################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2025-09-27 21:10:06 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-09-27 21:10:06", "1602890", "w4.e-72t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 20:16:35", "1602877", "d.e-72t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 19:51:21", "1602862", "t1.u-97w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 20:01:40", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 19:47:14", "1602860", "at.hmvu4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 21:10:24", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 19:37:18", "1602857", "qz9.u-97w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 19:46:32", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 18:56:20", "1602854", "v2.u-97w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 18:59:58", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 18:35:41", "1602847", "k.u-97w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 18:47:13", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 18:17:21", "1602844", "t1.a-311.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 18:22:03", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 18:02:03", "1602841", "conference-plate.gl.at.ply.gg", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://tria.ge/250927-wb67aswycz", "C2,domain,neptunerat,rat,triage", "0", "DonPasci" "2025-09-27 18:00:58", "1602839", "kingstare-54289.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250927-r4xfcatsfx", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-27 18:00:58", "1602840", "insurance-scuba.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250927-pzznsscm21", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-27 17:58:21", "1602837", "qz9.a-311.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 17:35:58", "1602835", "am.dgzy1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 19:37:41", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 17:00:41", "1602834", "v2.a-311.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 16:35:09", "1602828", "k.a-311.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 16:19:13", "1602823", "g4.a-144.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 16:22:47", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 16:01:09", "1602808", "pm7.a-144.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 15:34:16", "1602805", "k4.a-144.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 15:38:53", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 15:18:08", "1602803", "y.a-144.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 14:58:56", "1602800", "z3.u-251.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 15:02:13", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 14:54:13", "1602791", "jo.qekz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:54:12", "1602789", "g.xabz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 13:30:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:54:11", "1602792", "bx.qekz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:54:11", "1602793", "jn.qekz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 14:21:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:54:10", "1602795", "ak.qekz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 14:37:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:54:10", "1602797", "er.qekz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 14:50:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:50:50", "1602798", "qm9.u-251.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 14:37:55", "1602796", "u1.u-251.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 14:21:44", "1602794", "h.u-251.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 13:30:15", "1602790", "r2.o-096.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 13:20:03", "1602787", "n.xabz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 13:19:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 13:19:29", "1602788", "wq9.o-096.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 13:07:16", "1602786", "c7.o-096.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 13:04:42", "1602785", "wz.xabz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 13:07:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 13:00:05", "1602784", "sc.xabz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:46:48", "1602770", "wl.xabz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 12:19:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:45:46", "1602777", "wzlive.support", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-09-27 12:24:48", "1602774", "koadbzmlqiyr.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "", "RAT,ValleyRAT", "0", "abuse_ch" "2025-09-27 12:24:09", "1602772", "hdwyebwfvjs.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2025-09-27 12:24:48", "100", "https://bazaar.abuse.ch/sample/bd637efb8b5d0d620e4dc9bcd3d596b8da685116dcd9ab122bedd369fb912a94/", "RAT,ValleyRAT", "0", "abuse_ch" "2025-09-27 12:19:57", "1602771", "n.o-096.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 12:07:42", "1602769", "m7.e-783.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 12:06:35", "1602685", "0b.nybk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 07:10:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:34", "1602694", "gz.nybk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 08:48:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:34", "1602705", "xq.nybk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 08:58:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:34", "1602707", "pc.mynq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 09:04:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:33", "1602708", "bm.mynq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 09:30:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:33", "1602710", "4j.mynq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 09:45:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:32", "1602714", "dn.mynq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 10:40:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:32", "1602718", "16.mynq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 10:44:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:31", "1602721", "ts.lexz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 11:00:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:30", "1602723", "8f.lexz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 11:09:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:30", "1602747", "vl.lexz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 11:53:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:29", "1602745", "5q.lexz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 11:42:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:29", "1602764", "b5.lexz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 12:07:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:01:05", "1602758", "maps-scoop.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250927-ha6x9afl2z", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-27 11:42:00", "1602746", "tq1.e-783.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 11:53:21", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 11:10:42", "1602740", "hyduwkvd.forum", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:42", "1602741", "ydobniudivan.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:42", "1602742", "hatsalnm.forum", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:42", "1602743", "ebuinwgs.forum", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:42", "1602744", "synrxvtd.forum", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602733", "assalafuz.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602734", "unshyqov.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602735", "inchapxe.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602736", "bloodydi.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602737", "aegiqlfb.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602738", "paleatgh.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602739", "ligmfbx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:40", "1602730", "secrequ.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:40", "1602731", "delazvf.forum", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:40", "1602732", "orinacg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:39", "1602729", "builie.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:37", "1602726", "gregmhy.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:37", "1602727", "sacrakyf.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:37", "1602728", "actmwtn.my", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:36", "1602725", "neighll.