################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2025-11-14 19:58:08 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-11-14 19:58:08", "1641412", "klee.ironweide.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 19:59:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 19:46:19", "1641411", "schirm.ironweide.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 19:46:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 19:38:00", "1641410", "tau.ironweide.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 19:39:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 19:26:42", "1641409", "hain.ravensteg.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 19:28:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 19:17:56", "1641408", "glut.ravensteg.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 19:23:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 19:07:39", "1641407", "ufer.ravensteg.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 18:53:17", "1641404", "dampf.flintquelle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 19:00:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 18:47:39", "1641403", "rune.flintquelle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 18:38:49", "1641401", "moos.flintquelle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 18:33:32", "1641400", "ctr.hazebinder.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 18:27:18", "1641399", "nova8.hazebinder.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 18:16:58", "1641398", "byte8.hazebinder.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 18:01:50", "1641396", "enivomarzo12.dynuddns.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251114-wfjxka1jaj", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-11-14 18:01:39", "1641395", "fdsgofgjoefjiooe.con-ip.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251114-sxpmlasrcs", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-11-14 18:01:06", "1641394", "core.saffronjet.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 17:53:51", "1641391", "1665s.saffronjet.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 17:47:32", "1641390", "g0pv.saffronjet.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 17:37:45", "1641389", "knot.st1rlingpad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 17:27:22", "1641388", "11v.st1rlingpad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 17:17:36", "1641387", "drop7.st1rlingpad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 17:07:13", "1641386", "2v1.lumentwist.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 16:58:28", "1641383", "5z.lumentwist.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 16:53:17", "1641380", "mail.outlook365.vip", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-14 20:04:46", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-14 16:48:12", "1641379", "5lw6.lumentwist.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 16:55:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 16:41:26", "1641362", "getinstallclient32.live", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://x.com/1nt3l_hunt/status/1989359100300505154?s=20", "ClickFix", "0", "bouhdyd" "2025-11-14 16:41:25", "1641363", "verificationsbycapcha.center", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://x.com/1nt3l_hunt/status/1989359100300505154?s=20", "ClickFix", "0", "bouhdyd" "2025-11-14 16:41:24", "1641373", "magicupdate.cfd", "domain", "botnet_cc", "win.aurastealer", "AURA Stealer,AURASTEAL", "Aura Stealer", "", "100", "https://bazaar.abuse.ch/sample/1322b99e88023bc20d99ba1186518055872ab3322667d2befdae4a3b5379cc9d/", "AuraStealer", "0", "burger" "2025-11-14 16:41:23", "1641374", "searchagent.cfd", "domain", "botnet_cc", "win.aurastealer", "AURA Stealer,AURASTEAL", "Aura Stealer", "", "100", "https://bazaar.abuse.ch/sample/1322b99e88023bc20d99ba1186518055872ab3322667d2befdae4a3b5379cc9d/", "AuraStealer", "0", "burger" "2025-11-14 16:37:53", "1641377", "7u.viberspan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 16:46:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 16:26:17", "1641375", "module7.viberspan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 16:17:51", "1641372", "1wd.viberspan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 16:19:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 16:03:28", "1641370", "28xr3.clipmorrow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 15:57:16", "1641364", "hrtf3.clipmorrow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 15:43:24", "1641361", "vpcp.clipmorrow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 15:44:20", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 15:42:52", "1641358", "xxx.vrolijkecreaties.nl", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-11-14 15:42:52", "1641359", "xxx.hotelsinnewjerseyatlanticcity.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-11-14 15:37:13", "1641355", "quark.pr0wldrop.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 15:28:26", "1641354", "yf.pr0wldrop.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 15:18:09", "1641353", "u3z.pr0wldrop.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 15:23:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 15:07:50", "1641352", "anchor.z1ncspike.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 14:57:01", "1641351", "o5.z1ncspike.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 14:47:43", "1641349", "qvm.z1ncspike.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 14:53:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 14:32:20", "1641348", "px.gr1tmodule.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 14:44:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 14:27:38", "1641347", "siq.gr1tmodule.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 14:17:18", "1641346", "tla.gr1tmodule.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 14:25:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 14:16:28", "1641340", "srimedhasoft.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-11-14 14:12:20", "100", "https://infosec.exchange/@monitorsg/115548456241734130", "SmartApeSG", "0", "monitorsg" "2025-11-14 14:07:30", "1641338", "053.knotberry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 13:57:14", "1641337", "qg3q2.knotberry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 13:47:51", "1641332", "kruipro.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/40ec2cb9-7642-4258-be59-de0c24af63ab", "Stealit,StealitStealer", "0", "burger" "2025-11-14 13:47:50", "1641333", "root.kruipro.