9.38", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-19 00:02:52", "1750591", "43.209.225.147:44819", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.209.225.147", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-19 00:02:50", "1750590", "54.89.163.179:179", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.89.163.179", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-19 00:02:26", "1750589", "157.15.98.138:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "False", "https://search.censys.io/hosts/157.15.98.138", "AS147224,C2,censys,moobot,WSNL-AS-IN", "0", "DonPasci" "2026-02-18 23:59:43", "1750588", "hardbranch.rockwood.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-19 00:00:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 23:55:08", "1750587", "forestroot.rockwood.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 23:56:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 23:47:05", "1750586", "blueshell.bluewave.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 23:48:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 23:21:55", "1750582", "coolsurf.bluewave.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 23:23:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 23:15:21", "1750580", "deepcoast.bluewave.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 23:15:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 23:09:47", "1750579", "nightwave.bluewave.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 23:10:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 23:02:43", "1750574", "often-richmond.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260218-z9xx3ah15a", "XWorm", "0", "dyingbreeds_" "2026-02-18 23:01:20", "1750573", "185.230.138.56:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/185.230.138.56", "AS51167,censys,CONTABO,Viper", "0", "dyingbreeds_" "2026-02-18 23:01:03", "1750572", "185.105.116.182:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-02-19 00:02:14", "100", "False", "https://search.censys.io/hosts/185.105.116.182", "AS209641,C2,censys,I-SERVERS-EAST,RAT", "0", "dyingbreeds_" "2026-02-18 23:01:00", "1750571", "206.251.48.98:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-02-19 00:02:11", "100", "False", "https://search.censys.io/hosts/206.251.48.98", "AS26383,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-18 23:00:36", "1750570", "167.71.81.242:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-02-19 00:01:58", "100", "False", "https://search.censys.io/hosts/167.71.81.242", "AS14061,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-18 23:00:28", "1750569", "110.42.61.166:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-02-19 00:01:49", "100", "False", "https://search.censys.io/hosts/110.42.61.166", "AS136188,C2,censys,Supershell", "0", "dyingbreeds_" "2026-02-18 23:00:25", "1750568", "scannerafiles.dynuddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260218-yc4hxafz6b", "AsyncRAT", "0", "dyingbreeds_" "2026-02-18 23:00:05", "1750567", "scanersfiles.dynuddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260218-1dyedsat5h", "AsyncRAT", "0", "dyingbreeds_" "2026-02-18 22:59:10", "1750566", "batchgit.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-19 02:16:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-18 22:25:30", "1750561", "mysticpoint.overdue13wizard.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 22:30:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 22:09:46", "1750560", "wisepath.overdue13wizard.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 22:10:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 21:53:45", "1750556", "jxjfs70p.cropin456spire.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-02-18 21:52:57", "1750555", "nhceoeow.cropin456spire.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 21:53:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 21:49:19", "1750553", "oldscroll.overdue13wizard.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 21:50:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 21:35:15", "1750552", "magicbook.overdue13wizard.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 21:36:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 21:30:33", "1750551", "mentalpulse.conscious86jag.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 21:31:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 21:21:19", "1750550", "thoughtsync.conscious86jag.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 21:22:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 20:55:33", "1750545", "5.249.151.196:40056", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 02:08:21", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-02-18 20:27:28", "1750544", "activebrain.conscious86jag.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 20:28:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 20:14:39", "1750542", "mindwave.conscious86jag.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 20:15:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 20:11:28", "1750541", "shieldpath.censure47contr.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 20:13:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 20:03:19", "1750536", "13.124.132.247:3000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.124.132.247", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 20:03:16", "1750535", "16.63.0.161:4502", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.63.0.161", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 20:03:13", "1750534", "208.85.23.90:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/208.85.23.90", "AS-VULTR,AS20473,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 20:03:05", "1750533", "72.60.141.53:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/72.60.141.53", "AdaptixC2,AS-HOSTINGER,AS47583,C2,censys", "0", "DonPasci" "2026-02-18 20:02:40", "1750532", "45.88.186.116:9999", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-02-18 23:00:57", "100", "False", "https://search.censys.io/hosts/45.88.186.116", "028f45e8dd4f225cb46a7d8003745a3a7f55d3a0,AS210558,C2,censys,DcRAT,RAT", "0", "DonPasci" "2026-02-18 20:02:29", "1750531", "52.90.185.134:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-18 23:00:49", "100", "False", "https://search.censys.io/hosts/52.90.185.134", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci" "2026-02-18 20:02:26", "1750530", "3.81.3.110:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-18 23:00:46", "100", "False", "https://search.censys.io/hosts/3.81.3.110", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci" "2026-02-18 20:02:14", "1750529", "178.62.249.117:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-02-18 23:00:39", "100", "False", "https://search.censys.io/hosts/178.62.249.117", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2026-02-18 20:01:52", "1750528", "95.179.191.226:8000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "False", "https://search.censys.io/hosts/95.179.191.226", "AS-VULTR,AS20473,C2,censys,open-dir,payload,Sliver", "0", "DonPasci" "2026-02-18 20:01:42", "1750527", "51.118.64.13:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-18 23:00:16", "100", "False", "https://search.censys.io/hosts/51.118.64.13", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci" "2026-02-18 19:53:41", "1750526", "125.72.124.131:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-02-19 01:46:53", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-02-18 19:43:30", "1750524", "checknode.censure47contr.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 19:44:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 19:24:34", "1750522", "rulebase.censure47contr.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 19:25:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 19:19:05", "1750521", "safeguard.censure47contr.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 19:20:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 19:13:01", "1750518", "comparepoint.comparis4sosun.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 19:14:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 19:00:54", "1750512", "121.37.183.136:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "https://search.censys.io/hosts/121.37.183.136", "AS55990,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-18 19:00:35", "1750511", "161.97.173.185:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-18 20:02:35", "100", "False", "https://search.censys.io/hosts/161.97.173.185", "AS51167,C2,censys,CONTABO", "0", "dyingbreeds_" "2026-02-18 19:00:34", "1750510", "95.179.191.226:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 02:16:15", "100", "False", "https://search.censys.io/hosts/95.179.191.226", "AS20473,C2,censys", "0", "dyingbreeds_" "2026-02-18 19:00:27", "1750509", "45.76.119.110:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-02-18 20:02:17", "100", "False", "https://search.censys.io/hosts/45.76.119.110", "AS20473,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-18 19:00:23", "1750508", "50.114.179.25:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-19 02:08:25", "100", "False", "https://search.censys.io/hosts/50.114.179.25", "AS19318,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-18 19:00:19", "1750506", "138.91.32.183:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-18 20:01:45", "90", "False", "https://search.censys.io/hosts/138.91.32.183", "AS8075,C2,censys", "0", "dyingbreeds_" "2026-02-18 19:00:19", "1750507", "linkcheck.comparis4sosun.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 19:01:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 19:00:12", "1750505", "70.39.206.183:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-19 00:49:07", "100", "False", "https://search.censys.io/hosts/70.39.206.183", "AS979,C2,censys", "0", "dyingbreeds_" "2026-02-18 19:00:10", "1750504", "50.114.206.215:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-18 20:01:08", "100", "False", "https://search.censys.io/hosts/50.114.206.215", "AS62564,C2,censys", "0", "dyingbreeds_" "2026-02-18 19:00:08", "1750503", "50.114.206.215:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-18 20:01:05", "100", "False", "https://search.censys.io/hosts/50.114.206.215", "AS62564,C2,censys", "0", "dyingbreeds_" "2026-02-18 18:44:56", "1750500", "matchview.comparis4sosun.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 18:45:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 18:38:37", "1750498", "dataledger.comparis4sosun.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 18:39:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 18:26:00", "1750493", "darkhost.elusive16soot.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 18:27:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 18:19:35", "1750492", "secretlink.elusive16soot.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 18:20:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 18:13:12", "1750485", "hiddenscan.elusive16soot.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 18:14:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 18:09:58", "1750483", "isof63umlw.loclx.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260218-pkvfjacy6f", "C2,domain,nanocore,rat,triage", "0", "DonPasci" "2026-02-18 18:09:37", "1750482", "19z4t19x.matrimon63shadowy.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-02-18 18:09:20", "1750481", "8h6w2a84.matrimon63shadowy.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 18:09:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 18:08:47", "1750480", "shadowpath.elusive16soot.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 18:09:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 18:04:35", "1750478", "http://45.150.32.124", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260218-vx9c4scx8d", "AS210644,C2,stealc,stealer,triage", "0", "DonPasci" "2026-02-18 18:01:51", "1750477", "h1utmdojg.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-18 19:02:28", "100", "False", "https://tria.ge/260218-s3q3lsc12b", "C2,domain,triage,xworm", "0", "DonPasci" "2026-02-18 17:56:20", "1750475", "outputsync.murta46unprin.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 17:58:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 17:40:12", "1750472", "printflow.murta46unprin.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 17:41:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 17:34:56", "1750470", "workdeck.murta46unprin.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 17:37:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 17:33:26", "1750469", "smartraise.probos7raise.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 17:34:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 17:24:12", "1750466", "growthstep.probos7raise.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 17:30:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 17:18:03", "1750465", "packpoint.pack1kiwi.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 17:18:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 17:08:23", "1750462", "localhub.pack1kiwi.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 17:09:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 17:04:07", "1750460", "r3d.gadgetwalabd.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 17:04:07", "1750461", "r3d.alpinematters.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 17:03:53", "1750458", "https://r3d.gadgetwalabd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 17:03:53", "1750459", "https://r3d.alpinematters.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 17:02:58", "1750457", "boxstream.pack1kiwi.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 17:03:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 16:55:40", "1750456", "supplyline.pack1kiwi.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 16:56:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 16:49:03", "1750455", "fruitline.kiwi5pack.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 16:50:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 16:41:31", "1750453", "usd56789.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/e6a4e5d2697e13451440a74f3df1f1e9c6fe1221ee5749058579b750855bf4f2/", "valleyrat_s2", "0", "abuse_ch" "2026-02-18 16:37:09", "1750364", "sh1p-rnix.ship5plum.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 10:38:08", "100", "False", "None", "18February2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-02-18 16:37:05", "1750371", "https://binadata.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/binadata.com", "ClickFix", "0", "CarsonWilliams" "2026-02-18 16:37:00", "1750395", "still-sound-5eea.utkulukkar1982.workers.dev", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://app.any.run/tasks/46c4e5b1-f91a-4872-b1fe-5f019d83c6bc", "c2", "0", "burger" "2026-02-18 16:36:59", "1750406", "192.169.69.25:6060", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://www.threat.rip/file/21087150b9f3b0d4c5d25c3b01e393518673d403646aca76c78e5fb51acd6d6b/config", "ASYNCRAT,DEFAULT,DISCOVERY,PUTTY,RAT,RMM-TOOL", "0", "Neiki" "2026-02-18 16:36:58", "1750408", "192.169.69.25:7974", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://www.threat.rip/file/21d0c6a79d2b273c12c83bd9835b075070ce6dcff9428e6232307f582c2e5b5e/config", "AHK,ANTI-EVASION,ASYNCRAT,AUTO-STARTUP,DEFENSE_EVASION,DISCOVERY,DOWNLOADER,EXECUTION", "0", "Neiki" "2026-02-18 16:36:57", "1750411", "31.40.204.103:1990", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-18 15:02:23", "100", "False", "https://www.threat.rip/file/3afb32cb8ef52cc419dd1224ee22fa1474059f4e4a2aa57166e4ef7ff0dba3a5/config", "ARCH-SCR,AUTO-STARTUP,DISCOVERY,EXECUTION,RAT,SUSP-POWERSHELL,TROJAN,XWORM", "0", "Neiki" "2026-02-18 16:36:55", "1750426", "sparkchickgame.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 16:36:54", "1750427", "https://sparkchickgame.com/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 16:36:54", "1750428", "dlderi.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 16:36:53", "1750429", "https://dlderi.com/helpU.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 16:36:53", "1750430", "https://dlderi.com/data.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 16:36:53", "1750431", "https://dlderi.com/test.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 16:36:52", "1750443", "sysmaintenancerequest.onrender.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/1aa26af6db8f8bbbb7715c8a3b9ed5d96960f3288908254d345db5299799dcc4/", "c2,SilentStealer", "0", "burger" "2026-02-18 16:36:50", "1750446", "198.244.201.139:2352", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://www.threat.rip/file/5e91bd03ae59ce81aaf5836a6c4b48c7845d260a710d4f624bfd325b989a503b/config", "ANTI-EVASION,AUTO-REG,AUTO-STARTUP,CRYPTER,DEFENSE_EVASION,EVASION,EXECUTION,PERSISTENCE,xworm", "0", "Neiki" "2026-02-18 16:36:24", "1750451", "kiwinode.kiwi5pack.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 16:36:44", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-18 16:36:24", "1750452", "https://saborizerefeicoes34.store/tas1/receptor.php", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/937cf5328ec09feed9cf07135a3f2cda1830f3e22ca1d62b3ba64f71c0a1bc79/", "None", "0", "abuse_ch" "2026-02-18 16:15:20", "1750447", "freshpack.kiwi5pack.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 16:21:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 16:07:44", "1750445", "greenstore.kiwi5pack.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 16:09:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 16:03:56", "1750444", "hubtransit.ship9fig.