################################################################
# ThreatFox IOCs: recent domains - CSV format                  #
# Last updated: 2025-10-20 00:57:55 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2025-10-20 00:57:55", "1618233", "egg.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-20 00:47:32", "1618232", "bay.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-20 00:36:44", "1618231", "mud.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-20 00:33:54", "1618230", "use.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-20 00:27:35", "1618229", "sea.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-20 00:17:20", "1618228", "fix.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-20 00:08:02", "1618227", "gap.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 23:57:10", "1618218", "ink.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 23:48:24", "1618217", "of33333.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 23:38:07", "1618216", "six.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 23:27:37", "1618215", "day.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 23:18:19", "1618214", "lip.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 23:08:31", "1618213", "shy.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 22:57:32", "1618212", "act.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 22:47:12", "1618211", "tea.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 22:37:18", "1618048", "pin.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 22:29:04", "1618047", "mi.limpingbronco.com", "domain", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "", "Amadey", "0", "nickkuechel"
"2025-10-19 22:28:30", "1618046", "car.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 21:59:38", "1618044", "dig.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 21:47:33", "1618043", "m0ma.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 21:34:43", "1618042", "big.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 21:27:24", "1618041", "off.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 21:17:06", "1618040", "rat.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 21:07:18", "1618036", "joy.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 20:58:00", "1618035", "ape.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 20:48:06", "1618034", "try.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 20:34:06", "1618032", "gas.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 20:27:53", "1618031", "us.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 20:15:31", "1618030", "rag.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 20:00:36", "1618015", "sit.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 20:05:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 19:47:15", "1618014", "fat.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 19:39:04", "1618012", "zahcomputers.pk.modpersonnel.support", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "stealthserver", "0", "juroots"
"2025-10-19 19:39:04", "1618013", "cloudstore.cam", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "stealthserver", "0", "juroots"
"2025-10-19 19:38:31", "1618011", "herandhis.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 19:31:48", "1617939", "casadecampoamazonas.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://securelist.com/maverick-banker-distributing-via-whatsapp/117715/", "c2,Maverick", "0", "juroots"
"2025-10-19 19:28:02", "1617938", "few.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 19:17:45", "1617937", "sap.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 19:07:59", "1617936", "me.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 18:54:07", "1617935", "tab.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 18:03:29", "1617931", "zehir.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "https://tria.ge/251019-sye5jsbj7w", "C2,cybergate,domain,rat,triage", "0", "DonPasci"
"2025-10-19 18:03:29", "1617932", "hackingrat.no-ip.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "2025-10-19 18:03:29", "100", "https://tria.ge/251019-swwphsbj6t", "C2,cybergate,domain,rat,triage", "0", "DonPasci"
"2025-10-19 18:01:53", "1617930", "remmom.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251019-r2nqesvqf1", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-10-19 18:01:49", "1617928", "come-social.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251019-tpmzgavpdl", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-10-19 17:31:50", "1617927", "sky7.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 17:26:38", "1617926", "old.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 17:17:52", "1617925", "van.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 17:07:33", "1617924", "top.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 16:58:17", "1617923", "sip.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 16:47:28", "1617922", "art.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 16:37:09", "1617921", "odd.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 16:27:53", "1617920", "sun.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 16:17:06", "1617919", "bit.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 16:18:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 16:07:51", "1617918", "gin.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 16:03:47", "1617917", "sites.dmg-tech.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.191.251.170+sites.dmg-tech.com", "AMAZON-02,AS16509,censys,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-10-19 16:03:30", "1617915", "providence.nutorus.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-10-19 16:03:31", "100", "https://search.censys.io/hosts/50.92.58.195+providence.nutorus.com", "AS852,C2,censys,Havoc,TELUS", "0", "DonPasci"
"2025-10-19 15:57:59", "1617908", "giga.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 15:47:42", "1617907", "cupandhandle.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 22:07:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 15:37:21", "1617906", "see.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 15:38:26", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 15:28:36", "1617905", "my.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 15:23:12", "1617904", "den.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 14:58:55", "1617903", "no555.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 14:36:38", "1617902", "add.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 14:27:53", "1617901", "kit.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 14:18:53", "1617900", "arm.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 14:07:34", "1617899", "ask4it.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 13:57:15", "1617896", "h0p.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 13:48:29", "1617895", "end.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 13:37:00", "1617894", "gun4.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 13:24:04", "1617893", "hen.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 13:17:53", "1617892", "bad.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 13:08:05", "1617891", "tap.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 13:08:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 12:57:41", "1617890", "age.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 12:46:53", "1617888", "banit.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 12:37:29", "1617887", "n0w.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 12:28:43", "1617886", "keyz.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 12:17:11", "1617885", "bag.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 12:07:20", "1617884", "be1.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 12:01:50", "1617874", "parsec-47111.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251019-nswg5agr7y", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-10-19 11:58:45", "1617873", "dad.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 11:59:10", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 11:48:05", "1617872", "by.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 15:08:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 11:37:44", "1617870", "bee.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 11:27:56", "1617869", "mat.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 14:48:07", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 11:17:32", "1617868", "pad.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 11:07:13", "1617867", "lab.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 10:57:54", "1617866", "blackstar.