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/40ec2cb9-7642-4258-be59-de0c24af63ab", "Stealit,StealitStealer", "0", "burger" "2025-11-14 13:46:56", "1641336", "sdh3a.knotberry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 13:56:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 13:34:02", "1641335", "orbit.odd-kraken.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 13:27:52", "1641334", "dock.odd-kraken.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 13:33:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 13:19:37", "1641331", "vibesyncvr.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "Stealit,StealitStealer", "0", "burger" "2025-11-14 13:17:31", "1641330", "01efv.odd-kraken.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 13:06:44", "1641329", "qkund.gleamspan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 13:02:53", "1641323", "mockerl.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-14 13:02:53", "1641324", "shutsra.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-14 13:02:53", "1641325", "poochse.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-14 13:02:53", "1641326", "oleaceg.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-14 13:02:53", "1641327", "notionz.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-14 13:02:53", "1641328", "evasivr.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-14 13:01:28", "1641322", "ml.gleamspan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 12:59:34", "1641320", "amigor.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-14 12:59:34", "1641321", "audioux.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-14 12:55:40", "1641317", "e8.gleamspan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 12:47:25", "1641316", "flux0.quant-melt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 12:54:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 12:40:08", "1641315", "blink.quant-melt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 12:32:23", "1641314", "q40eo.quant-melt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 12:28:14", "1641307", "trail.flintzoo.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 12:18:20", "1641306", "echo.flintzoo.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 12:19:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 12:04:54", "1641304", "1b8.flintzoo.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 12:13:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 12:03:29", "1641290", "omgtelecom.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "KongTuke,LandUpdate808", "0", "HuntYethHounds" "2025-11-14 12:03:23", "1641248", "defupdater.dll", "domain", "payload_delivery", "apk.alien", "AlienBot", "Alien", "", "75", "https://x.com/vxunderground/", "c2,ClearFake,domain", "0", "Harshk08" "2025-11-14 12:02:51", "1641302", "www.smssending.ns1.name", "domain", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/185.62.57.65+www.smssending.ns1.name", "AS62370,C2,censys,hacktool,Mimikatz,open-dir,SNEL", "0", "DonPasci" "2025-11-14 12:01:54", "1641299", "mr24251.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251114-h13zaaspgp", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-11-14 12:01:52", "1641297", "confrewdsfgfs.con-ip.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251114-l8at9aymbw", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-11-14 11:57:41", "1641295", "cms0c.st-0-bepress.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 11:47:54", "1641294", "nova.st-0-bepress.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 11:49:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 11:37:30", "1641293", "bkp.st-0-bepress.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 11:43:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 11:27:44", "1641292", "sb.v0xelmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 11:17:28", "1641289", "uuf.v0xelmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 11:17:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 11:06:06", "1641288", "yw7.v0xelmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 11:13:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 11:00:48", "1641270", "www.marmosfinancial.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/44.244.194.132+www.marmosfinancial.com", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "dyingbreeds_" "2025-11-14 10:58:19", "1641263", "kna.bl1nkswitch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 10:53:34", "1641262", "ceshioa.us.kg", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-14 20:03:51", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-14 10:42:57", "1641261", "lmn.bl1nkswitch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 10:37:46", "1641260", "z5.bl1nkswitch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 10:27:54", "1641259", "vale.quantmelt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 10:17:37", "1641258", "6m.quantmelt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 10:06:44", "1641256", "u6.quantmelt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 10:07:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 09:58:29", "1641254", "wave.flint-zoo.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 10:04:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 09:50:00", "1641252", "ottobattleskaldthrenody.com", "domain", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "", "100", "https://tria.ge/251114-ccgs9azkbp", "c2,domain,donut,triage", "0", "DonPasci" "2025-11-14 09:47:10", "1641251", "whlox.flint-zoo.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 09:48:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 09:36:21", "1641250", "flux.flint-zoo.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 09:38:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 09:32:05", "1641249", "w1558.ma-shrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 09:27:22", "1641247", "2n62w.ma-shrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 09:18:05", "1641246", "sparkle9.ma-shrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 09:17:40", "1641245", "ploykalofomarixcley.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/158.94.208.80", "c2,censys,domain,Latrodectus", "0", "DonPasci" "2025-11-14 09:14:38", "1641244", "maukateciklodasresm.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/91.92.243.164", "c2,censys,domain,Latrodectus", "0", "DonPasci" "2025-11-14 09:11:59", "1641243", "jarcovilokaserdrinok.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/91.92.243.166", "c2,censys,domain,Latrodectus", "0", "DonPasci" "2025-11-14 09:08:14", "1641241", "b53.syrupdock.