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 16:04:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 16:02:22", "1750442", "13.124.132.247:13000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.124.132.247", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 16:02:20", "1750441", "13.124.132.247:10000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.124.132.247", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 16:02:17", "1750440", "13.124.132.247:9200", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.124.132.247", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 16:02:15", "1750439", "13.124.132.247:2000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.124.132.247", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 16:02:12", "1750438", "13.124.132.247:51200", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.124.132.247", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 16:02:05", "1750437", "51.44.160.115:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/51.44.160.115", "AdaptixC2,AMAZON-02,AS16509,C2,censys", "0", "DonPasci" "2026-02-18 16:00:23", "1750436", "178.17.62.214:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "None", "NetSupport", "0", "abuse_ch" "2026-02-18 15:56:29", "1750434", "sendpoint.ship9fig.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 15:57:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 15:50:57", "1750433", "globalpath.ship9fig.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 15:52:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 15:45:26", "1750432", "speedtrack.ship9fig.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 15:46:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 15:38:08", "1750425", "marinenode.fig2ship.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 15:39:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 15:32:08", "1750424", "portentry.fig2ship.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 15:35:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 15:29:59", "1750423", "oceanroute.fig2ship.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 15:31:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 15:24:23", "1750422", "cargoflow.fig2ship.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 15:25:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 15:02:27", "1750420", "b0x-rnark.box3pear.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 15:03:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 15:01:30", "1750419", "londonkc.zapto.org", "domain", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://tria.ge/260218-p7apmses6f", "GHOST", "0", "dyingbreeds_" "2026-02-18 15:01:28", "1750418", "51.15.0.28:666", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://tria.ge/260218-p7apmses6f", "GHOST", "0", "dyingbreeds_" "2026-02-18 15:00:58", "1750417", "www.gorscts.shop", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-02-18 15:00:59", "100", "False", "https://search.censys.io/hosts/94.154.35.152+www.gorscts.shop", "AS202412,censys,ClickFix,OMEGATECH-AS", "0", "dyingbreeds_" "2026-02-18 15:00:21", "1750416", "189.155.125.225:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-02-18 16:01:38", "100", "False", "https://search.censys.io/hosts/189.155.125.225", "AS8151,C2,censys,RAT,UNINET", "0", "dyingbreeds_" "2026-02-18 15:00:06", "1750415", "luawhjkuk.localto.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260218-q14jtafy7c", "AsyncRAT", "0", "dyingbreeds_" "2026-02-18 14:48:42", "1750414", "consign.box3pear.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 14:52:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 14:34:12", "1750413", "a5v9n.box3pear.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 14:36:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 14:32:03", "1750412", "rn1l1t-vvex.military423pudd.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 14:32:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 13:55:51", "1750410", "outpost.military423pudd.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 13:56:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 13:49:50", "1750407", "185.237.207.98:8443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2026-02-19 02:23:12", "75", "False", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2026-02-18 13:36:49", "1750405", "r2k6d.military423pudd.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 13:37:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 13:31:21", "1750404", "p3ar-llnk.pear6box.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 13:32:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 13:25:39", "1750402", "https://for.gadgetwalabd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 13:25:39", "1750403", "https://for.alpinematters.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 13:25:16", "1750401", "container.pear6box.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 13:26:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 13:20:48", "1750399", "p8x1m.pear6box.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 13:21:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 13:14:27", "1750398", "p4ck-rnate.pack8mint.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 13:15:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 13:09:08", "1750397", "http://185.123.102.253/0bbfbb85010e4111.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-02-18 18:04:38", "100", "False", "None", "Steal", "0", "abuse_ch" "2026-02-18 13:04:43", "1750396", "warehouse.pack8mint.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 13:06:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 12:52:43", "1750393", "http://91.196.33.68/8574ba9c14cf4c8b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "None", "Steal", "0", "abuse_ch" "2026-02-18 12:51:49", "1750392", "103.45.68.122:9001", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-02-18 12:50:11", "1750391", "en2k1164.dictationlow.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-02-18 12:49:07", "1750390", "lvhthej9.dictationlow.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 12:49:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 12:48:39", "1750389", "c9t5q.pack8mint.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 12:49:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 12:30:20", "1750388", "b1ueg-vveld.blueg78rework.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 12:32:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 12:23:14", "1750387", "atelier.blueg78rework.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 12:27:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 12:21:04", "1750386", "z3n7a.blueg78rework.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 12:23:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 12:18:42", "1750385", "rn1nt-llow.mint4pack.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 12:20:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 12:15:25", "1750384", "crate.mint4pack.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 12:16:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 12:12:22", "1750383", "m9r3p.mint4pack.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 12:13:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 12:02:19", "1750382", "168.245.203.207:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.207", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 12:01:54", "1750381", "lqpoartdg.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-18 15:02:34", "100", "False", "https://tria.ge/260218-nlfhbsat5f", "C2,domain,triage,xworm", "0", "DonPasci" "2026-02-18 12:01:46", "1750380", "mflk332-50294.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-18 15:02:35", "100", "False", "https://tria.ge/260218-m639fshx4b", "C2,domain,triage,xworm", "0", "DonPasci" "2026-02-18 12:01:40", "1750379", "102.117.167.30:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-02-19 01:43:23", "100", "False", "https://search.censys.io/hosts/102.117.167.30", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2026-02-18 11:45:11", "1750377", "147.45.60.69:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "None", "NetSupport", "0", "abuse_ch" "2026-02-18 11:39:48", "1750376", "d1sapp-vvire.disapp43squithes.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 11:41:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 11:19:50", "1750374", "archive.disapp43squithes.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 11:25:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 11:07:32", "1750373", "t6k2n.disapp43squithes.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 11:08:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 11:00:48", "1750370", "77.49.253.104:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "100", "False", "https://search.censys.io/hosts/77.49.253.104", "AS1241,C2,censys", "0", "dyingbreeds_" "2026-02-18 11:00:38", "1750369", "angelcameintheearthwithbestwishesforpers.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-18 20:26:45", "100", "False", "https://tria.ge/260218-j6vqjadw4c", "Remcos", "0", "dyingbreeds_" "2026-02-18 11:00:25", "1750368", "ssutdf767dglmxf.dexlopenhouse.shop", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-18 11:47:58", "100", "False", "https://tria.ge/260218-lxcjpsfw4h", "Remcos", "0", "dyingbreeds_" "2026-02-18 11:00:03", "1750367", "fenix35630.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260218-j17sxadt5e", "AsyncRAT", "0", "dyingbreeds_" "2026-02-18 10:35:40", "1750353", "sakurazuma.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 10:35:39", "1750354", "https://sakurazuma.com/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 10:28:26", "1750362", "manifest.ship5plum.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 10:29:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 10:19:44", "1750360", "q4m8v.ship5plum.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 10:21:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 10:08:04", "1750358", "p1urn-vvake.plum7ship.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 10:08:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 10:00:23", "1750355", "172.94.100.227:29810", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2026-02-18 09:57:13", "1750352", "harbor.plum7ship.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 09:58:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 09:48:43", "1750330", "159.26.100.129:53024", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://www.threat.rip/file/a11b8a40945f6fdbf067c1b5663e986a1339d26c0ece0b0fb43732c0fd25053a/config", "DEFENSE_EVASION,DISCOVERY,KEYLOGGER,NANOCORE,PROTECTOR,SPYWARE,STEALER,THEMIDA", "0", "Neiki" "2026-02-18 09:48:42", "1750350", "x7p9a.plum7ship.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 09:50:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 09:48:38", "1750343", "192.236.154.249:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://www.threat.rip/file/4b60c76c6c3e16c24020d89f73c8c7f230064ed912d87484c9e764ee49705308/config", "API-BASE64,ARCH-SCR,DEFENSE_EVASION,DISCOVERY,EXECUTION,RAT,SUSP-POWERSHELL,TROJAN,xworm", "0", "Neiki" "2026-02-18 09:37:05", "1750344", "beamglow.lightstream.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 09:38:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 09:30:36", "1750341", "11pinkbk.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-18 11:00:27", "75", "False", "https://bazaar.abuse.ch/sample/ddd4144ce382b9c770a419f6051362c33c8ad5fa778d3de8879f3cf10710dbd3/", "remcos", "0", "abuse_ch" "2026-02-18 09:30:34", "1750340", "11pink.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-18 11:00:27", "75", "False", "https://bazaar.abuse.ch/sample/ddd4144ce382b9c770a419f6051362c33c8ad5fa778d3de8879f3cf10710dbd3/", "remcos", "0", "abuse_ch" "2026-02-18 09:25:30", "1750336", "office001.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-18 11:02:07", "75", "False", "https://bazaar.abuse.ch/sample/9e455b20cb0730c2449f488167c251b140677782e153b635e28717a011545828/", "xworm", "0", "abuse_ch" "2026-02-18 09:22:06", "1750333", "mainstreet.urbanpulse.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 09:22:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 09:16:56", "1750332", "se9bavje.lament42leave.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-02-18 09:15:28", "1750331", "pdxevwsx.lament42leave.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 09:15:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 09:05:08", "1750328", "158.94.209.22:35541", "ip:port", "botnet_cc", "jar.adwind", "AlienSpy,JSocket,Frutas,UNRECOM,JBifrost,Sockrat", "AdWind", "", "100", "False", "None", "Adwind", "0", "abuse_ch" "2026-02-18 09:04:06", "1750327", "traffichub.urbanpulse.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 09:04:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 08:55:39", "1750324", "liveroad.urbanpulse.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 08:56:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 08:52:23", "1750323", "99.83.215.169:8121", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-02-19 02:16:35", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-02-18 08:51:43", "1750321", "84.17.45.180:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-19 02:13:24", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-02-18 08:51:43", "1750322", "84.17.45.180:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-19 02:13:25", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-02-18 08:51:36", "1750320", "82.165.218.73:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-19 02:13:01", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-02-18 08:48:51", "1750319", "34.9.91.140:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-19 02:02:53", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-02-18 08:48:23", "1750318", "218.255.179.148:36081", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-02-19 02:01:09", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-02-18 08:44:06", "1750317", "13.250.222.197:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-19 01:47:13", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-02-18 08:35:03", "1750296", "161.129.47.173:56001", "ip:port", "botnet_cc", "win.resolver_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://www.threat.rip/file/00c01ae386de339870cd17228b7b8494835558c4a324a8b04236158ec5157ccc/config", "DISCOVERY,NETREACTOR,PROTECTOR,PUREHVNC,SPYWARE,STEALER", "0", "Neiki" "2026-02-18 08:27:05", "1750316", "123.136.95.226:1529", "ip:port", "botnet_cc", "elf.xorddos", "XORDDOS", "XOR DDoS", "", "75", "False", "https://bazaar.abuse.ch/sample/b62be5224f27f9438213215d0549319111ae87383cbf33fc0939869ac90f9b58/", "XorDDoS", "0", "abuse_ch" "2026-02-18 08:21:27", "1750315", "74.0.42.189:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:21:26", "1750309", "148.251.65.217:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:21:26", "1750310", "74.0.32.76:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:21:26", "1750311", "65.108.245.111:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:21:26", "1750312", "74.0.42.164:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:21:26", "1750313", "37.221.66.62:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:21:26", "1750314", "46.225.136.68:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:21:07", "1750307", "tue.gadgetwalabd.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:21:07", "1750308", "tue.alpinematters.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:20:49", "1750305", "https://46.225.136.68/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:20:49", "1750306", "https://74.0.42.189/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:20:48", "1750299", "https://148.251.65.217/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:20:48", "1750300", "https://74.0.32.76/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:20:48", "1750301", "https://65.108.245.111/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:20:48", "1750302", "https://94.130.47.218/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:20:48", "1750303", "https://74.0.42.164/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:20:48", "1750304", "https://37.221.66.62/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:20:47", "1750297", "https://tue.gadgetwalabd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:20:47", "1750298", "https://tue.alpinematters.