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:09:59", "1602724", "b2.e-783.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 11:00:09", "1602722", "x.e-783.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 10:40:47", "1602719", "e1.u-989.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 10:44:19", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 10:36:14", "1602716", "bigstepix.shop", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "c2,domain,Rhadamanthys,stealer", "0", "DonPasci" "2025-09-27 10:29:01", "1602713", "lgbtmeme.shop", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1784034/0/html", "c2,domain,joesandbox,Rhadamanthys,stealer", "0", "DonPasci" "2025-09-27 09:30:43", "1602709", "qk2.u-989.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 09:45:19", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 08:58:28", "1602706", "u5.u-989.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 09:04:17", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 08:48:27", "1602703", "r.u-989.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 07:10:57", "1602686", "k7.u-885.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 05:47:02", "1602331", "media-kg.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250926-vpt88acp3z/behavioral1", "None", "0", "burger" "2025-09-27 05:30:14", "1602675", "aa9.u-885.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 05:29:52", "1602674", "0.nybk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 05:30:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 05:20:11", "1602673", "g.u-885.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 04:53:35", "1602672", "o.nybk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 05:20:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 04:38:47", "1602670", "t1.i-215.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 04:37:15", "1602669", "3.tiqk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 04:38:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 03:52:46", "1602625", "5u.tiqk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 03:54:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 03:38:44", "1602624", "gj.tiqk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 03:40:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 03:16:14", "1602621", "4f.tiqk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 03:16:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 02:48:08", "1602620", "clearate.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:48:08", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-27 02:35:24", "1602619", "q3n.i-215.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 03:54:13", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 02:34:46", "1602618", "8a.tiqk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 02:35:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 02:13:47", "1602617", "6v.jagc.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 02:14:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 01:58:23", "1602616", "u0.jagc.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 01:59:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 01:53:09", "1602615", "m8.i-215.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 02:14:27", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 01:52:41", "1602614", "eq.jagc.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 01:53:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 00:09:33", "1602612", "0m.jagc.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 00:10:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 23:36:19", "1602601", "y2.jagc.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 23:46:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 23:26:02", "1602412", "zs.kunb.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 23:26:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 22:47:14", "1602411", "wq9.a-156.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 00:10:52", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 22:44:39", "1602410", "3i.kunb.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 22:47:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 22:16:01", "1602409", "2.kunb.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 22:17:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 21:17:21", "1602408", "7.nytk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 21:18:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 21:07:04", "1602407", "6.nytk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 21:08:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 21:04:44", "1602406", "c7.a-156.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 22:17:38", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 20:55:12", "1602405", "ik.nytk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 21:04:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 20:50:04", "1602402", "n.a-156.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 20:49:25", "1602401", "w6.nytk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 20:50:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 20:29:27", "1602400", "m7.o-279.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 20:28:54", "1602399", "79.nytk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 20:29:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 19:44:20", "1602360", "s.xyqd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:46:02", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 19:33:26", "1602359", "tq1.o-279.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:46:02", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 19:32:32", "1602358", "di.xyqd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:33:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 19:24:12", "1602357", "ax.xyqd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:26:51", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 19:22:08", "1602356", "b2.o-279.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:26:51", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 19:20:02", "1602355", "c.xyqd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:22:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 18:08:52", "1602343", "x.o-279.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 18:08:09", "1602342", "np.xyqd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 18:08:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 18:00:52", "1602341", "Iusefatalbtw-48418.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-09-26 18:00:52", "100", "https://tria.ge/250926-vkhdvs1yat", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-26 18:00:38", "1602339", "dcgerts.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250926-qhq6rsvps8", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-26 18:00:38", "1602340", "startmenuexperiencehost.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250926-pxhmhahk81", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-26 18:00:37", "1602338", "AseguramayoDC.casacam.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250926-rfwtxaal91", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-26 18:00:19", "1602335", "mean-airline.gl.at.ply", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250926-r9a5asbj91", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-26 18:00:19", "1602336", "original-fan.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250926-s4kxzszzbs", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-26 18:00:19", "1602337", "promole5.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-09-26 18:03:44", "100", "https://tria.ge/250926-rghcxavqx9", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-26 17:55:17", "1602334", "fr.wuhp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 17:56:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 17:42:03", "1602333", "e1.a-342.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 17:56:26", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 17:40:04", "1602332", "b3.wuhp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 17:42:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 17:08:37", "1602330", "qk2.a-342.