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 09:09:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 08:57:56", "1641236", "pulse8.syrupdock.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 08:47:39", "1641235", "byte.syrupdock.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 08:53:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 08:35:51", "1641233", "6zbr.protohush.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 08:32:58", "1641231", "sd.r.banana.vu", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-11-14 08:32:58", "1641232", "ug.andreeamunteanu.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-11-14 08:27:33", "1641227", "vdj3j.protohush.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 08:23:22", "1641218", "0315.protohush.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 08:17:35", "1641217", "0op3s.oddkraken.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 08:11:06", "1641201", "shanghai.googledns.io", "domain", "payload_delivery", "apk.ahmyth", "None", "AhMyth", "", "50", "https://x.com/vxunderground/", "None", "0", "Harshk08" "2025-11-14 08:08:23", "1641216", "shift.oddkraken.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 07:57:03", "1641202", "3z1s.oddkraken.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 07:49:41", "1641200", "zoo.st0bepress.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 07:48:12", "1641198", "www.dwf1579.vip", "domain", "botnet_cc", "elf.pumabot", "None", "PumaBot", "", "100", "https://bazaar.abuse.ch/sample/857d463c693b5c80236eff885408ce3ddbfc45f94e9a5022fe67ebbc090ba151/", "PumaBot", "0", "abuse_ch" "2025-11-14 07:46:37", "1641195", "ter.vrolijkecreaties.nl", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-11-14 07:46:37", "1641196", "ter.hotelsinjacksonvillefl.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-11-14 07:39:21", "1641192", "gleam.st0bepress.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 07:47:34", "100", "None", "clearfake", "1", "ttakvam" "2025-11-14 07:38:41", "1641000", "nakaizu.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2025-11-14 06:15:44", "100", "", "KongTuke,LandUpdate808", "0", "HuntYethHounds" "2025-11-14 07:38:40", "1641002", "fcontrols.pro", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-11-14 07:38:37", "1641008", "dcontrols.pro", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-11-14 07:38:37", "1641009", "infernolo.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-11-14 07:38:36", "1641012", "hcontrol.pro", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-11-14 07:38:33", "1641018", "3accdomain3.ru", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-11-14 07:38:32", "1641060", "asdtvcvchcvhhhhh.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-11-14 07:38:31", "1641061", "xxclglglglklgkxlc.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-11-14 07:38:29", "1641064", "appasdmdamsdmasd.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-11-14 07:38:28", "1641067", "ototaikfffkf.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-11-14 07:38:26", "1641072", "updateday.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "apk,Fake Software", "0", "HuntYethHounds" "2025-11-14 07:38:25", "1641088", "bal-rewards.xyz", "domain", "payload_delivery", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "", "dropper,miner,persistence,rat,worm", "0", "XiAnzheng" "2025-11-14 07:36:32", "1640998", "cpanel.fjfrey.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/115544431524627272", "SocGholish", "0", "monitorsg" "2025-11-14 07:36:31", "1640987", "puffyclaw2008.shop", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/b716fa3dbbfd5873cd5d2cd1a2f26310ed10963781cc47e2aa0b062dc85275ef/", "MaskGramStealer,SvitStealer", "0", "burger" "2025-11-14 07:36:25", "1640944", "catlover-pawpaw504.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://www.virustotal.com/gui/file/b716fa3dbbfd5873cd5d2cd1a2f26310ed10963781cc47e2aa0b062dc85275ef/relations", "SvitStealer", "0", "burger" "2025-11-14 07:36:25", "1640945", "easternwhiskerholdings.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://www.virustotal.com/gui/file/b716fa3dbbfd5873cd5d2cd1a2f26310ed10963781cc47e2aa0b062dc85275ef/relations", "SvitStealer", "0", "burger" "2025-11-14 07:27:36", "1641191", "hover.st0bepress.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 07:33:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 07:23:46", "1641190", "trust007-44490.portmap.host", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "", "c2,pulsar", "0", "juroots" "2025-11-14 07:17:45", "1641182", "0iz7q.mashrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 07:20:11", "100", "None", "clearfake", "1", "ttakvam" "2025-11-14 07:14:09", "1641181", "lnk1man.pages.dev", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "fakecaptcha", "0", "juroots" "2025-11-14 07:07:30", "1641178", "hx.mashrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 07:14:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 06:57:13", "1641177", "anchor.mashrift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 06:57:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 06:47:24", "1641176", "gleam.obsidianpfad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 06:38:10", "1641175", "birch.obsidianpfad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 06:28:21", "1641174", "eis.obsidianpfad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 06:18:48", "1641173", "glanz.ravenquelle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 06:23:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 06:15:04", "1641169", "rcdoncu1906.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-11-14 06:15:04", "1641170", "remcos26.dynuddns.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-11-14 06:14:41", "1641166", "cybersecuritefrance.ddns.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-11-14 06:14:41", "1641167", "quantaservices.store", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-11-14 06:14:41", "1641168", "vr3b.ddns.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-11-14 06:13:25", "1641160", "closeconection.duckdns.org", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-11-14 06:13:25", "1641161", "effects-animation.gl.at.ply.gg", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-11-14 06:13:25", "1641162", "rafaborre27.duckdns.org", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-11-14 06:13:25", "1641163", "v2.otisgrand.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-11-14 06:13:25", "1641164", "v3.otisgrand.