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-18 08:15:05", "1750273", "82.26.74.181:7080", "ip:port", "botnet_cc", "win.mirai", "None", "Mirai", "", "100", "False", "https://www.threat.rip/file/fb51cc30f5ac43a9cc4ee8e036da03135fdfdb5c285d651682e96d42541fd678/config", "BOTNET,DEFENSE_EVASION,DISCOVERY,LINUX,MIRAI,UPX", "0", "Neiki" "2026-02-18 08:15:04", "1750279", "142.147.99.237:56001", "ip:port", "botnet_cc", "win.resolver_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://www.threat.rip/file/eee4f03d3ac46e5f6b01d34f9c30636ea0b6b49b6f1eecd6a2c6c9d56de10faa/config", "DISCOVERY,NETREACTOR,PUREHVNC,STEALER", "0", "Neiki" "2026-02-18 08:14:47", "1750295", "130.12.181.62:5555", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/f18bc153b2acaa5e725ca8e9837ec1a4a7f10dc70cb87495fccbc354030ba1df/", "Mirai", "0", "abuse_ch" "2026-02-18 08:13:03", "1750294", "178.16.54.17:46534", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/edef7d69487c4dbf42ad5cc162b734d9e00a0579e5a2966ea0129557cbdaee4c/", "Mirai", "0", "abuse_ch" "2026-02-18 08:11:08", "1750293", "64.89.163.109:7080", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "75", "False", "https://bazaar.abuse.ch/sample/e1c410b09d24a875639cef93de377ab4031aa34b6328d231c4e5f89913e930dd/", "Gafgyt", "0", "abuse_ch" "2026-02-18 08:03:34", "1750292", "3.79.153.41:48395", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.79.153.41", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 08:03:26", "1750291", "3.79.153.41:8545", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.79.153.41", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 08:03:18", "1750290", "3.79.153.41:50995", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.79.153.41", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 08:03:10", "1750289", "103.177.46.32:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.46.32", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 08:03:02", "1750288", "196.74.230.2:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/196.74.230.2", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci" "2026-02-18 08:02:55", "1750287", "16.112.60.211:503", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.112.60.211", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 08:02:47", "1750286", "56.124.17.113:80", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/56.124.17.113", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 08:02:39", "1750285", "103.177.46.50:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.46.50", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 08:01:58", "1750284", "45.59.117.145:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "https://search.censys.io/hosts/45.59.117.145", "AS14956,C2,censys,RAT,ROUTERHOSTING,Sectop", "0", "DonPasci" "2026-02-18 08:01:44", "1750283", "kitsoinsbebeclique.shop", "domain", "botnet_cc", "win.socks5_systemz", "None", "Socks5 Systemz", "", "100", "False", "https://bazaar.abuse.ch/sample/bc0c9c58f2886e83b8d035c81bc3100bb8d2afd87b67591130b88ff5027bf8b6/", "Socks5Systemz", "0", "abuse_ch" "2026-02-18 08:01:43", "1750280", "176.10.118.147:443", "ip:port", "botnet_cc", "win.socks5_systemz", "None", "Socks5 Systemz", "", "75", "False", "https://bazaar.abuse.ch/sample/bc0c9c58f2886e83b8d035c81bc3100bb8d2afd87b67591130b88ff5027bf8b6/", "Socks5Systemz", "0", "abuse_ch" "2026-02-18 08:01:43", "1750281", "178.16.54.31:80", "ip:port", "botnet_cc", "win.socks5_systemz", "None", "Socks5 Systemz", "", "75", "False", "https://bazaar.abuse.ch/sample/bc0c9c58f2886e83b8d035c81bc3100bb8d2afd87b67591130b88ff5027bf8b6/", "Socks5Systemz", "0", "abuse_ch" "2026-02-18 08:01:43", "1750282", "45.74.40.3:2024", "ip:port", "botnet_cc", "win.socks5_systemz", "None", "Socks5 Systemz", "", "75", "False", "https://bazaar.abuse.ch/sample/bc0c9c58f2886e83b8d035c81bc3100bb8d2afd87b67591130b88ff5027bf8b6/", "Socks5Systemz", "0", "abuse_ch" "2026-02-18 08:01:27", "1750278", "86.54.42.79:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-19 02:14:17", "100", "False", "https://search.censys.io/hosts/86.54.42.79", "AS42624,C2,censys,RAT,Remcos,SWISSNETWORK02", "0", "DonPasci" "2026-02-18 07:59:35", "1750275", "truckpig.cfd", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-02-18 07:59:35", "1750276", "healthiron.space", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-02-18 07:59:35", "1750277", "controlprice.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-02-18 07:55:12", "1750274", "freumon.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/9b048b3327bca55d1153af4dc617b8a8b69f4f6752c4a9f3457a70a3ae085f9c/", "RMM,SimpleHelp", "0", "abuse_ch" "2026-02-18 07:42:37", "1750271", "citypulse.urbanpulse.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 07:43:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 07:35:02", "1750027", "172.86.114.147:1150", "ip:port", "botnet_cc", "win.mirai", "None", "Mirai", "", "100", "False", "https://www.threat.rip/file/03bf8b6610e81d015f5e0e6023281b232b8d32e8510cef333f9f9eb8af1b4bde/config", "BOTNET,MIRAI", "0", "Neiki" "2026-02-18 07:34:53", "1750080", "followahahaha.followz.st", "domain", "botnet_cc", "win.mirai", "None", "Mirai", "2026-02-17 19:38:36", "100", "False", "https://www.threat.rip/file/6cab3e91a084957a1d488df52a1703e091c1e9c5da44fbb8b42ad6390335499a/config", "BOTNET,DISCOVERY,MIRAI,UPX", "0", "Neiki" "2026-02-18 07:34:51", "1750083", "194.169.175.191:39002", "ip:port", "botnet_cc", "win.zgrat", "None", "zgRAT", "", "100", "False", "https://www.threat.rip/file/a01294fed374d6dea5c63d7025ddcbf62564ab9447bfa99595c8aed56d7e92b9/config", "API-BASE64,EXECUTION,NETREACTOR,PERSISTENCE,PUREMINER,ZGRAT", "0", "Neiki" "2026-02-18 07:34:50", "1750101", "78.29.43.89:40689", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-18 14:24:37", "100", "False", "https://www.threat.rip/file/d415d965119cca60043dcfcf0180be8f00251a141bdd4276bc3a92e3499c162a/config", "DEFENSE_EVASION,EXECUTION,PERSISTENCE,RAT,TROJAN,XWORM", "0", "Neiki" "2026-02-18 07:34:46", "1750110", "23.234.88.233:4444", "ip:port", "botnet_cc", "win.xenorat", "None", "XenoRAT", "", "100", "False", "https://www.threat.rip/file/b1af3f80a1f156291bb92cd19db9e06ce30349fd130453bc2390ea4bb86a432b/config", "AUTO-REG,DISCOVERY,EXECUTION,PERSISTENCE,RAT,TROJAN,XENORAT", "0", "Neiki" "2026-02-18 07:34:45", "1750112", "23.234.88.233:34728", "ip:port", "botnet_cc", "win.xenorat", "None", "XenoRAT", "", "100", "False", "https://www.threat.rip/file/35f630210dee3ce3fd8bcacc563359429faaea0f9887935641d0ba13d925fce2/config", "AUTO-REG,DISCOVERY,EXECUTION,PERSISTENCE,RAT,TROJAN,XENORAT", "0", "Neiki" "2026-02-18 07:34:43", "1750115", "156.205.97.11:4444", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://www.threat.rip/file/7d0e431c0664db29b94ead11c62b82fcdf80fc0146f33b5cf48a001cae983706/config", "AUTO-REG,AUTO-STARTUP,EXECUTION,PERSISTENCE,RAT,TROJAN,XWORM", "0", "Neiki" "2026-02-18 07:34:38", "1750163", "8.148.70.84:1984", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://www.threat.rip/file/ad08c66518867e316ca12c3b9e3c44c063aed87d51844a0058e77a01bab48847/config", "RAT,TROJAN,XWORM", "0", "Neiki" "2026-02-18 07:34:32", "1750238", "set.74fkhlsdg12.la", "domain", "botnet_cc", "elf.xorddos", "XORDDOS", "XOR DDoS", "", "100", "False", "https://www.threat.rip/file/b62be5224f27f9438213215d0549319111ae87383cbf33fc0939869ac90f9b58/config", "ANTIVM,BOTNET,DISCOVERY,DOWNLOADER,EXECUTION,LINUX,PERSISTENCE,XORDDOS", "0", "Neiki" "2026-02-18 07:33:04", "1750030", "https://greecpt.shop/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/greecpt.shop", "ClickFix", "0", "CarsonWilliams" "2026-02-18 07:33:03", "1750039", "datacloudhost4.baby", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "True", "", "MacStealer,Phishing Page,Stealer", "0", "m1r3dk" "2026-02-18 07:33:02", "1750040", "bracesarlington.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-02-18 06:40:48", "100", "True", "", "MacStealer,Phishing Page,Stealer", "0", "m1r3dk" "2026-02-18 07:33:00", "1750079", "serialmenot.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "clickfix", "1", "tanner" "2026-02-18 07:32:59", "1750049", "urbanbike.velvetmaple.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:03:52", "100", "False", "None", "17February2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-02-18 07:32:58", "1750092", "softgametime.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 07:32:58", "1750093", "https://softgametime.com/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 07:32:57", "1750094", "playdigitalzone.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 07:32:57", "1750095", "https://playdigitalzone.com/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 07:32:57", "1750096", "kentexroofings.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 07:32:56", "1750097", "https://kentexroofings.com/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickChain,ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-02-18 07:29:42", "1750264", "130.12.182.109:419", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-02-18 07:29:42", "1750265", "46.151.182.245:419", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-02-18 07:29:42", "1750266", "178.16.52.166:419", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-02-18 07:29:42", "1750267", "62.60.226.193:419", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-02-18 07:29:42", "1750268", "62.60.226.199:419", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-02-18 07:29:42", "1750269", "176.117.107.186:419", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-02-18 07:29:42", "1750270", "130.12.181.219:419", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-02-18 07:29:10", "1750262", "c63e81ad806a0feeef913baf7b914c4f", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Reynolds%20Ransomware", "ransomware,reynolds", "0", "TheRavenFile" "2026-02-18 07:29:10", "1750263", "f7d7377b17fc4cdcbb783cc090d6e983", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Reynolds%20Ransomware", "ransomware,reynolds", "0", "TheRavenFile" "2026-02-18 07:21:55", "1750261", "saltcalc.oceansync.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 07:22:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 07:21:24", "1750260", "binclloudapp.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "clickfix", "0", "juroots" "2026-02-18 07:20:24", "1750258", "activitydmy.icu", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "c2,lumma", "0", "juroots" "2026-02-18 07:20:24", "1750259", "mnvgp.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "c2,lumma", "0", "juroots" "2026-02-18 07:20:02", "1750257", "marle.io", "domain", "botnet_cc", "win.matanbuchus", "None", "Matanbuchus", "", "50", "False", "", "c2,Matanbuchus", "0", "juroots" "2026-02-18 07:19:41", "1750256", "www.ndibstersoft.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "False", "", "AstarionRAT,c2", "0", "juroots" "2026-02-18 07:18:41", "1750255", "networkservice.cyou", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "False", "", "c2,TrustConnect", "0", "juroots" "2026-02-18 07:18:06", "1750241", "rompompomsigma.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750242", "th6969.top", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750243", "binance.comtr-katilim.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750244", "bchat.cc", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750245", "beetongame.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750246", "tribusadao.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750247", "siriustimes.rocks", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750248", "siriustimes.info", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750249", "chiebi.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750250", "red-letter.org", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750251", "cekrovnyshim.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750252", "ironswordzombiekiller.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750253", "yourwrongwayz.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:18:06", "1750254", "theinvestcofund.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "c2,DigitStealer", "0", "juroots" "2026-02-18 07:16:49", "1750240", "https://pastebin.com/raw/SDSD", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "False", "", "c2,xworm", "0", "juroots" "2026-02-18 07:16:18", "1750239", "watersalt.oceansync.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 07:16:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 07:10:12", "1750234", "784bc5b431fe71aaf85f7d39c014f099", "md5_hash", "payload", "win.interlock", "None", "Interlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Interlock%20Ransomware", "interlock,ransomware", "0", "TheRavenFile" "2026-02-18 07:10:12", "1750235", "9451420233168c7b0c595257d43c7b85", "md5_hash", "payload", "win.interlock", "None", "Interlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Interlock%20Ransomware", "interlock,ransomware", "0", "TheRavenFile" "2026-02-18 07:10:12", "1750236", "b2b03dfcdc2e59d81e99d20c15919a13", "md5_hash", "payload", "win.interlock", "None", "Interlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Interlock%20Ransomware", "interlock,ransomware", "0", "TheRavenFile" "2026-02-18 07:10:12", "1750237", "422755116ab311b473dd38ec88f129d9", "md5_hash", "payload", "win.interlock", "None", "Interlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Interlock%20Ransomware", "interlock,ransomware", "0", "TheRavenFile" "2026-02-18 07:10:11", "1750233", "195.65.51.199:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/195.65.51.199#8443", "c2,powersploit,shodan", "0", "juroots" "2026-02-18 07:10:10", "1750232", "163.53.152.167:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/163.53.152.167#443", "c2,powersploit,shodan", "0", "juroots" "2026-02-18 07:09:49", "1750231", "216.245.184.39:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "https://www.shodan.io/host/216.245.184.39#80", "c2,cobaltstrike,shodan", "0", "juroots" "2026-02-18 07:09:07", "1750229", "51.255.202.32:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/51.255.202.32#31337", "c2,shodan,sliver", "0", "juroots" "2026-02-18 07:09:07", "1750230", "51.254.33.199:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/51.254.33.199#31337", "c2,shodan,sliver", "0", "juroots" "2026-02-18 07:09:06", "1750227", "51.103.27.26:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/51.103.27.26#31337", "c2,shodan,sliver", "0", "juroots" "2026-02-18 07:09:06", "1750228", "167.172.199.123:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/167.172.199.123#31337", "c2,shodan,sliver", "0", "juroots" "2026-02-18 07:09:03", "1750226", "41.186.188.82:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/41.186.188.82#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2026-02-18 07:09:02", "1750225", "185.112.144.66:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/185.112.144.66#8443", "c2,gophish,phishing,shodan", "0", "juroots" "2026-02-18 07:00:40", "1750222", "114.221.148.161:47012", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "https://search.censys.io/hosts/114.221.148.161", "AS134756,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-18 07:00:39", "1750221", "114.221.148.161:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "https://search.censys.io/hosts/114.221.148.161", "AS134756,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-18 07:00:11", "1750220", "38.60.242.234:64431", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-19 02:04:07", "90", "False", "https://search.censys.io/hosts/38.60.242.234", "AS138915,C2,censys", "0", "dyingbreeds_" "2026-02-18 06:42:05", "1750219", "deepblue.oceansync.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 06:43:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 06:41:53", "1750218", "loudounmovingcompany.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/1b39f2381c32c6069ea00b1651fd16da4f497c283b2547d822ae6e884a7eab40", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci" "2026-02-18 06:39:04", "1750213", "toolitl.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-18 06:39:04", "1750214", "unrepax.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-18 06:39:04", "1750215", "imageod.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-18 06:39:04", "1750216", "skiagro.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-18 06:39:04", "1750217", "untempf.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-18 06:39:03", "1750210", "ectrodm.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-18 06:39:03", "1750211", "greekcs.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-18 06:39:03", "1750212", "massng.club", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-18 06:39:02", "1750208", "ballisr.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-18 06:39:02", "1750209", "capacif.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-18 06:38:12", "1750207", "wavetide.oceansync.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 06:39:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 06:02:12", "1750205", "boltfix.metalheart.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 06:03:07", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-18 05:15:56", "1750204", "gearsync.metalheart.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 05:16:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 05:11:57", "1750203", "http://62.182.81.38/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:11:15", "1750202", "nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:10:31", "1750199", "unrqdnruyae3bngm5txc6vgz7ny2fbdwjllzhq6eioew7te6xplyndid.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:10:31", "1750200", "khom5v7vmc2nomkze64dsbyenn3wlxkewg6dbsvt5sujl2rmrtfy4oid.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:10:31", "1750201", "erqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:10:30", "1750192", "whodusp3s2z6rnenxhv7scc2w5fzsse5cmijll2vl7fo6ezk45zssjqd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:10:30", "1750193", "dwgxeoaqykd3zdkhol5xpgsqabp4lys4ea7qpl3f2b75b2sdsex644id.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:10:30", "1750194", "usqa5b33yyc2u6kqf5au64cgj64acl2umtll76qutlmu7fckw6kh6wqd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:10:30", "1750195", "2msn5sp3af3iy2ozj4235ccsb7pnpp4tkzyxdpzutyc2sxb3mujicfyd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:10:30", "1750196", "esmhbczpio7umfnxog6bk23q3nok5fjuik2dttegvezqngg2oqklo7yd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:10:30", "1750197", "vpj6dzqat4n4hwb625a4qjpuzd3bzrjgw5zlwa3l6uiazdwjcib3y6ad.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:10:30", "1750198", "sltc7wlafwiemito2kijqlxnmjgaxrrfihztjdl25vofh7kzvs7l5dqd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Kairos%20Ransomware", "kairos,ransomware", "0", "TheRavenFile" "2026-02-18 05:03:58", "1750191", "beatlead.metalheart.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 05:04:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 04:47:41", "1750190", "corepulse.metalheart.