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 17:07:57", "1602329", "ix.wuhp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 17:08:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:27", "1602327", "ia.wuhp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 17:48:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:26", "1602298", "37.wugh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 13:19:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:24", "1602301", "lexypaster.ddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://tip.neiki.dev/file/459238815cef12916912d15825351651b6222161e9229e7ae66dbf40f733b589", "asyncrat,rat,sheetrat", "1", "Neiki" "2025-09-26 16:57:23", "1602304", "5.wugh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 14:03:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:23", "1602306", "lc.wugh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 17:35:20", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:22", "1602308", "gq.wugh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 14:32:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:22", "1602309", "y3.pihp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 15:12:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:22", "1602311", "0z.pihp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 15:17:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:21", "1602325", "tl.pihp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 16:24:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:36:30", "1602328", "u5.a-342.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 16:24:44", "1602326", "r.a-342.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 16:01:03", "1602321", "update.00m-i.cloud", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 04:01:03", "100", "https://search.censys.io/hosts/20.169.181.39+update.00m-i.cloud", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-09-26 15:17:49", "1602312", "k7.i-661.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 15:12:08", "1602310", "aa9.i-661.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 14:11:32", "1602307", "v2.i-661.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 14:32:35", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 14:02:59", "1602305", "g.i-661.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 13:19:43", "1602300", "aa9.i-574.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 13:18:48", "1602299", "qm8.j287y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 17:35:20", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 13:13:48", "1602277", "e1.lobd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 12:16:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 13:13:47", "1602267", "7w.lobd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 11:50:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 13:13:46", "1602289", "4t.wugh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 13:01:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 13:11:12", "1602296", "fx.aztu.edu.az", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 13:11:11", "1602295", "fx.alexandraparasca.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 13:01:15", "1602291", "xq0.i-574.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 13:00:48", "1602290", "u1.j287y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 12:16:08", "1602279", "c5.i-574.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 12:15:11", "1602278", "h.j287y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 12:00:19", "1602271", "SHADOWii0000-45869.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250926-nzy7lagq6w", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-26 11:50:00", "1602269", "pq9.x874a.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 11:54:10", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 11:49:58", "1602268", "l.i-574.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 11:56:33", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 11:40:46", "1602240", "15.nybh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 07:59:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:40:46", "1602254", "ol.nybh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 08:46:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:40:45", "1602257", "teams-download.buzz", "domain", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "50", "", "None", "0", "burger" "2025-09-26 11:40:45", "1602261", "ap.nybh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 10:07:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:40:44", "1602258", "s5.nybh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 09:40:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:40:43", "1602262", "zc.lobd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 11:56:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:40:43", "1602264", "rt.lobd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 11:05:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:05:54", "1602266", "h1.e-134.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 11:05:31", "1602265", "w3.x874a.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 10:18:40", "1602263", "d.x874a.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 09:38:06", "1602260", "pz8.e-134.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 10:19:51", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 09:35:38", "1602259", "tm7.z413y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 10:07:19", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 08:46:12", "1602256", "w4.e-134.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 08:45:55", "1602255", "x8.z413y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 07:59:46", "1602242", "n.z413y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 07:59:35", "1602241", "d.e-134.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 07:38:13", "1602239", "was-rand.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-26 07:37:24", "1602236", "inversat.cc", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-26 07:37:07", "1602235", "hikylover.st", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-09-26 07:36:51", "1602234", "football-confident.gl.at.ply.gg", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-09-26 07:36:35", "1602233", "x.cheapgylsale.com", "domain", "botnet_cc", "win.bunitu", "None", "Bunitu", "", "50", "", "bunitu,c2", "0", "juroots" "2025-09-26 07:36:34", "1602232", "l.cheapgylsale.com", "domain", "botnet_cc", "win.bunitu", "None", "Bunitu", "", "50", "", "bunitu,c2", "0", "juroots" "2025-09-26 06:49:25", "1601894", "d0.alexandraparasca.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:25", "1601895", "sfr.konebras.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:25", "1601896", "icc.konebras.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:25", "1601897", "d0.aztu.edu.az", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:25", "1601898", "sfr.aztu.edu.az", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:01:24", "1601882", "employment-memorabilia.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250926-b5lr8sz1gy", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-26 06:01:24", "1601883", "mvps-remote.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250926-f3dq3atxes", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-26 06:00:51", "1601878", "nuz8o8.88933.vip", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250926-f1va2atxcw", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-26 06:00:51", "1601879", "omfg131313.dynuddns.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250926-etmf6sdm7t", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-26 06:00:18", "1601876", "aaaxxx6.hopto.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250926-fzkefaej7z", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-26 05:56:51", "1601868", "cnc.feds.gay", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "Mirai", "0", "elfdigest" "2025-09-26 04:12:56", "1601866", "t1.o-554.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 04:10:59", "1601865", "m0.nybh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 04:12:56", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 02:28:09", "1601842", "qz9.o-554.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 02:27:02", "1601841", "lq.pymh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 02:28:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 00:30:49", "1601840", "v2.o-554.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 00:29:49", "1601839", "m3.3r7j7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 04:11:31", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 00:29:46", "1601838", "hk.pymh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 00:30:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-25 22:34:45", "1601590", "xq0.9t6p5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-25 22:33:47", "1601589", "k.o-554.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-25 22:38:34", "100", "None", "clearfake", "1", "ttakvam" "2025-09-25 22:32:31", "1601588", "u.pymh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-25 22:38:34", "100", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 209