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-11-14 06:12:38", "1641156", "xerrrload08.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "50", "", "c2,cryptbot", "0", "juroots" "2025-11-14 06:12:00", "1641152", "brentwood-operatic.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-11-14 06:12:00", "1641153", "gatex.brentwood-operatic.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-11-14 06:12:00", "1641154", "gatex.otisgrand.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-11-14 06:13:25", "50", "", "asyncrat,c2", "0", "juroots" "2025-11-14 06:12:00", "1641155", "shop.atrishop.xyz", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-11-14 06:07:38", "1641142", "ufer.ravenquelle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 06:01:36", "1641139", "msi25.dynnamn.ru", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251114-drzhaatqhs", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-11-14 05:57:49", "1641138", "klee.ravenquelle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 05:59:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 05:47:51", "1641137", "weiss.cedarberg.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 05:37:32", "1641136", "pfote.cedarberg.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 05:38:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 05:27:16", "1641135", "sturm.cedarberg.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 05:18:29", "1641134", "krone.frostweald.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 05:07:15", "1641133", "tal.frostweald.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 05:13:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 04:56:00", "1641132", "licht.frostweald.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 04:57:51", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 04:49:03", "1641131", "rune.auricfluss.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 04:53:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 04:38:21", "1641130", "wind.auricfluss.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 04:38:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 04:27:48", "1641129", "hafen.auricfluss.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 04:17:22", "1641128", "eiche.neonkiefer.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 04:07:36", "1641127", "moor.neonkiefer.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 03:57:16", "1641118", "gleis.neonkiefer.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 04:04:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 03:48:28", "1641117", "fels.cobaltspore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 03:37:09", "1641116", "tau.cobaltspore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 03:37:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 03:27:52", "1641115", "birch.cobaltspore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 03:17:03", "1641114", "nacht.quartzfuchs.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 03:07:46", "1641112", "kamm.quartzfuchs.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 02:57:28", "1641110", "adler.quartzfuchs.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 02:50:39", "1641109", "glut.emberweide.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 02:47:51", "1641108", "4gef4km41aysc.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-14 20:03:40", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-14 02:47:30", "1641107", "bach.emberweide.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 02:43:20", "1641106", "stern.emberweide.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 02:44:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 02:37:35", "1641105", "moos.thundergrove.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 02:27:16", "1641104", "pfad.thundergrove.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 02:33:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 02:17:00", "1641103", "wolke.thundergrove.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 02:24:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 02:08:13", "1641101", "zorn.boulderfield.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 01:57:54", "1641099", "licht.boulderfield.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 01:47:04", "1641098", "stein.boulderfield.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 01:37:54", "1641097", "ufer.thrushmere.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 01:27:29", "1641096", "moos.thrushmere.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 01:33:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 01:17:37", "1641095", "falke.thrushmere.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 01:07:19", "1641094", "korn.ashriver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 00:57:28", "1641090", "fjord.ashriver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 00:47:09", "1641089", "rauch.ashriver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-14 00:50:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 00:36:47", "1641087", "pfad.yewhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 00:28:00", "1641086", "weiss.yewhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 00:24:20", "1641085", "nacht.yewhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 00:17:37", "1641084", "hafen.rowanstead.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 00:07:49", "1641083", "wald.rowanstead.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-14 00:02:44", "1641074", "rune.acornhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 23:59:20", "1641073", "nebel.acornhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 23:47:30", "1641071", "ufer.acornhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 23:54:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 23:38:13", "1641066", "moos.ivyvale.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 23:39:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 23:28:26", "1641058", "gleis.ivyvale.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 23:21:12", "1641057", "adler.ivyvale.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 23:17:00", "1641056", "kamm.titanbirch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 23:06:43", "1641055", "tau.titanbirch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 22:57:56", "1641023", "glanz.titanbirch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 22:47:38", "1641022", "stern.platinumvale.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 22:44:29", "1641021", "eiche.platinumvale.