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 04:48:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 04:02:15", "1750187", "16.79.104.189:51039", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.79.104.189", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 04:02:14", "1750185", "3.149.237.64:53088", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.149.237.64", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 04:02:14", "1750186", "168.245.203.173:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.173", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 04:02:13", "1750184", "3.149.237.64:32638", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.149.237.64", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 04:01:27", "1750183", "178.128.9.221:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-19 01:55:34", "100", "False", "https://search.censys.io/hosts/178.128.9.221", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2026-02-18 04:01:22", "1750181", "45.11.88.42:5555", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-19 02:04:57", "100", "False", "https://search.censys.io/hosts/45.11.88.42", "AS62164,C2,censys,HEYMMAN-2,RAT,Remcos", "0", "DonPasci" "2026-02-18 04:01:22", "1750182", "27.102.102.170:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-19 02:01:57", "100", "False", "https://search.censys.io/hosts/27.102.102.170", "AS45996,C2,censys,DAOU-AS-KR,RAT,Remcos", "0", "DonPasci" "2026-02-18 04:01:21", "1750179", "149.50.96.57:80", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-19 01:50:28", "100", "False", "https://search.censys.io/hosts/149.50.96.57", "AS201814,C2,censys,MEVSPACE,RAT,Remcos", "0", "DonPasci" "2026-02-18 04:01:21", "1750180", "45.11.88.42:2323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-19 02:04:55", "100", "False", "https://search.censys.io/hosts/45.11.88.42", "AS62164,C2,censys,HEYMMAN-2,RAT,Remcos", "0", "DonPasci" "2026-02-18 04:01:20", "1750178", "193.142.146.9:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-19 01:58:10", "100", "False", "https://search.censys.io/hosts/193.142.146.9", "AS213438,C2,censys,COLOCATEL-INC,RAT,Remcos", "0", "DonPasci" "2026-02-18 04:01:09", "1750177", "hostserver.cloudtrace.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 04:02:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 03:02:10", "1750176", "kittyland.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260218-btfrvadv4h", "XWorm", "0", "dyingbreeds_" "2026-02-18 03:00:22", "1750175", "212.38.88.137:7070", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2026-02-18 04:01:47", "100", "False", "https://search.censys.io/hosts/212.38.88.137", "AS215238,C2,censys,ONEMBILISIM,RAT", "0", "dyingbreeds_" "2026-02-18 03:00:21", "1750174", "185.196.10.153:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 01:56:47", "100", "False", "https://search.censys.io/hosts/185.196.10.153", "AS42624,C2,censys,SWISSNETWORK02", "0", "dyingbreeds_" "2026-02-18 03:00:19", "1750173", "200.109.215.214:443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-02-18 04:01:45", "100", "False", "https://search.censys.io/hosts/200.109.215.214", "AS8048,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-18 03:00:17", "1750172", "16.58.46.80:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-02-19 01:52:41", "100", "False", "https://search.censys.io/hosts/16.58.46.80", "AS16509,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-18 02:40:15", "1750171", "flowcloud.cloudtrace.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 02:41:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 01:48:33", "1750170", "linkedge.cloudtrace.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 01:50:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 01:46:21", "1750169", "datastream.cloudtrace.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 01:47:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 01:44:42", "1750168", "lookheat.nightvision.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 01:45:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 01:41:24", "1750167", "sightzoom.nightvision.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 01:42:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 01:34:54", "1750165", "opticscan.nightvision.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 01:35:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 01:20:27", "1750162", "darkview.nightvision.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 01:21:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 01:17:03", "1750161", "wildtimber.timberwalk.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 01:17:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 01:12:47", "1750160", "parkzone.timberwalk.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 01:13:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 01:07:49", "1750159", "woodpath.timberwalk.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 01:09:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 01:06:13", "1750158", "leafwalk.timberwalk.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 01:07:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 00:58:22", "1750157", "craftbase.stonecraft.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 00:58:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 00:18:18", "1750155", "layerstone.stonecraft.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 00:22:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 00:11:11", "1750154", "hardform.stonecraft.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 00:11:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-18 00:02:38", "1750153", "54.246.13.29:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-02-19 02:09:10", "100", "False", "https://search.censys.io/hosts/54.246.13.29", "AMAZON-02,AS16509,BianLian,C2,censys", "0", "DonPasci" "2026-02-18 00:02:31", "1750151", "43.210.161.136:13676", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.210.161.136", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 00:02:31", "1750152", "175.41.229.219:6006", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/175.41.229.219", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 00:02:30", "1750150", "56.68.116.159:8808", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/56.68.116.159", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 00:02:29", "1750149", "199.101.111.182:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.182", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-18 00:02:25", "1750148", "144.172.107.162:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/144.172.107.162", "AdaptixC2,AS14956,C2,censys,ROUTERHOSTING", "0", "DonPasci" "2026-02-18 00:02:03", "1750147", "128.90.115.176:4433", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-02-19 01:47:03", "100", "False", "https://search.censys.io/hosts/128.90.115.176", "AS40861,C2,censys,DcRAT,PARAD-40-ASN,RAT", "0", "DonPasci" "2026-02-18 00:01:38", "1750146", "165.227.242.98:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-19 01:53:48", "100", "False", "https://search.censys.io/hosts/165.227.242.98", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2026-02-18 00:01:30", "1750145", "193.26.115.167:1000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-19 01:58:16", "100", "False", "https://search.censys.io/hosts/193.26.115.167", "028f45e8dd4f225cb46a7d8003745a3a7f55d3a0,AS210558,C2,censys,RAT,Remcos", "0", "DonPasci" "2026-02-18 00:01:27", "1750144", "139.28.219.40:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-19 01:48:15", "100", "False", "https://search.censys.io/hosts/139.28.219.40", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2026-02-18 00:00:28", "1750143", "http://heradoux.com/4d54576e112f4297.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-02-18 06:04:18", "100", "False", "None", "Steal", "0", "abuse_ch" "2026-02-17 23:59:50", "1750142", "solidrock.stonecraft.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-18 00:03:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 23:54:55", "1750141", "printflow.paperbridge.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 23:55:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 23:49:43", "1750140", "maildraft.paperbridge.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 23:50:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 23:41:01", "1750139", "workbridge.paperbridge.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 23:41:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 23:40:06", "1750137", "209.54.101.177:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-17 23:49:03", "100", "False", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2026-02-17 23:33:49", "1750136", "officedesk.paperbridge.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 23:39:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 23:23:55", "1750135", "basecommand.orbitalmap.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 23:24:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 23:10:05", "1750133", "nodepoint.orbitalmap.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 23:15:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 23:00:49", "1750130", "150.139.132.244:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "https://search.censys.io/hosts/150.139.132.244", "AS136195,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-17 23:00:49", "1750131", "trenjamin-49547.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260217-1q284shv2e", "quasar", "0", "dyingbreeds_" "2026-02-17 23:00:32", "1750129", "69.167.11.146:443", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-02-18 00:02:02", "100", "False", "https://search.censys.io/hosts/69.167.11.146", "AS40861,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-17 23:00:29", "1750128", "35.173.190.86:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 02:02:58", "100", "False", "https://search.censys.io/hosts/35.173.190.86", "AS14618,C2,censys", "0", "dyingbreeds_" "2026-02-17 23:00:27", "1750127", "bkns-extrns.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-18 00:01:58", "100", "False", "https://search.censys.io/hosts/2606:4700:3030:0:0:0:ac43:b621+bkns-extrns.com", "AS13335,C2,censys", "0", "dyingbreeds_" "2026-02-17 23:00:26", "1750126", "37.148.133.242:1080", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-02-18 00:01:56", "100", "False", "https://search.censys.io/hosts/37.148.133.242", "AS210356,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-17 23:00:14", "1750125", "4.246.90.81:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-19 02:04:13", "90", "False", "https://search.censys.io/hosts/4.246.90.81", "AS8075,C2,censys", "0", "dyingbreeds_" "2026-02-17 23:00:08", "1750123", "43.134.163.224:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260217-ygkxcsbt6b", "AsyncRAT", "0", "dyingbreeds_" "2026-02-17 23:00:08", "1750124", "president-rogers.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260217-ygkxcsbt6b", "AsyncRAT", "0", "dyingbreeds_" "2026-02-17 23:00:07", "1750120", "103.165.81.230:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260217-ygkxcsbt6b", "AsyncRAT", "0", "dyingbreeds_" "2026-02-17 23:00:07", "1750121", "193.161.193.99:60470", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260217-ygkxcsbt6b", "AsyncRAT", "0", "dyingbreeds_" "2026-02-17 23:00:07", "1750122", "193.161.193.99:64425", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260217-ygkxcsbt6b", "AsyncRAT", "0", "dyingbreeds_" "2026-02-17 23:00:03", "1750119", "goodforlitme.dynuddns.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260217-1bfrkadz4a", "AsyncRAT", "0", "dyingbreeds_" "2026-02-17 22:48:57", "1750117", "trackorbit.orbitalmap.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 23:09:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 22:46:59", "1750116", "staratlas.orbitalmap.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 23:06:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 22:03:07", "1750111", "sharpedge.glasspurity.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 22:04:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 21:19:47", "1750107", "discountfoodxyr.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "False", "None", "None", "0", "threatcat_ch" "2026-02-17 21:19:46", "1750106", "myfoodxrxcrccrcxs.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "False", "None", "SocGholish", "0", "threatcat_ch" "2026-02-17 21:19:18", "1750105", "glasscube.glasspurity.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 21:32:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 21:13:25", "1750104", "purelight.glasspurity.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 21:14:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 21:10:09", "1750103", "smoothrun.rapidflow.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 21:11:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 20:59:25", "1750100", "quickstep.rapidflow.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 20:59:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 20:56:49", "1750099", "fasttrack.rapidflow.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 20:57:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 20:49:49", "1750098", "greenleaf.ancienttree.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 20:50:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 20:33:34", "1750091", "oldroot.ancienttree.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 20:34:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 20:22:48", "1750090", "wiseword.ancienttree.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 20:23:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 20:02:32", "1750089", "155.117.40.221:8080", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/155.117.40.221", "AS32097,C2,censys,PowershellEmpire,WII", "0", "DonPasci" "2026-02-17 20:02:27", "1750088", "45.114.61.57:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/45.114.61.57", "AS216154,C2,censys,CLODO,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-17 20:02:22", "1750087", "38.127.8.3:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/38.127.8.3", "AdaptixC2,AS44259,C2,censys,ULTAHOST-AP-AS", "0", "DonPasci" "2026-02-17 20:01:55", "1750086", "157.245.38.61:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 01:51:51", "100", "False", "https://search.censys.io/hosts/157.245.38.61", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2026-02-17 20:01:49", "1750085", "207.148.81.32:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-02-17 23:00:23", "100", "False", "https://search.censys.io/hosts/207.148.81.32", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci" "2026-02-17 20:01:02", "1750084", "47.119.178.247:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-17 23:00:06", "100", "False", "https://search.censys.io/hosts/47.119.178.247", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-02-17 19:42:08", "1750082", "heavychain.stronghold.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 19:42:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 19:38:32", "1750081", "metalkey.stronghold.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 19:38:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 19:25:18", "1750078", "irongate.stronghold.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 19:26:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 19:15:05", "1750077", "calmnight.gentlewind.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 19:15:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 19:11:03", "1750076", "151.243.109.247:4444", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260217-snpk8sds9a", "quasar", "0", "dyingbreeds_" "2026-02-17 19:08:07", "1750075", "summerday.gentlewind.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 19:08:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 19:00:49", "1750074", "1.94.166.110:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "https://search.censys.io/hosts/1.94.166.110", "AS55990,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-17 19:00:34", "1750071", "178.16.55.160:2323", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260217-xb9g4ahy6a", "AsyncRAT", "0", "dyingbreeds_" "2026-02-17 19:00:34", "1750072", "43.157.1.71:2323", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260217-xb9g4ahy6a", "AsyncRAT", "0", "dyingbreeds_" "2026-02-17 19:00:34", "1750073", "43.157.1.71:3232", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-19 00:02:07", "100", "False", "https://tria.ge/260217-xb9g4ahy6a", "AsyncRAT", "0", "dyingbreeds_" "2026-02-17 19:00:28", "1750070", "54.205.232.150:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 02:09:05", "100", "False", "https://search.censys.io/hosts/54.205.232.150", "AS14618,C2,censys", "0", "dyingbreeds_" "2026-02-17 19:00:27", "1750069", "34.205.26.40:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 02:02:38", "100", "False", "https://search.censys.io/hosts/34.205.26.40", "AS14618,C2,censys", "0", "dyingbreeds_" "2026-02-17 19:00:26", "1750068", "100.54.32.98:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 01:43:05", "100", "False", "https://search.censys.io/hosts/100.54.32.98", "AS14618,C2,censys", "0", "dyingbreeds_" "2026-02-17 19:00:23", "1750067", "187.209.26.195:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-02-17 20:01:52", "100", "False", "https://search.censys.io/hosts/187.209.26.195", "AS8151,C2,censys,RAT,UNINET", "0", "dyingbreeds_" "2026-02-17 19:00:11", "1750066", "34.9.91.140:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-19 02:02:52", "90", "False", "https://search.censys.io/hosts/34.9.91.140", "AS396982,C2,censys", "0", "dyingbreeds_" "2026-02-17 18:56:33", "1750065", "softbreeze.gentlewind.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 19:01:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:54:04", "1750064", "iosdhlfsg.silverpeak.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:55:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:49:42", "1750063", "forestpath.silverpeak.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:50:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:48:13", "1750062", "158.94.210.135:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-19 01:52:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-02-17 18:43:26", "1750060", "highmount.silverpeak.