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 22:37:44", "1641020", "moor.platinumvale.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 22:27:27", "1641019", "stahl.goldtalon.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 22:28:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 22:17:40", "1641015", "klee.goldtalon.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 21:12:51", "1640999", "stern.brinewald.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 21:28:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 21:07:39", "1640997", "moor.brinewald.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 21:08:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 20:56:18", "1640994", "hafen.brinewald.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 20:59:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 20:47:33", "1640992", "weald.slatefalke.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 20:37:14", "1640990", "dorn.slatefalke.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 20:46:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 20:27:58", "1640986", "krone.slatefalke.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 20:18:08", "1640985", "blitz.elmfalter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 20:27:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 20:07:48", "1640984", "tau.elmfalter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 19:55:54", "1640977", "wolke.elmfalter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 19:44:34", "1640976", "klee.walnutsteg.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 19:51:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 19:30:14", "1640975", "rune.walnutsteg.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 19:33:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 19:27:31", "1640974", "bach.walnutsteg.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 19:29:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 19:17:14", "1640973", "eiche.oryxbucht.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 19:07:53", "1640971", "fels.oryxbucht.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 18:57:05", "1640970", "licht.oryxbucht.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 19:03:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 18:47:42", "1640965", "nebel.eiderquelle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 18:52:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 18:37:55", "1640963", "glut.eiderquelle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 18:38:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 18:27:32", "1640962", "ufer.eiderquelle.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 18:29:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 18:17:45", "1640961", "harz.ferretpfad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 18:17:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 18:03:22", "1640960", "weiss.ferretpfad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 18:09:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 18:02:55", "1640959", "dscrba7gv.localto.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2025-11-13 18:02:56", "100", "https://tria.ge/251113-vj7x5aaj4z", "C2,domain,njrat,triage", "0", "DonPasci" "2025-11-13 18:01:34", "1640957", "appsupdate.xyz", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251113-svgtzasrem", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-11-13 17:58:12", "1640955", "adler.ferretpfad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 17:47:22", "1640953", "stern.hearthwinkel.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 17:37:03", "1640952", "gleis.hearthwinkel.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 17:28:10", "1640951", "rauch.hearthwinkel.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 17:17:52", "1640947", "kamm.knollhafen.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 17:25:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 17:08:37", "1640946", "moor.knollhafen.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 17:15:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 16:58:50", "1640942", "fjord.knollhafen.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 17:00:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 16:57:43", "1640941", "tau.sprigkompass.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 16:53:30", "1640940", "birch.sprigkompass.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 16:51:56", "1640937", "lat.vrolijkecreaties.nl", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-11-13 16:51:56", "1640938", "lat.hotelsinjacksonvillefl.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-11-13 16:44:13", "1640934", "wolke.sprigkompass.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 16:44:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 16:37:31", "1640933", "orbit9.warpclutch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 16:27:09", "1640932", "0kj3.warpclutch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 16:17:23", "1640931", "spark.warpclutch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 16:08:07", "1640930", "dyy.raven-flux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 15:57:43", "1640923", "trace4.raven-flux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 16:03:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 15:47:57", "1640922", "spark6.raven-flux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 15:51:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 15:37:34", "1640921", "b71yl.pulseknob.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 15:32:11", "1640901", "centaurustermas.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-11-13 14:05:48", "100", "https://infosec.exchange/@monitorsg/115542768731282934", "SmartApeSG", "0", "monitorsg" "2025-11-13 15:32:08", "1640906", "www.iconconsultants.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115542768731282934", "SmartApeSG", "0", "monitorsg" "2025-11-13 15:32:07", "1640914", "playarena.pages.dev", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "GenesisStealer,infostealer", "0", "burger" "2025-11-13 15:27:47", "1640920", "nib.pulseknob.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 15:17:27", "1640919", "84w7.pulseknob.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 15:10:12", "1640918", "v3kxh.nib-snap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 14:57:22", "1640917", "nt3e.nib-snap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 15:08:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 14:41:58", "1640913", "rift.nib-snap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 14:37:53", "1640912", "anchor.foamswitch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 14:28:01", "1640911", "blink.foamswitch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 14:33:56", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 14:19:44", "1640910", "l93r.foamswitch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 14:16:35", "1640909", "8ab.sketchloom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 14:07:49", "1640908", "2eq.sketchloom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 13:57:30", "1640899", "yx80.sketchloom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 13:47:43", "1640898", "sih4.ravenflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 13:37:26", "1640897", "dlr.ravenflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 13:21:02", "1640896", "trail3.ravenflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 13:13:18", "1640895", "node3.sketch-loom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 13:07:05", "1640894", "wk.sketch-loom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 12:57:49", "1640893", "3xh.sketch-loom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 12:50:00", "1640878", "trqinghkme.cyou", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-14 18:54:31", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-13 12:49:47", "1640876", "dmp.netsolutionpoint.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-14 20:04:29", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-13 12:49:47", "1640877", "drive.netsolutionpoint.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-14 20:04:32", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-13 12:49:42", "1640875", "cloud.netsolutionpoint.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-14 20:03:54", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-13 12:48:02", "1640874", "0i.pulse-knob.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 12:41:20", "1640873", "niggabjiggy184.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251110-zmc95svkgw", "c2,domain,rat,Remcos,triage", "0", "DonPasci" "2025-11-13 12:39:44", "1640872", "qcq8.pulse-knob.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 12:41:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 12:37:38", "1640871", "1yd0a.pulse-knob.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 12:37:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 12:28:50", "1640870", "quartz3.quartz-flip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 12:34:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 12:17:29", "1640822", "vlr.quartz-flip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 12:18:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 12:07:15", "1640821", "hg.quartz-flip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 12:13:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 12:01:46", "1640804", "trackboxing.dynuddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251113-ls1ezadx6e", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-11-13 12:01:36", "1640801", "envioremcosanta.dynuddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251113-lgmdzawraj", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-11-13 12:01:36", "1640802", "belulunelubukekekbuekkkebdhhkekekjdhfjdj.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251113-knrftscy8e", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-11-13 11:57:25", "1640800", "p2.nibsnap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 11:47:08", "1640799", "9fwu4.nibsnap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 11:30:44", "1640798", "ctf.nibsnap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 11:44:02", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 11:28:05", "1640797", "rsw.g0b1ncore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 11:17:47", "1640796", "vmzts.g0b1ncore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 11:18:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 11:04:20", "1640795", "dro.g0b1ncore.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 10:53:32", "1640783", "crest.zeromint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 10:50:24", "1640774", "eri.vrolijkecreaties.nl", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-11-13 10:47:20", "1640765", "sketch.zeromint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 10:37:34", "1640764", "91.zeromint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 10:44:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 10:27:16", "1640763", "1apde.zeromint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 10:28:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 10:23:06", "1640762", "wsyu.t1nkerbay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 10:12:17", "1640761", "j0gxn.t1nkerbay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 10:08:06", "1640760", "foam.t1nkerbay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 10:01:06", "1639872", "vitasdrudalokistok.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/91.92.243.162", "c2,censys,domain,Latrodectus", "0", "DonPasci" "2025-11-13 10:00:10", "1639871", "rackklousdiksonmauf.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/91.92.243.165", "c2,censys,domain,Latrodectus", "0", "DonPasci" "2025-11-13 09:57:58", "1639870", "tokjikoladutrack.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "https://search.censys.io/hosts/91.92.243.163", "c2,censys,domain,Latrodectus", "0", "DonPasci" "2025-11-13 09:57:44", "1639869", "flux3.t1nkerbay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 10:03:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 09:52:36", "1639866", "marmasd.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 12:59:34", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:36", "1639867", "invesgz.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 12:59:34", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:36", "1639868", "drywabq.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 12:59:34", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:35", "1639856", "blennia.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 13:02:53", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:35", "1639857", "basedo.courses", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 13:02:54", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:35", "1639858", "hymenri.courses", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 13:02:54", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:35", "1639859", "snowcjw.courses", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 13:02:54", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:35", "1639860", "contiho.