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:44:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:39:26", "1750059", "wildriver.silverpeak.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:40:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:33:31", "1750058", "clearview.boldstone.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:34:09", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-17 18:26:30", "1750057", "smartmind.boldstone.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:27:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:21:06", "1750056", "brightidea.boldstone.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:22:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:19:30", "1750055", "coldwater.frozenshell.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:20:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:16:57", "1750054", "deepdive.frozenshell.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:18:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:13:03", "1750053", "blueocean.frozenshell.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:14:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:09:16", "1750052", "streetart.velvetmaple.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:10:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:04:18", "1750051", "citypulse.velvetmaple.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:07:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 18:03:31", "1750050", "arbidmedhstbi-32780.portmap.host", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://tria.ge/260217-v7l1kafx9f", "C2,domain,neptunerat,rat,triage", "0", "DonPasci" "2026-02-17 18:01:22", "1750047", "lekeleke-007-bk.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-18 16:23:49", "100", "False", "https://tria.ge/260217-snpk8sds8h", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2026-02-17 18:00:39", "1750046", "gardenplan.swiftleaf.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 18:00:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:51:54", "1750041", "bookclub.swiftleaf.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:52:51", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-17 17:44:50", "1750038", "oxwv9bay.agitate6vagina.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-02-17 17:44:32", "1750037", "morningcoffee.swiftleaf.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:47:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:44:21", "1750036", "33vq3044.agitate6vagina.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:38:56", "1750034", "p1urn-vvay.plum8express.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:39:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:37:53", "1750033", "priority.plum8express.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:38:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:33:10", "1750032", "k4q8m.plum8express.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:35:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:31:37", "1750031", "grap3-llow.grape1shipping.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:32:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:28:41", "1750029", "consign.grape1shipping.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:29:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:22:46", "1750028", "a5v9n.grape1shipping.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:22:52", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-17 17:16:18", "1750026", "ch3rry-rnark.cherry5freight.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:18:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:13:45", "1750025", "pallet.cherry5freight.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:14:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:10:19", "1750024", "r2k6d.cherry5freight.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:11:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:08:42", "1750023", "app1e-vvex.apple2dispatch.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:09:20", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-17 17:02:27", "1750022", "routing.apple2dispatch.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:05:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 17:01:07", "1750021", "p8x1m.apple2dispatch.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:02:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 16:51:05", "1750020", "94.46.236.201:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:51:00", "1750012", "104.21.4.107:8080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:51:00", "1750013", "172.67.162.40:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:51:00", "1750014", "172.67.184.253:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:51:00", "1750015", "172.67.131.254:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:51:00", "1750016", "104.21.4.107:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:51:00", "1750017", "172.67.131.254:8080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:51:00", "1750018", "104.21.92.21:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:59", "1750005", "104.18.41.188:4782", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:59", "1750006", "104.21.4.107:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:59", "1750007", "104.18.41.188:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:59", "1750008", "104.21.4.107:4782", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:59", "1750010", "172.67.131.254:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:59", "1750011", "172.67.140.109:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:58", "1749996", "172.67.162.40:4782", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:58", "1749997", "104.21.15.101:4782", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:58", "1749998", "104.21.46.158:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:58", "1749999", "172.64.146.68:4782", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:58", "1750000", "172.64.146.68:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:58", "1750001", "172.67.184.253:4782", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:58", "1750003", "104.21.4.107:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:58", "1750004", "172.67.131.254:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:57", "1749992", "104.21.92.21:4782", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:57", "1749993", "104.21.15.101:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:57", "1749994", "172.67.131.254:4782", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:56", "1749991", "hoxt1.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:53", "1749990", "vps30002026.kozow.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:49", "1749989", "https://killnnk.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:48", "1749987", "https://oculusr.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:50:48", "1749988", "https://psychob.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "None", "17February2026,iocbottest", "0", "Gi7w0rm" "2026-02-17 16:41:30", "1749976", "916778d1feed61663c9e8f5c078d00c336ac87a82b685ccb32dbe7ec379576d9", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://github.com/TheRavenFile/IOC/blob/main/AsyncRAT", "asyncrat", "0", "TheRavenFile" "2026-02-17 16:41:30", "1749977", "916b80363ea9c89365599bdd0325778fd09d86f546372a88daf331b80918803a", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://github.com/TheRavenFile/IOC/blob/main/AsyncRAT", "asyncrat", "0", "TheRavenFile" "2026-02-17 16:41:30", "1749978", "916da71693c841728275298632d36b5818759e47168fce1d7bb46f07bb1e10fe", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://github.com/TheRavenFile/IOC/blob/main/AsyncRAT", "asyncrat", "0", "TheRavenFile" "2026-02-17 16:41:30", "1749979", "916f3219286e523c4ee8bf715fad92fa9c1abfa3ccb13599534ac3d537e06787", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://github.com/TheRavenFile/IOC/blob/main/AsyncRAT", "asyncrat", "0", "TheRavenFile" "2026-02-17 16:41:30", "1749980", "9175ae6271aca2fd945f94e25e6c5d1911eef6f4db110b8c082e7ff8acd00791", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://github.com/TheRavenFile/IOC/blob/main/AsyncRAT", "asyncrat", "0", "TheRavenFile" "2026-02-17 16:41:30", "1749981", "917fda2fc519cd4f12518fafd5369ffb01ae7ac017a980bbd7046cf0a6b4d9af", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://github.com/TheRavenFile/IOC/blob/main/AsyncRAT", "asyncrat", "0", "TheRavenFile" "2026-02-17 16:41:30", "1749982", "9180b650add0089b72e050e358d7cac79d5e482b605f07692f35b9a6d12d9fd8", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://github.com/TheRavenFile/IOC/blob/main/AsyncRAT", "asyncrat", "0", "TheRavenFile" "2026-02-17 16:41:30", "1749983", "9184ff2cdd05fcaf111db23123479c845b2ece2fedccc2524b2de592f9980876", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://github.com/TheRavenFile/IOC/blob/main/AsyncRAT", "asyncrat", "0", "TheRavenFile" "2026-02-17 16:41:30", "1749984", "9188647a8083afb376f0205e254e20d977c43f7adb69d148ab6197a386304fa5", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://github.com/TheRavenFile/IOC/blob/main/AsyncRAT", "asyncrat", "0", "TheRavenFile" "2026-02-17 16:41:30", "1749985", "918aaa2d3b2f55b8bfc8b5adb95d50eb758c773ccfea5a0d01d20e4f3936f3a5", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://github.com/TheRavenFile/IOC/blob/main/AsyncRAT", "asyncrat", "0", "TheRavenFile" "2026-02-17 16:41:30", "1749986", "919001f5954c094427ec6829c918836d46774dc8255119c47d87b0fc394bf43f", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://github.com/TheRavenFile/IOC/blob/main/AsyncRAT", "asyncrat", "0", "TheRavenFile" "2026-02-17 16:36:55", "1749975", "l3rn0n-llne.lemon8logistics.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 16:37:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 16:29:59", "1749974", "warehouse.lemon8logistics.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 16:30:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 16:22:44", "1749973", "c9t5q.lemon8logistics.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 16:23:06", "100", "False", "None", "17February2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-02-17 16:12:13", "1749972", "rnang0-rnix.mango6courier.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 16:13:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 16:06:03", "1749970", "handoff.mango6courier.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 16:07:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 15:49:49", "1749969", "z3n7a.mango6courier.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 15:50:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 15:42:21", "1749968", "https://gamewinners.in.net/", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "False", "", "c2,xworm", "0", "juroots" "2026-02-17 15:42:03", "1749967", "https://btceducationcenter.com/pl/js.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "50", "False", "", "c2,tiramisudropper", "0", "juroots" "2026-02-17 15:40:31", "1749966", "kittycom.doxxing.online", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-02-17 20:38:16", "50", "False", "", "c2,mirai", "0", "juroots" "2026-02-17 15:37:22", "1749965", "8.7.207.129:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/8.7.207.129#443", "c2,powersploit,shodan", "0", "juroots" "2026-02-17 15:37:04", "1749964", "58.217.132.58:54321", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "False", "https://www.shodan.io/host/58.217.132.58#54321", "c2,extreme,shodan", "0", "juroots" "2026-02-17 15:36:10", "1749963", "81.169.151.12:4443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/81.169.151.12#4443", "c2,shodan,villain", "0", "juroots" "2026-02-17 15:35:33", "1749962", "38.60.220.157:443", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://www.shodan.io/host/38.60.220.157#443", "c2,kimsuky,shodan", "0", "juroots" "2026-02-17 15:35:04", "1749961", "51.38.220.225:9443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/51.38.220.225#9443", "c2,gophish,phishing,shodan", "0", "juroots" "2026-02-17 15:34:40", "1749960", "64.176.37.51:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/64.176.37.51#31337", "c2,shodan,sliver", "0", "juroots" "2026-02-17 15:34:39", "1749957", "46.224.122.140:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/46.224.122.140#31337", "c2,shodan,sliver", "0", "juroots" "2026-02-17 15:34:39", "1749958", "0live-vvork.olive4parcel.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 15:35:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 15:34:39", "1749959", "144.172.116.13:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/144.172.116.13#31337", "c2,shodan,sliver", "0", "juroots" "2026-02-17 15:34:38", "1749955", "31.45.231.174:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-19 00:01:38", "50", "False", "https://www.shodan.io/host/31.45.231.174#31337", "c2,shodan,sliver", "0", "juroots" "2026-02-17 15:34:38", "1749956", "202.61.137.217:9002", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-02-18 23:00:24", "50", "False", "https://www.shodan.io/host/202.61.137.217#9002", "c2,shodan,sliver", "0", "juroots" "2026-02-17 15:34:15", "1749954", "216.245.184.39:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "https://www.shodan.io/host/216.245.184.39#443", "c2,cobaltstrike,shodan", "0", "juroots" "2026-02-17 15:33:46", "1749953", "107.173.3.9:1111", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-17 15:34:14", "50", "False", "https://www.shodan.io/host/107.173.3.9#1111", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2026-02-17 15:25:03", "1749952", "q97fo1tt.chattytolet.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 15:24:56", "1749951", "0ufhrxly.chattytolet.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 15:26:12", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-02-17 15:23:47", "1749949", "waybill.olive4parcel.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 15:24:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 15:15:23", "1749948", "mikantiz.ansmtpariba.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-17 19:09:05", "75", "False", "https://bazaar.abuse.ch/sample/d2914ca8bb938605016126adca6d800d8a6feda251e4936aceef35cbbfb54ca6/", "remcos", "0", "abuse_ch" "2026-02-17 15:08:57", "1749947", "m9r3p.olive4parcel.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 15:09:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 15:01:00", "1749946", "greecpt.shop", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-02-17 15:01:01", "100", "False", "https://search.censys.io/hosts/94.154.35.152+greecpt.shop", "AS202412,censys,ClickFix,OMEGATECH-AS", "0", "dyingbreeds_" "2026-02-17 15:00:44", "1749945", "112.87.174.223:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "https://search.censys.io/hosts/112.87.174.223", "AS140717,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-17 15:00:24", "1749944", "3.237.94.23:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 02:02:12", "100", "False", "https://search.censys.io/hosts/3.237.94.23", "AS14618,C2,censys", "0", "dyingbreeds_" "2026-02-17 15:00:22", "1749943", "193.42.246.38:443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-02-17 16:01:39", "100", "False", "https://search.censys.io/hosts/193.42.246.38", "AS29713,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-17 15:00:19", "1749942", "mythic.tail737292.ts.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/185.40.234.198+mythic.tail737292.ts.net", "AS36236,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-17 15:00:08", "1749940", "104.37.5.228:29810", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2026-02-17 15:00:08", "1749941", "154.219.97.238:5758", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2026-02-17 16:01:13", "75", "False", "https://search.censys.io/hosts/154.219.97.238", "AS401701,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-17 14:53:45", "1749939", "b3rry-rnove.berry9shipment.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 14:54:24", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-17 14:51:52", "1749938", "172.104.48.174:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-19 02:22:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-17 14:50:04", "1749937", "185.237.207.216:80", "ip:port", "botnet_cc", "win.socks5_systemz", "None", "Socks5 Systemz", "", "100", "False", "None", "Socks5Systemz", "0", "abuse_ch" "2026-02-17 14:49:17", "1749936", "manifest.berry9shipment.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 14:50:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 14:22:40", "1749935", "t6k2n.berry9shipment.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 14:23:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 14:10:59", "1749933", "p3ach-llnk.peach3package.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 14:12:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 14:10:31", "1749929", "http://f1231561.xsph.ru/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS35278,SPRINTHOST.RU LLC,SPRINTNAMES-RU,subdomain,webff", "0", "antiphishorg" "2026-02-17 14:10:29", "1749932", "194.59.30.30:2017", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://www.threat.rip/file/0ed5d860252188e9a0d03424029339e214c69bfbc256b705ea212f3bf0a2c9bb/config", "AUTOIT,RAT,REMCOS", "0", "Neiki" "2026-02-17 13:45:34", "1749930", "dinoswamachine.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-17 15:00:31", "75", "False", "https://bazaar.abuse.ch/sample/0ed5d860252188e9a0d03424029339e214c69bfbc256b705ea212f3bf0a2c9bb/", "remcos", "0", "abuse_ch" "2026-02-17 13:28:08", "1749928", "crate.peach3package.