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 12:59:34", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:35", "1639861", "orgiaep.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 12:59:34", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:35", "1639862", "deactlr.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 12:59:34", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:35", "1639863", "politxh.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 12:59:34", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:35", "1639864", "trimoci.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 12:59:34", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:52:35", "1639865", "suspeva.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-11-14 12:59:34", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-11-13 09:47:57", "1639855", "loom.quartzflip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 09:49:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 09:37:40", "1639854", "st6.quartzflip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 09:27:22", "1639853", "orbit.quartzflip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 09:17:26", "1639852", "bw.quartzflip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 09:08:09", "1639851", "8nbw6.shevypro.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 08:57:15", "1639849", "66.shevypro.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 08:45:58", "1639848", "pulse.shevypro.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 08:56:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 08:03:07", "1639845", "bcidaho.bromleyhealthmanagement.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-11-13 11:01:02", "100", "https://search.censys.io/hosts/34.221.71.243+bcidaho.bromleyhealthmanagement.com", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-11-13 07:41:46", "1639833", "dja.vrolijkecreaties.nl", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-11-13 07:41:46", "1639834", "dja.hotelsinjacksonvillefl.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-11-13 07:08:12", "1639830", "hover.trickilygrey.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 07:20:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 06:57:54", "1639829", "beacon6.trickilygrey.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 06:57:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 06:46:50", "1639828", "blink.trickilygrey.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 06:53:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 06:33:09", "1639822", "node3.trickilygrey.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 06:34:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 06:27:40", "1639821", "reechel.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "50", "", "landupdate808", "0", "juroots" "2025-11-13 06:27:14", "1639820", "hcm-technology.com", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "50", "", "c2,Gholoader,TA569", "0", "juroots" "2025-11-13 06:26:36", "1639819", "week-ut.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-11-13 06:26:16", "1639818", "www.blazingelectricz.store", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-11-13 06:26:15", "1639814", "agosto20.con-ip.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-11-13 06:26:15", "1639815", "api25.didns.ru", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-11-13 06:26:15", "1639816", "www.blazingelectricz.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-11-13 06:26:15", "1639817", "www.blazingelectricz.online", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-11-13 06:25:39", "1639808", "465669107.xyz", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-11-13 06:25:39", "1639809", "byteflowing1337.github.io", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-11-13 06:25:39", "1639810", "octubre212024.giize.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-11-13 06:25:39", "1639811", "pinganxzen.shop", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-11-13 06:25:39", "1639812", "rupper9.duckdns.org", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-11-13 06:24:51", "1639802", "api.foodbyte.cc", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-11-13 06:25:39", "50", "", "asyncrat,c2", "0", "juroots" "2025-11-13 06:24:51", "1639803", "atri.click", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-11-13 06:24:51", "1639804", "foodbyte.cn", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-11-13 06:25:39", "50", "", "asyncrat,c2", "0", "juroots" "2025-11-13 06:24:51", "1639805", "shop.atri.help", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-11-13 06:24:51", "1639806", "hotels-atmospheric.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-11-13 06:01:36", "1639797", "proud17.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251113-e97r2sgq8s", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-11-13 06:01:35", "1639793", "proud.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251113-e97r2sgq8s", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-11-13 06:01:34", "1639792", "proudsoldier.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251113-e97r2sgq8s", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-11-13 05:36:40", "1639790", "s5.inktrap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 05:43:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 05:27:54", "1639789", "phase0.inktrap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 05:17:37", "1639788", "gleam.inktrap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 05:23:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 05:08:20", "1639787", "lqsvi.inktrap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 04:57:33", "1639786", "quark.papervolt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 04:54:16", "1639706", "updatesbrows.app", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update", "0", "HuntYethHounds" "2025-11-13 04:54:14", "1639717", "bcidaho.247supportsolutions.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/44.244.194.132+bcidaho.247supportsolutions.com", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "dyingbreeds_" "2025-11-13 04:47:15", "1639785", "bd.papervolt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 04:37:29", "1639784", "pulse.papervolt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 04:27:11", "1639783", "mesh.papervolt.