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 13:29:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 13:20:57", "1749916", "172.86.113.29:8445", "ip:port", "botnet_cc", "win.resolver_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://www.threat.rip/file/4644d33f3c434fb4d8cacac6d8c302eff28b50453e539943d521d16a285a6031/config", "COLLECTION,DISCOVERY,NETREACTOR,PROTECTOR,PUREHVNC,SPYWARE,STEALER", "0", "Neiki" "2026-02-17 13:20:21", "1749926", "ni7zcfqx.gas98generator.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-02-17 13:20:02", "1749925", "zgxymk8f.gas98generator.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 13:20:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 13:15:19", "1749920", "38.246.251.131:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-02-17 13:13:30", "1749919", "q4m8v.peach3package.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 13:14:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 13:04:52", "1749918", "rnint-vvave.mint7delivery.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 13:07:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 12:41:24", "1749915", "courier.mint7delivery.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 12:42:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 12:31:36", "1749914", "christinehoffman.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://x.com/suyog41/status/2023736036354843065", "c2,domain,macsync,stealer", "0", "DonPasci" "2026-02-17 12:31:06", "1749913", "x7p9a.mint7delivery.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 12:32:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 12:30:37", "1749859", "128.0.1.9:9302", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-02-18 20:04:54", "100", "False", "https://www.threat.rip/file/f7278de146714fe6f7eda96c380542b340c4d67e9962848ecd6162eadc33f0b6/config", "AUTO-REG,AUTO-STARTUP,DEFENSE_EVASION,DISCOVERY,EXECUTION,LOADER,NETREACTOR,PERSISTENCE,quasar", "0", "Neiki" "2026-02-17 12:30:32", "1749889", "80.46.218.20:4444", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://www.threat.rip/file/ca1f1e466be5e3a208c9b65bbdecd272e24004b8ca4adb63be5aa63e0ba318b3/config", "EXECUTION,RAT,XWORM", "0", "Neiki" "2026-02-17 12:30:27", "1749898", "https://bnr.international/?id=9228023&__cf_chl_rt_tk=0WTT341v83OfTlu9_sVt0mpCGs8eiXGuXRj0LgIbMkt4-1759406441-1.0.1.1-cKgxnjeNC3bilN23wwtGd4ZTe00EYBZDCXqqw55zKFcc", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/bnr.international", "ClickFix", "0", "CarsonWilliams" "2026-02-17 12:23:37", "1749912", "agitate6vagina.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 17:44:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 12:02:40", "1749911", "https://youngjo.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "https://tria.ge/260217-nynpgahs2g", "C2,lumma,stealer,triage", "0", "DonPasci" "2026-02-17 12:02:30", "1749910", "64.176.37.51:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/64.176.37.51", "AS-VULTR,AS20473,C2,censys,CobaltStrike,open-dir", "0", "DonPasci" "2026-02-17 12:02:21", "1749909", "144.31.221.96:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/144.31.221.96", "AdaptixC2,AS210457,C2,censys,KYONIX", "0", "DonPasci" "2026-02-17 12:02:17", "1749908", "193.29.13.97:5885", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-02-18 20:02:22", "100", "False", "https://tria.ge/260217-n362lsht4a", "AS42397,C2,quasar,rat,triage", "0", "DonPasci" "2026-02-17 12:01:57", "1749907", "102.98.120.190:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-02-19 01:43:31", "100", "False", "https://search.censys.io/hosts/102.98.120.190", "AS36925,ASMedi,C2,censys,Netsupport,RAT", "0", "DonPasci" "2026-02-17 12:01:52", "1749906", "54.209.247.186:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 02:09:06", "100", "False", "https://search.censys.io/hosts/54.209.247.186", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci" "2026-02-17 12:01:03", "1749905", "47.110.69.92:1042", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-19 00:48:44", "100", "False", "https://search.censys.io/hosts/47.110.69.92", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-02-17 11:57:17", "1749903", "gi9d0czb.serve5woodman.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-02-17 11:56:03", "1749902", "3k71xodj.serve5woodman.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 11:56:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 11:25:54", "1749896", "futureplan.brightminds.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 11:26:43", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-02-17 11:17:30", "1749890", "192.109.200.61:1912", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "False", "https://x.com/K_N1kolenko/status/2023701586002747825", "AS51396,c2,PFCLOUD,redline,stealer", "0", "DonPasci" "2026-02-17 11:17:30", "1749891", "62.164.177.107:15847", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "False", "https://x.com/K_N1kolenko/status/2023701586002747825", "AS215929,c2,DATACAMPUS,redline,stealer", "0", "DonPasci" "2026-02-17 11:17:30", "1749892", "184.164.77.50:5775", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "False", "https://x.com/K_N1kolenko/status/2023701586002747825", "AS53755,c2,IOFLOOD,redline,stealer", "0", "DonPasci" "2026-02-17 11:13:05", "1749888", "wiseword.brightminds.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 11:13:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 11:05:04", "1749886", "aircraftinteriorandpaint.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci" "2026-02-17 11:04:28", "1749885", "phoenixfilmproductions.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci" "2026-02-17 11:00:27", "1749884", "force-007-bk.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-18 09:34:46", "100", "False", "https://tria.ge/260217-k319ksd18b", "Remcos", "0", "dyingbreeds_" "2026-02-17 11:00:07", "1749883", "101.132.167.9:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-19 02:18:24", "100", "False", "https://search.censys.io/hosts/101.132.167.9", "AS37963,C2,censys", "0", "dyingbreeds_" "2026-02-17 10:53:49", "1749882", "23.52.4.92:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-19 02:23:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-17 10:53:48", "1749881", "23.52.4.92:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-19 02:23:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-17 10:53:13", "1749880", "119.91.54.176:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-19 02:20:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-17 10:53:12", "1749879", "119.91.54.176:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-19 02:20:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-17 10:37:23", "1749878", "warmshore.gentlewave.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 10:38:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 10:16:49", "1749875", "summerbreeze.gentlewave.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 10:17:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 10:09:35", "1749874", "kenaifj.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-02-18 06:39:03", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-17 10:09:34", "1749873", "captaid.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-02-18 06:39:04", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-17 10:09:33", "1749869", "diplomi.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-02-18 06:39:05", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-17 10:09:33", "1749870", "schoole.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-02-18 06:39:02", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-17 10:09:33", "1749871", "leafyrm.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-02-18 06:39:03", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-17 10:09:33", "1749872", "automaf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-02-18 06:39:02", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-17 10:09:32", "1749868", "littlep.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-02-18 06:39:03", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-02-17 09:51:14", "1749867", "calmwater.gentlewave.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 09:52:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 09:37:53", "1749865", "strongmetal.ironpulse.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 09:38:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 09:26:34", "1749863", "smoothride.velvetroad.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 09:27:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 09:12:20", "1749860", "redcarpet.velvetroad.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 09:13:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 08:57:46", "1749855", "softtouch.velvetroad.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 09:03:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 08:48:08", "1749854", "64.225.101.164:2096", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-02-19 02:09:54", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-02-17 08:27:01", "1749853", "m9jn8b8q.ostroy56sagacious.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-02-17 08:25:39", "1749852", "3uwms13u.ostroy56sagacious.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 08:26:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 08:25:12", "1749851", "longway.hiddenpath.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 08:26:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 08:02:09", "1749850", "168.245.203.151:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.151", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-17 08:02:02", "1749849", "23.236.64.238:8080", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "False", "https://search.censys.io/hosts/23.236.64.238", "AS136897,C2,censys,ENJOYVC-AS-AP,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2026-02-17 08:01:40", "1749848", "98.86.172.85:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 02:16:31", "100", "False", "https://search.censys.io/hosts/98.86.172.85", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci" "2026-02-17 08:01:39", "1749847", "98.87.167.138:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 02:16:32", "100", "False", "https://search.censys.io/hosts/98.87.167.138", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci" "2026-02-17 08:01:35", "1749846", "95.163.86.204:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2026-02-17 11:00:19", "100", "False", "https://search.censys.io/hosts/95.163.86.204", "AS12695,C2,censys,DINET-AS,Hookbot", "0", "DonPasci" "2026-02-17 08:01:16", "1749845", "64.89.163.98:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-19 02:10:27", "100", "False", "https://search.censys.io/hosts/64.89.163.98", "AS401626,C2,censys,NETIFACE-TORONTO,RAT,Remcos", "0", "DonPasci" "2026-02-17 07:58:00", "1749839", "172.86.126.99:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:58:00", "1749840", "188.245.84.214:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:58:00", "1749841", "188.245.95.148:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:58:00", "1749842", "89.167.66.199:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:58:00", "1749843", "65.21.165.15:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:58:00", "1749844", "217.156.66.67:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:57:59", "1749838", "89.167.61.22:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:57:31", "1749835", "https://65.21.165.15/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:57:31", "1749836", "https://217.156.66.67/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:57:31", "1749837", "https://188.245.92.11/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:57:30", "1749829", "https://89.167.61.22/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:57:30", "1749830", "https://172.86.126.99/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:57:30", "1749831", "https://188.245.84.214/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:57:30", "1749832", "https://46.225.141.150/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:57:30", "1749833", "https://188.245.95.148/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:57:30", "1749834", "https://89.167.66.199/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:56:03", "1749828", "lostforest.hiddenpath.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 07:57:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 07:48:56", "1749827", "secretdoor.hiddenpath.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 07:50:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 07:43:53", "1749824", "pnl.gadgetwalabd.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:43:53", "1749825", "pnl.alpinematters.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:43:44", "1749823", "iceshore.frozengrove.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 07:45:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 07:43:35", "1749821", "https://pnl.gadgetwalabd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:43:35", "1749822", "https://pnl.alpinematters.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-17 07:26:30", "1749818", "puresnow.frozengrove.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 07:27:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 07:25:38", "1749817", "obiproject2026.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-18 20:34:58", "75", "False", "https://bazaar.abuse.ch/sample/13ea932a7f860bdb654fcd61e7768b9dbe289799746ea015d3c54a5ff26f32a3/", "remcos", "0", "abuse_ch" "2026-02-17 07:25:37", "1749816", "coscoshippingjp.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-17 11:02:18", "75", "False", "https://bazaar.abuse.ch/sample/6de8375728eaef7c8c75350d2f9e0b2fc6a33d41857eab4e38f7a46db88ce272/", "xworm", "0", "abuse_ch" "2026-02-17 07:22:25", "1749805", "d091044df4c4460bd09639ffcf8db698", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/0APT%20Ransomware", "0apt,ransomware", "0", "TheRavenFile" "2026-02-17 07:22:23", "1749804", "5d690458e0fd75c8974432bdf959880f", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/0APT%20Ransomware", "0apt,ransomware", "0", "TheRavenFile" "2026-02-17 07:22:22", "1749802", "cfd867dd8fdfa1def0a4f08cf7aa15f4", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/0APT%20Ransomware", "0apt,ransomware", "0", "TheRavenFile" "2026-02-17 07:22:22", "1749803", "8dc3a01066ae1b9a6f644e8665d9063b", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/0APT%20Ransomware", "0apt,ransomware", "0", "TheRavenFile" "2026-02-17 07:22:21", "1749801", "e6118555c604ed356a4b7a92fdea9a3b", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/0APT%20Ransomware", "0apt,ransomware", "0", "TheRavenFile" "2026-02-17 07:22:19", "1749800", "630fbeb78d7e1a6bd571c95cf502a718", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/0APT%20Ransomware", "0apt,ransomware", "0", "TheRavenFile" "2026-02-17 07:22:17", "1749798", "1190ea7d6fd3c1f7f3c5812dcca53e64", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/0APT%20Ransomware", "0apt,ransomware", "0", "TheRavenFile" "2026-02-17 07:22:17", "1749799", "3661547ea3020e0dadb30e6001994464", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/0APT%20Ransomware", "0apt,ransomware", "0", "TheRavenFile" "2026-02-17 07:22:16", "1749797", "9e415797ba2d9f8feeb74649f9d5323d", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/0APT%20Ransomware", "0apt,ransomware", "0", "TheRavenFile" "2026-02-17 07:22:13", "1749795", "5.252.153.240:2055", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-17 18:01:37", "100", "False", "https://www.threat.rip/file/1e71fe6272c98cda8d736bd6cb0b3426050d92dec0d881ad1cb8f7d2942b51db/config", "ADWARE,ANTI-EVASION,DISCOVERY,EXECUTION,LOADER,PERSISTENCE,RAT,SPYWARE,xworm", "0", "Neiki" "2026-02-17 07:14:53", "1749815", "winterland.frozengrove.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 07:16:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 07:01:28", "1749813", "clearfocus.boldvision.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 07:02:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 07:00:22", "1749812", "3.85.107.177:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 02:02:20", "100", "False", "https://search.censys.io/hosts/3.85.107.177", "AS14618,C2,censys", "0", "dyingbreeds_" "2026-02-17 07:00:18", "1749811", "66.42.49.168:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-02-19 02:10:41", "100", "False", "https://search.censys.io/hosts/66.42.49.168", "AS20473,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-17 06:51:45", "1749810", "smartstep.boldvision.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 06:57:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 06:42:39", "1749806", "insectwoman.space", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-02-17 06:42:39", "1749807", "quartershoes.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "2026-02-17 06:42:39", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-02-17 06:42:39", "1749808", "lakecars.info", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-02-17 06:37:38", "1749796", "newidea.boldvision.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 06:38:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 06:28:25", "1749792", "deepblue.silentpeak.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 06:29:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 06:19:50", "1749535", "33vy2hv2v7hoy4q.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "100", "False", "https://www.threat.rip/file/79dcb6bdf84fdae64873b6fe27c9d52bf30cb4d7c545b13035cfdbe4adb12182/config", "AUTOIT,DISCOVERY,FORMBOOK,OU07,PERSISTENCE,RAT,SPYWARE,STEALER", "0", "Neiki" "2026-02-17 06:19:47", "1749536", "https://193.222.99.212/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/193.222.99.212", "ClickFix", "0", "CarsonWilliams" "2026-02-17 06:19:46", "1749537", "185.177.57.81:23", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-02-17 18:23:29", "80", "False", "None", "mirai", "0", "seckle" "2026-02-17 06:19:45", "1749764", "39.99.25.80:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-02-17 06:03:12", "100", "False", "https://www.threat.rip/file/aae5bac0f016919450d190fee6a06751a58ccf9e70341eba2fb0de7d8a0c84c9/config", "ANTIVM,DISCOVERY,EVASION,QUASAR,RAT,RUST,SPYWARE,TOR", "0", "Neiki" "2026-02-17 06:19:40", "1749781", "82.26.74.181:3778", "ip:port", "botnet_cc", "win.mirai", "None", "Mirai", "2026-02-17 14:20:11", "100", "False", "https://www.threat.rip/file/a142ecb42ebb35c6525adfc0c382910ffbc6ce115f756b5be86c4b2621d85c89/config", "BOTNET,DEFENSE_EVASION,DISCOVERY,LINUX,LZRD,MIRAI,UPX", "0", "Neiki" "2026-02-17 06:19:39", "1749782", "165.245.189.98:8008", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-17 16:51:06", "100", "False", "https://www.threat.rip/file/2a09dab29df767bb610ac4aec07671e3407617b2c0800d4e0df6550d4c07be4a/config", "ANTIVM,PERSISTENCE,RAT,RUST,TROJAN,XWORM", "0", "Neiki" "2026-02-17 06:19:30", "1749488", "hayesmed.com", "domain", "botnet_cc", "js.ether_rat", "None", "EtherRAT", "", "75", "False", "", "EtherRat", "0", "RacWatchin8872" "2026-02-17 06:19:29", "1749487", "regancontrols.com", "domain", "botnet_cc", "js.ether_rat", "None", "EtherRAT", "", "75", "False", "", "EtherRat", "0", "RacWatchin8872" "2026-02-17 06:19:27", "1749485", "95.148.150.125:3074", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-17 16:51:05", "100", "False", "https://www.threat.rip/file/4b34a82a01369fd35c9d23c5c696456501baf662fd60de80073c734683a8f4e9/config", "AUTO-REG,AUTO-STARTUP,EVASION,RAT,TROJAN,XWORM", "0", "Neiki" "2026-02-17 06:19:21", "1749478", "107.152.32.98:3919", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://www.threat.rip/file/ff78453dd1e15807c6bd8cb7257bef8449c43ad8e3bebccd180890d02a923eb8/config", "AUTO-REG,AUTO-STARTUP,EVASION,RAT,TROJAN,XWORM", "0", "Neiki" "2026-02-17 06:19:18", "1749467", "172.94.9.74:8279", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://www.threat.rip/file/6bb3c19f1ed89ba8150785d5804b641b80d04d60fa5ed3f589d98621ffe4b23b/config", "HOST64,PHISHING,RAT,REMCOS,REMOTE", "0", "Neiki" "2026-02-17 06:19:17", "1749466", "138.199.59.4:60736", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-18 20:01:34", "100", "False", "https://www.threat.rip/file/e11e9dfee481306ee6ceca79809fb27a04c956b88f0a0681feeb6c021ff28b73/config", "ADEMOLA,COLLECTION,DISCOVERY,RAT,REMCOS", "0", "Neiki" "2026-02-17 06:19:15", "1749464", "152.89.162.5:50481", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-02-18 20:01:36", "100", "False", "https://www.threat.rip/file/9b9741b708470ed3cd6506dc7d7a7b0739806740aee472767fe51ab04abf650b/config", "COLLECTION,DISCOVERY,RAT,REMCOS,REMOTEHOST", "0", "Neiki" "2026-02-17 06:19:11", "1749461", "16.78.248.241:4832", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://www.threat.rip/file/e792b1c4655340b8b1437deaa0e039c311eab876748a79fe759cc4939921ae3d/config", "AUTO-REG,AUTO-STARTUP,BINDER,CRYPTO-REGEX,DEFENSE_EVASION,EXECUTION,GENERIC,IMS-API,xworm", "0", "Neiki" "2026-02-17 06:18:54", "1749421", "sfkjsdhfsdfsdhsken.cfd", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "2026-02-18 10:31:35", "100", "False", "None", "c2,loader,StealC,stealer,testbuild", "0", "Bitsight" "2026-02-17 06:15:29", "1749791", "http://192.168.158.128:80/jquery-3.3.2.slim.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "False", "https://bazaar.abuse.ch/sample/478c33a64d55fcce7c037d5c351412857a0714c086e6e142f01efb05c4797361/", "cobaltstrike", "0", "abuse_ch" "2026-02-17 06:13:29", "1749790", "highstone.silentpeak.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 06:14:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 06:04:57", "1749788", "77.223.83.36:1111", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2026-02-17 16:42:48", "100", "False", "https://tria.ge/260217-d2hyaaew8c", "AS51604,C2,njrat,triage", "0", "DonPasci" "2026-02-17 06:04:57", "1749789", "recently-dsc.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260217-asgr3sax3b", "C2,domain,njrat,triage", "0", "DonPasci" "2026-02-17 06:03:28", "1749787", "https://littlep.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "https://tria.ge/260217-atg48say6g", "C2,lumma,stealer,triage", "0", "DonPasci" "2026-02-17 05:58:43", "1749785", "coldwind.silentpeak.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 05:58:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 05:54:05", "1749784", "oldbridge.urbanharvest.coupons", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-17 05:55:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-02-17 04:02:15", "1749780", "193.222.99.212:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/193.222.99.212", "AS215439,C2,censys,clickfix,first-stage,PLAY2GO-NET", "0", "DonPasci" "2026-02-17 04:02:12", "1749779", "108.242.221.141:1337", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/108.242.221.141", "AS7018,ATT-INTERNET4,C2,censys,Starkillerc2", "0", "DonPasci" "2026-02-17 04:02:07", "1749777", "168.245.203.163:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.163", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-17 04:02:07", "1749778", "168.245.203.135:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.135", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-17 04:02:06", "1749776", "168.245.203.174:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/168.245.203.174", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-02-17 04:01:39", "1749775", "185.196.10.153:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-19 01:56:46", "100", "False", "https://search.censys.io/hosts/185.196.10.153", "AS42624,C2,censys,Havoc,SWISSNETWORK02", "0", "DonPasci" "2026-02-17 04:01:31", "1749774", "155.117.42.89:3387", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-19 01:51:10", "100", "False", "https://search.censys.io/hosts/155.117.42.89", "AS32097,AsyncRAT,C2,censys,RAT,WII", "0", "DonPasci" "2026-02-17 03:00:41", "1749770", "premium303202101-62037.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260217-c61s8adw4h", "quasar", "0", "dyingbreeds_" "2026-02-17 03:00:40", "1749769", "service.viewdns.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260217-dbvjdsdx4d", "quasar", "0", "dyingbreeds_" "2026-02-17 03:00:19", "1749768", "197.144.114.233:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-19 01:58:52", "100", "False", "https://search.censys.io/hosts/197.144.114.233", "AS36884,C2,censys,MAROCCONNECT,RAT", "0", "dyingbreeds_" "2026-02-17 03:00:18", "1749767", "155.117.42.89:3390", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-19 01:51:11", "100", "False", "https://search.censys.io/hosts/155.117.42.89", "AS32097,C2,censys,RAT", "0", "dyingbreeds_" "2026-02-17 03:00:17", "1749766", "178.16.54.125:8281", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-19 01:55:42", "100", "False", "https://search.censys.io/hosts/178.16.54.125", "AS202412,C2,censys,OMEGATECH-AS,RAT", "0", "dyingbreeds_" "2026-02-17 02:49:18", "1749765", "172.104.48.174:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-19 02:22:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-17 02:41:28", "1749761", "8a48d4d963d97409c5062b062eaef86aee920c95", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:28", "1749762", "e5a5f1d25e05687a214f1305ab6ab307dadbcf997e6f632756b67c9579a5fe0e", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:28", "1749763", "b3ee8558ad35d1531f5f8458f649f5a9", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:27", "1749758", "8f3f87f8124226e105547e25354e7e9a7b47e581", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:27", "1749759", "84bd20bcb88426402c4a3c96d8012396f83387a84b7abc1a6e90c2babebb42bd", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:27", "1749760", "bac6d07fdf0af3be55f59cfec3b81ecc", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:26", "1749756", "ba01212cab818c10e49100909a254a5435cef8b8303fa6fa06a233d53ce9851e", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:26", "1749757", "3ffaad7e9e51b07906da9d61ad39404f", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:25", "1749754", "59d52d256824628dd0a74d7e3c9aacf3", "md5_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:25", "1749755", "2c5eca61f0f29eaf8a2e95112cb17b2ab2b21aab", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:24", "1749751", "d4ac4d684aca924c9d532c245c016c2a", "md5_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:24", "1749752", "b59cf2d0fc52bbf96c8be0b99eeac88c0eecf1fa", "sha1_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:24", "1749753", "f85fa6d136c46a60acfaf9b11265f602c998483aef7df93a00b456d0f3d81f3a", "sha256_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:23", "1749749", "09a92d46171ab4e1ad66e2b3e55d852b136d8a48", "sha1_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:23", "1749750", "5cdfb23517d671d3b2c0535b23d80dbc8b053288e881b4f5eb2f1221f1e7a7fc", "sha256_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:22", "1749746", "f4dac56afcf37920b8b4fe3ec9a80a188894c26c", "sha1_hash", "payload", "win.supper", "SocksShell,ZAPCAT", "Supper", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:22", "1749747", "0ecbe1f822dfe8275839a986aef349a04d6772a2beee2c4269670fbb5456326a", "sha256_hash", "payload", "win.supper", "SocksShell,ZAPCAT", "Supper", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:22", "1749748", "041df33cd831ea3fc016739bec8ea5ce", "md5_hash", "payload", "win.supper", "SocksShell,ZAPCAT", "Supper", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:21", "1749744", "242141d9d23761573731b5f0a0f2a5039a6b8bb5209e167d93ea804802f15762", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:21", "1749745", "e8a704676c9126c14c906daf05c253f7", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:20", "1749741", "3b93465de33b87e03e1932381c60acfd13f461e6ce8cc129b2ca0d04680321f8", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:20", "1749742", "bc4c0ce8eae6f204f43463e68e0ec9a7", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:20", "1749743", "e2b408fc48bec20c291debe57106da86b701d694", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:19", "1749739", "9e2680ec218149172b907cc2cea317d0", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:19", "1749740", "8c073b2130029047738696a02ba8dc86f7eb44fe", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:18", "1749737", "12917abafe923dca6d8330a9fe26e68f24464ed6", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:18", "1749738", "39956757770b52c819454aa6cf995788b0a0936fffee040840190a85dd216b90", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:17", "1749734", "7259f95f38eb75a041931987b4ddc085ec305c95", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:17", "1749735", "661c4da0df6414e3cf7855d47a142cc9858c1174cc992f29423e48ce420585e0", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:17", "1749736", "20a6ed775055079fee7b4ef38feb0953", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:16", "1749732", "946baa56681d7e954c471671a8eeb9161a208e0e2f1d2c2587eaafcea8d1d5fd", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:16", "1749733", "840b29f5ca79f891d0eac37b2fc051f7", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:15", "1749729", "443250c909c83c83d1d83ca3cbd2a78d733975846bc1a37070ff35270b15fbbd", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:15", "1749730", "49e9af3d4585bd4260a10610109d9413", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:15", "1749731", "2ba02de0ce097d9d341ad66d1b31803cff596486", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:14", "1749727", "0a55fdd678e7eeee241f099521127d44", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:14", "1749728", "f8fcbbc72fe2802ea01742184e085b2aaf2ca9cb", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:13", "1749724", "f27b7ce935b94a4f6d2161045f856828", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:13", "1749725", "357495d9f4c8fede6911513318d9f3ade95c2cd0", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:13", "1749726", "eed530be238362cf60c7df47bbca25eab79e72cf4e38a5ba721a733d0bc58f72", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:12", "1749722", "0c5b0574def07196f67146901106772f25b2b3eb", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:12", "1749723", "029408279ffb95072a4db3e897ee94d90e596acf654335900559256c6275a393", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:11", "1749720", "43c461a4a1a5fd99d59ce9658684d98ad58066bf43e287e2cff4556db6491d17", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:11", "1749721", "3c0d11cb8a85f45d9e731656cdb8e331", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:10", "1749717", "ca794c3f195c82821b6f589922078fa5f7d1cf414f92e4888d4c059625a9c2a9", "sha256_hash", "payload", "win.nircmd", "None", "NirCmd", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:10", "1749718", "ee3533a82e2c3ed9da31c231210c0ae7", "md5_hash", "payload", "win.nircmd", "None", "NirCmd", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:10", "1749719", "60575e21e3ea83765fa1a7e634eba1a02d6eaf23", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:09", "1749715", "d22ddcb7afc0775dc7209f2a290486bc", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:09", "1749716", "0cd9274ae1e4f0f48599a38d9315149e36aa1038", "sha1_hash", "payload", "win.nircmd", "None", "NirCmd", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:08", "1749713", "7a7aee89ebf591a146e9301921621014cb554293", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:08", "1749714", "76be3869428b6347166474e887d25a44d724e3e6219296fa7a955cef8dddc188", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:07", "1749711", "12db648c3d516bb4210f37388077273757ea792168a6c32a9c0210cbfc7c01f9", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:07", "1749712", "c0214c5ac40753c905e4ecf9c4a8b48e", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:06", "1749710", "8cbb0796cce9e55c5ad359ec5a9628a06908d627", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:05", "1749709", "950a6a1ac9e2ad85825d92cfa0d05450", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:41:03", "1749708", "65b0527432ef7191e3c508acc9ba572c69c1766d5a77d790a2b023b2be5b8408", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:59", "1749707", "b0200ff53426cdd2f66b28726fdbe43d69665094", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:56", "1749706", "37ad7098d7acee103744a1c6b8348d53", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:53", "1749705", "18d6578597cd7ae049bca4cd384f433e76a9450487b546b969e6bdd501374645", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:51", "1749704", "fd919ff9457a57b0f0249441ad6b2fae0f252eca", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:49", "1749703", "f73123dd49c2beaca2cd3de2efc6c7ac", "md5_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:47", "1749702", "cedec56282110dfd147a834510359492d6b5d257d84479a5a197e71c3326e5a8", "sha256_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:44", "1749701", "a8a89c3b0309d341fd543dc688baf28d72c43bf2", "sha1_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:42", "1749700", "7ef235962448b7af4c8cd4a0e088b335", "md5_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:40", "1749699", "6e18c47a50b490e515f6a10b5078a96c305a33cb4d82e3b7e283e614551d7598", "sha256_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:38", "1749698", "2cef5c80e27dcfcdfab21f1b315a32d36291a78f", "sha1_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:35", "1749697", "7dbbeeac2b391b5259f6d679ef626910", "md5_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:33", "1749694", "a00fbfa009193dc539c8529e627f605c", "md5_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:33", "1749695", "3b25fd6459378067556ef9ad7ab4c396ecc25c3c", "sha1_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:33", "1749696", "9ee91363392ad72e1d7f9303b814daaa50c66fa0eea0bd3ded99d6d150c59b52", "sha256_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:32", "1749691", "97146b358f90dfa1d89776fb32d1682e", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:32", "1749692", "06846c3de18e787bf8e2083d352dbc471986bbd7", "sha1_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:32", "1749693", "f0bb1a589cf20f4fa0bbbea3eeb1fff6cd486d992c424d14c21991320b6d84da", "sha256_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:31", "1749689", "11eb2aab92059c1c7c583d85d6c9d62246431e5f", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:31", "1749690", "43b15dbf32e4154e6c1ab84a79de344a2c850ff60f06b760b92773e860977f6c", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:30", "1749687", "f3b687584a8e29f3d54785fdd1ce1946d02622b047913a888f2301b019166a99", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:30", "1749688", "8be4c1add832b8c0394386c4247f54a2", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:29", "1749684", "a99b033ba05647d37a7e1e9de591fb6cb27495cd0368a1b165fbf8fde3785e2f", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:29", "1749685", "7fa7511894c2792a3709f4e8ef4ec6b4", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:29", "1749686", "25090fc5fa00dd6eb7b352be110850583b53e9c3", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:28", "1749682", "db46e796aeb3824eb0f596b3e0e7fd1b", "md5_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:28", "1749683", "5c6d43d7969ffc9a22553e9b4eb0b03ae2889b3d", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:27", "1749679", "dcc076d82ee3a43c1a3b49acbc0e62ee", "md5_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:27", "1749680", "4725155e6b18d14ed94bcef69a03b48a170d4298", "sha1_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:27", "1749681", "39d89923c65fd5f1d9957c9596e0c6fa9626cd24f2a6956639fd161e6bc70ea4", "sha256_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:26", "1749677", "b5f0f1bbe80a8ffced6285b6176c74d3ff9f98d5", "sha1_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:26", "1749678", "b640c53e2c02f08aa8ca3db62c628abcaa1694ffec33a59d69d88f5e2d1552aa", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