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 04:29:56", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 04:17:55", "1639782", "es.jaxdrill.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 04:08:14", "1639781", "nut.jaxdrill.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 04:02:17", "1639779", "windows-updates-check.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-11-13 11:01:21", "100", "https://search.censys.io/hosts/45.38.20.224+windows-updates-check.com", "AS215659,C2,censys,MOEMOEKYUN,panel,Unam", "0", "DonPasci" "2025-11-13 04:02:16", "1639778", "mukphol.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-11-13 11:01:21", "100", "https://search.censys.io/hosts/119.59.104.22+mukphol.com", "AS56067,C2,censys,METRABYTE-TH,panel,Unam", "0", "DonPasci" "2025-11-13 03:57:45", "1639773", "v1.jaxdrill.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 03:47:59", "1639772", "byte.jaxdrill.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 03:48:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 03:36:32", "1639771", "vale.zenith-snap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 03:43:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 03:27:16", "1639770", "rift.zenith-snap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 03:27:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 03:18:32", "1639769", "012.zenith-snap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 03:24:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 03:08:10", "1639768", "qzq.zenith-snap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 02:57:21", "1639767", "02au.echozig.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 02:48:05", "1639765", "c0.echozig.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 02:37:48", "1639764", "nz.echozig.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 02:38:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 02:27:56", "1639763", "xqgn6.echozig.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 02:17:38", "1639762", "drift.wreckly.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 02:07:46", "1639761", "grid6.wreckly.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 02:11:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 01:57:28", "1639760", "4q.wreckly.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 01:47:06", "1639759", "7r.wreckly.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-13 01:53:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 01:37:28", "1639758", "loom7.fr0gpulse.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 01:32:05", "1639757", "fyi67.fr0gpulse.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 01:26:52", "1639755", "loom3.fr0gpulse.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 01:18:07", "1639754", "71f9.fr0gpulse.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 01:07:44", "1639753", "crest.miragepad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 00:57:57", "1639752", "orbit1.miragepad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 00:47:35", "1639751", "crest4.miragepad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 00:37:17", "1639749", "5cg77.miragepad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 00:31:35", "1639748", "f1o.twistnova.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 00:27:25", "1639747", "sparkle.twistnova.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 00:17:39", "1639746", "vi.twistnova.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 00:10:47", "1639745", "glide.twistnova.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-13 00:07:08", "1639744", "suz.mirage-pad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 23:57:51", "1639737", "2z.mirage-pad.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 23:51:08", "1639736", "frqyt.gl-1-tchgarden.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 23:47:58", "1639735", "daw.gl-1-tchgarden.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 23:37:41", "1639734", "core.gl-1-tchgarden.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 23:27:52", "1639733", "y9w7.gl-1-tchgarden.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 23:17:35", "1639732", "q1f1p.twist-nova.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 23:07:19", "1639731", "ux.twist-nova.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-12 23:10:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 22:57:31", "1639715", "2tkvw.twist-nova.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 22:48:07", "1639713", "server.dczu.dpdns.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-14 18:54:28", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-12 22:47:14", "1639712", "gynar.twist-nova.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 22:36:56", "1639711", "phase.bash-glider.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 22:28:11", "1639710", "shift.bash-glider.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 22:17:49", "1639709", "jet.bash-glider.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 22:02:58", "1639707", "grid.bash-glider.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 21:52:40", "1639705", "loom.vorticeye.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-12 21:54:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 21:47:52", "1639702", "echo.vorticeye.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-12 21:48:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 21:37:33", "1639701", "node.vorticeye.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 21:21:08", "1639496", "echo9.vorticeye.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-12 21:28:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 21:17:28", "1639495", "v3d1.st3elflare.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 21:08:07", "1639493", "trace.st3elflare.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 20:56:48", "1639491", "y5i1.st3elflare.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 20:48:03", "1639490", "nova1.st3elflare.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-12 20:54:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 20:37:46", "1639489", "vector.zenithsnap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-11-12 20:39:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 20:27:53", "1639488", "nova.zenithsnap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 20:17:36", "1639487", "4r1i.zenithsnap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-11-12 20:07:42", "1639486", "wave.zenithsnap.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 423