:25", "1749675", "04ab45a1a3c818e4e692eeba6cb7ea63a509cebef49fd091debbbf999c02d912", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:25", "1749676", "a1afc5cb7828f8818ff21572db79c1d7", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:24", "1749672", "6f466f0e001ee50ca00fe7bb525370d9b1f88c40adbde7093392af61219d2695", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:24", "1749673", "5e19deb7f87f34a5f5f495334d24357e", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:24", "1749674", "8b4bef7a9a8fcf86d8c3bd981733e17616851e13", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:23", "1749670", "93218f371953ac8fc557c49a7faf8bf0", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:23", "1749671", "aa43e6e04ac86d7875b33e15f5db7d6a13e2ecaa", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:22", "1749667", "5307636781488382441a6761e9923cc8", "md5_hash", "payload", "win.bluefox", "None", "BlueFox", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:22", "1749668", "b0c3ee1835e693017e5951fe379141a35528b165", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:22", "1749669", "5d0232de29690795c3eb9c11a8d87db47827689da7223bc0ec9c5f181fbd1698", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:21", "1749665", "44b75eb1a7368b7f8b227b1f5dfeffbcd1802ef5", "sha1_hash", "payload", "win.bluefox", "None", "BlueFox", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:21", "1749666", "b32d1a2b8c3bbe74e196486a6a526aa69aa2881571357f671fabedd0f8a6d825", "sha256_hash", "payload", "win.bluefox", "None", "BlueFox", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:20", "1749664", "14986666ce64cdc5b6b598b4ee6fd52f", "md5_hash", "payload", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:19", "1749663", "ed113062652d388bdf3397d05a197a48d3558e8db4c94f0cf37d2b0a0fe463e2", "sha256_hash", "payload", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:17", "1749661", "22801a17523f7e65b72f00b9d8560fce", "md5_hash", "payload", "win.nircmd", "None", "NirCmd", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:17", "1749662", "cc9e0f72780bb1afa1e732bc8a5da64c81c08add", "sha1_hash", "payload", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:16", "1749658", "8a20ec937144c98dd5e1a116aa3d7aab", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:16", "1749659", "62577c9bf508b3132b45f11e930a443205d64b16", "sha1_hash", "payload", "win.nircmd", "None", "NirCmd", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:16", "1749660", "60fd68930f6e7ae7dea56dfb69d5fd0a3a1993bc74bb15315abede65f35a0743", "sha256_hash", "payload", "win.nircmd", "None", "NirCmd", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:15", "1749655", "121704c1c4c8f3a19b13729ce18db83d", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:15", "1749656", "1c465fd788d0f2dab92bb355d8af1cf5cd9be6d7", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:15", "1749657", "93e58a581fb7d8255acb59225be980d5e45c41e23840f6826946dbfc72bed743", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:14", "1749652", "c8a8ad7ea40d30ae1ed471125f13be0f", "md5_hash", "payload", "win.prometei", "None", "Prometei", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:14", "1749653", "28d158edc611010b2409b249aafa2988b7e85b40", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:14", "1749654", "51b75e29d01f4e045dc478bf0e24ad13f8b08ebadfc5a3d301ec24a3e877abc2", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:13", "1749649", "93a98cfce14d9bb3739b259df5828407", "md5_hash", "payload", "win.prometei", "None", "Prometei", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:13", "1749650", "a99bbdf36a197c967ee66231d2492783ba113736", "sha1_hash", "payload", "win.prometei", "None", "Prometei", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:13", "1749651", "64a2036d846439a93e463803522ecacb7764eb01f1a0aeb8bc72d740294493bc", "sha256_hash", "payload", "win.prometei", "None", "Prometei", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:12", "1749646", "81ace1ccb94bf75f40db64d3a685d695", "md5_hash", "payload", "win.purpleink", "None", "purpleink", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:12", "1749647", "3b44af6b22bd84efe76c17214117e1a107d742e5", "sha1_hash", "payload", "win.prometei", "None", "Prometei", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:12", "1749648", "247a8cd0ece762055e9bffecd1e1cbc0aad0719a37926083dcb01402d364eae5", "sha256_hash", "payload", "win.prometei", "None", "Prometei", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:11", "1749644", "647408698375891951a34ee4417b389a0d8e264d", "sha1_hash", "payload", "win.purpleink", "None", "purpleink", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:11", "1749645", "d2aa7cd8ec3ca9782b4ecffe1c2fc20b9ca6da3a999ade3c5df0d4b8b856d620", "sha256_hash", "payload", "win.purpleink", "None", "purpleink", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:10", "1749641", "801a7c0d98d1cc774334f4de9e223ecd53b7bf59", "sha1_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:10", "1749642", "865882a0c9d61a465e26e53ef51124ba527ad581bebb41b0e43f6b855df94e9d", "sha256_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:10", "1749643", "20464688eecb4ecb2222cbbe48218d3b", "md5_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:09", "1749638", "d09c97e42cfabcad83c0744defbf3e28ec9e8069", "sha1_hash", "payload", "win.fakecry", "None", "FakeCry", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:09", "1749639", "688c658457069ba67ff844cb28f409cf8988a15cc22be92b4ac4b62404fbf207", "sha256_hash", "payload", "win.fakecry", "None", "FakeCry", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:09", "1749640", "9046020c727c31a3fd75c6074d1a7733", "md5_hash", "payload", "win.fakecry", "None", "FakeCry", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:08", "1749635", "5e1c15fad636779ffe34adfe050627c36d15f4c8", "sha1_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:08", "1749636", "055d777c3d38269f07d454f07abc985dfa52493b669cd3cc687304a0a6425122", "sha256_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:08", "1749637", "b6e06ddec2b5c9652ff6f01cf7432006", "md5_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:07", "1749632", "7d9863a4fa6d53fcd1e68debc0d81022aba66f33", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:07", "1749633", "d0c890f1c24ea9deff8129b6f3cd780a20028a0627da1133bbec0d9e6bd1b3a4", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:07", "1749634", "cd3efe8f64900e494ab6b6fbab37b86c", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:06", "1749630", "e0758597228ea6a49eeb52477945524d7d660bed6c5f9259ed4a73ebfbae704e", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:06", "1749631", "84ba18d848c89a539e11b6182a51aa29", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:05", "1749628", "a837035f26e3210e79ee5a51fb9aa1bd", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:05", "1749629", "f0c9d05f7520a3f9f73de430b32ac4cab0b7d694", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:04", "1749625", "1f860b5ab856f750a395ace9de52fedf", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:04", "1749626", "125ea472cd708ee168eca55dd585dbcb77794ee7", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:04", "1749627", "5df5d849f109c1c16a1161a0c03e6bbad99ae65263d10dd7681f9d15746cc322", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:03", "1749622", "ffd54474c6b7e5f69684d2257de7db31", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:03", "1749623", "4cf31a7b37daa0fc6619b5a0e3b727b6710d70cb", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:03", "1749624", "9ce55e545954649b94fa16a1bd5695b9314f21ec0f0ddc349ca2cf05fda96a2d", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:02", "1749621", "16ff90b14867d9cde7cf8d405da63ea0c87f2c0cada7f00224d0099cb1a27d65", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:01", "1749619", "fd7f853d5dcb8ecc69d1a7812c60cb62", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:01", "1749620", "9b1ea31b6530d2f12e22e5816074453e3f410848", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:00", "1749616", "3d7f527bcd644c0686bd23e3fd098a08", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:00", "1749617", "1ab8f3cbf8d180289af6395eeaf01f6e6bc09d4c", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:40:00", "1749618", "11c6f026db9a77275964e07802eb44204b19b67b230bfffb7b8dfdf823be2754", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:59", "1749612", "1157e29047fe44576bdaed5bda75bbbc6e047b980ccdcaccd336fb12a9e0cb3b", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:59", "1749613", "6d81de3e2b745c7faa109dc4a3f8492f", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:59", "1749614", "8c8c650de31cb094ac465d6c7e22ed7ee360afda", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:59", "1749615", "380b8db7e99c3b908c9b05c00901e234010269bdf349a72221f4f9c84125f038", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:58", "1749609", "0b96fc34056593f61ec9de56730c4f228f7bb1deae0d05665a22f788ccfcca46", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:58", "1749610", "aecaadb0f2377a7c572d015b8a22e542", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:58", "1749611", "a47860fb49699abacad443f88ce289eb12f651f8", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:57", "1749606", "dfd829121ee37f87c27adf6bb11667417743d8622eb93330cdf0136e94506472", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:57", "1749607", "dcc27c8167ec387b235e9b9673ec3507", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:57", "1749608", "6fc6c598554956b39ddad40012228f631fd8490a", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:56", "1749602", "67e858805f0b106f38b115a3f18a0a1d5b6143f1", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:56", "1749603", "6e2603361bbbf22e8cbb1d44643a82a90d2a98e1bf36bbd634eb5cb9aa68c2c4", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:56", "1749604", "0048580f2fcfebdf5007a65ba25cdde5", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:56", "1749605", "4ee0f201c744cb48e0cc2153a1e8e59ec7acb3ae", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:55", "1749599", "b837f1a0c886c91b3ba0f788ab9aea5e91cbe669", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:55", "1749600", "4b16d313553a948e95d0dfc250f47060b83ca23a2b19db24c380ce01fa607f65", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:55", "1749601", "083c81aa9258d1058ef4cda4f9ac6699", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:54", "1749596", "ba76c993a502d04250568c472fba2810fec657b9", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:54", "1749597", "652ccc36a0cad327ad1cca0f2d3407d9a63a8a387083a33d6449fb5f324e4c47", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:54", "1749598", "35b732c45b1ac76d16c25d03b48323c0", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:53", "1749592", "d92d073a63efca2d59b0ca57e6163623", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:53", "1749593", "60315cbf89c0a1bd68b150788a1be2a9c8804074", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:53", "1749594", "3800ab9622420bb8b63db3cb2b64683e9fc31d5c48f25550423224af1645819c", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:53", "1749595", "57f9b9a552729fcfa933428725534970", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:52", "1749589", "828b9139611b4b11fbe6f98c5655f5ba", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:52", "1749590", "153ff69f67740b0c8c45772204a0f293292645cb", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:52", "1749591", "21c4eeb21c8467489098c06e56b468460f8146ad7ca188d71887f1ec15650d34", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:51", "1749585", "1079b48f23deb4f3554f1ee253f469c9545feca8e26d796aaf556078f86c4b90", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:51", "1749586", "e639bdf368545eece02b6c0390d8aeaa", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:51", "1749587", "20237d9aac029af0d17621c2b2bb2ee1950ab8db", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:51", "1749588", "1d3c7ff60b41e89404a6479ac9165a1ad352fe31bb475325f291284b43a611c6", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:50", "1749582", "b20359d275dd556b8a25531dd2acc933c945e989855fdc881c438cfb0cb471a0", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:50", "1749583", "9ee4ac9a1d9a1425b004ceb2b53083f0", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:50", "1749584", "8b36977b06e4405f0740a20e104ac05b0d7998e6", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:49", "1749578", "f011378b498fc8314285affd637124ba35e3ea74", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:49", "1749579", "904a3d70be9fccbd1d04cdc90d20e430351f16696d3ba2e14400f31f2437c133", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:49", "1749580", "ed661d102769ec0e8013d9f9d807843c", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:49", "1749581", "dc85896d297e6f71a16bc877034073c617c4c41c", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:48", "1749575", "0df44a8b7424787e6847435d39b42efd955020f6", "sha1_hash", "payload", "win.systembc", "Coroxy,DroxiDat", "SystemBC", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:48", "1749576", "bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4", "sha256_hash", "payload", "win.systembc", "Coroxy,DroxiDat", "SystemBC", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:48", "1749577", "b97c5fb8ffe52136069acd188303d3c4", "md5_hash", "payload", "win.systembc", "Coroxy,DroxiDat", "SystemBC", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:47", "1749571", "75cbd2a827a6390a4e682144d198ab9d", "md5_hash", "payload", "win.jackpos", "None", "JackPOS", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:47", "1749572", "40753cde29d7eba268881051d0400b0886aef62a", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:47", "1749573", "b5a211c440628f225bd8268c466305f3012096ec84f5821ef8045ece50e3c1bc", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:47", "1749574", "4bc51710731bdd58154b143c7f710eb1", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:46", "1749568", "4057bbb75eb9b5768018c9a428cfab0c", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:46", "1749569", "e2b0b5d33b0af58d3973e92fbdfb277366a0ddd6", "sha1_hash", "payload", "win.jackpos", "None", "JackPOS", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:46", "1749570", "bf3f010ec8100d1730b9588aa9ffa35476c2d5780c9f1c5206be83e2a79ebe06", "sha256_hash", "payload", "win.jackpos", "None", "JackPOS", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:45", "1749564", "33c23b0eb595f2469b11d2a14430cfb787c9c951c9357726442969cd409fb713", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:45", "1749565", "5115dc34939379c02d636e1cbb4908c8", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:45", "1749566", "aab267ead4d9e75260fac9a81e60713cdc761f11", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:45", "1749567", "c9359407cbf2530be6325d338d9320dc36ca2f6e1aefced3460f84627655ff94", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:44", "1749560", "1af699242244a12570c124b1f0d6d3b299523d50", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:44", "1749561", "444987e6fdd5e55de0ff4b4f868430786ea6fb363cb8254941c35ea6f2028e43", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:44", "1749562", "c668f02850facd12315eb60db6dd3453", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:44", "1749563", "03528374fd3aa7bd073898c90c30ccd64edb594a", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:43", "1749557", "d5fd221bc5b65b1cf64d1cbd4b5a7c2c38a4006a", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:43", "1749558", "1cb9b173c78e33cd27b1aca754eb9e47af42cbbb95d51144aceb42f9ca2b3c9f", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:43", "1749559", "a075ee624c607a58b5bf2eba19fbb648", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:42", "1749554", "92b2457fca7ee7974a18c3855ff9c83b83ad9543", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:42", "1749555", "e99705c6b6d4e75d961fcdfcdab3294d5728943dba74baaeb13508edacef4ac0", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:42", "1749556", "0e0161a2a1f6b22cc4a84c02d4af5b9d", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:41", "1749550", "9788035f511ba3c1d1dbc187e1f20dfb", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:41", "1749551", "fb9cc671ad038fbf27530367d02e798277be9e5d", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:41", "1749552", "466d5d9d2b9c1364fc5c4d34622295da0c6bd8dbeb2bb4bcc544ea9b87c1f828", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:41", "1749553", "43040756baa278cf5329cf02902c7c62", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:40", "1749547", "46402595842b76a4814bab429473e088", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:40", "1749548", "dc8fce3cb5247744f68908a11b04813c55c42589", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:40", "1749549", "5f60705a085e000a0e89654413990f78443e2c088418f70b4f82bf89ec36017c", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:39", "1749544", "6fde7a2040b6bfa3a8f84a00539aa2ca", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:39", "1749545", "a58bb4ab71ad8c475287fbfe09fa2d7195995705", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:39", "1749546", "b7cfd798fe6c5c8ccd5fa0b7953025dcf264a91e963cf08f38f3d676d1c9fa26", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:38", "1749541", "4cf79e655c7be81f8c58d261671fa917", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:38", "1749542", "509751ad0b44d4a81c60bca99836f12ef1f8d5c1", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:38", "1749543", "95c7967cfe51c64656f07e14b5ea3c59ddc0ce36d02e38cd57ce415a82238928", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:37", "1749539", "c517be80bc72c211e3e696b16b2f3364319e8994", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-02-17 02:39:37", "1749540", "79dcb6bdf84fdae64873b6fe27c9d52bf30cb4d7c545b13035cfdbe4adb12182", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" # Number of entries: 927