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 10:57:26", "1617865", "hip.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 10:57:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 10:48:09", "1617859", "dip.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 10:49:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 10:37:21", "1617858", "net.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 10:28:35", "1617857", "851.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 10:17:47", "1617856", "061.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 10:07:59", "1617855", "7436901.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 10:01:49", "1617854", "lace.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 09:57:42", "1617853", "160287.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 10:01:49", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 09:50:55", "1617852", "dim.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 09:47:22", "1617851", "93055.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 09:50:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 09:37:33", "1617850", "4084.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 09:27:14", "1617849", "219.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 09:21:27", "1617848", "pond.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 09:20:48", "1617847", "nano2025.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots"
"2025-10-19 09:18:29", "1617845", "034d2.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 09:21:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 09:08:10", "1617844", "118.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 08:57:52", "1617843", "6901420.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 08:48:25", "1617841", "bossone.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:11", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-19 08:47:59", "1617840", "777012.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 08:37:41", "1617839", "30951.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 08:40:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 08:37:26", "1617838", "spark.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 08:40:45", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 08:27:53", "1617837", "8427.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 08:37:26", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 08:22:36", "1617836", "oak.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 08:17:34", "1617835", "501.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 08:22:36", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 08:12:51", "1617834", "brim.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 08:08:19", "1617833", "581.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 08:12:51", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 07:57:24", "1617824", "0789.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 07:48:08", "1617823", "8451203.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 07:40:54", "1617822", "nap.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 07:38:20", "1617821", "706391.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:40:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 07:35:10", "1617820", "41002.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 07:30:01", "1617819", "twig.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 07:27:56", "1617818", "3135.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:30:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 07:17:39", "1617817", "925.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:19:40", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 07:11:21", "1617816", "curl.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:19:40", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 07:07:51", "1617815", "72563.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:11:21", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 06:57:34", "1617814", "080.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:01:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 06:52:27", "1617813", "beam.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:01:14", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 06:48:49", "1617812", "3998107.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 06:52:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 06:41:14", "1617810", "e-cross.gl.at.ply.gg", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-10-19 06:39:56", "1617807", "redirect.dedicated-coords.lol", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots"
"2025-10-19 06:39:04", "1617805", "v1.subgiare.vn", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots"
"2025-10-19 06:39:04", "1617806", "v2.subgiare.vn", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots"
"2025-10-19 06:38:06", "1617799", "gates.subgiare.vn", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots"
"2025-10-19 06:38:06", "1617800", "jaks.ddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots"
"2025-10-19 06:38:06", "1617801", "ze1exlpvm.localto.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots"
"2025-10-19 06:36:19", "1617794", "loft.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 06:31:20", "1617789", "610294.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 06:36:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 06:28:11", "1617788", "57411.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 06:17:21", "1617785", "4920.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 06:24:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 06:16:37", "1617784", "gem.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 06:24:55", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-19 06:08:04", "1617783", "333.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 06:16:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 06:03:46", "1617777", "karmina118.sytes.net", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci"
"2025-10-19 06:03:46", "1617778", "karmina119.sytes.net", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci"
"2025-10-19 06:03:46", "1617779", "nibiru4.duckdns.org", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci"
"2025-10-19 06:03:46", "1617780", "nibiru5.duckdns.org", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci"
"2025-10-19 06:03:46", "1617781", "nibiru6.duckdns.org", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci"
"2025-10-19 06:03:45", "1617776", "karmina117.sytes.net", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci"
"2025-10-19 06:02:11", "1617774", "njkb-24236.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251019-bekr9aymgs", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-10-19 06:02:11", "1617775", "slsryatdf.localto.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-10-19 06:40:58", "100", "https://tria.ge/251019-aqkqysyka1", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-10-19 06:02:02", "1617773", "dc14oct.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251019-eak41abv6a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-10-19 06:01:53", "1617772", "sodfhsiuhdvishvisdhivgh.con-ip.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-10-19 06:41:14", "100", "https://tria.ge/251019-eckk9adp9y", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-10-19 05:57:45", "1617770", "05b8.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 05:47:51", "1617769", "964.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 05:37:33", "1617768", "7123001.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 05:27:46", "1617766", "180264.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 05:17:29", "1617765", "77950.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 05:20:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 05:07:59", "1617764", "6003.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 04:58:21", "1617762", "201.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 04:48:04", "1617761", "913c50.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 04:38:15", "1617760", "0482.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 04:27:56", "1617759", "169.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 04:15:35", "1617758", "7001845.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 04:08:32", "1617757", "55027.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 04:09:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 03:59:05", "1617728", "8321.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 03:47:34", "1617727", "324.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 03:33:11", "1617726", "4137.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 03:27:29", "1617725", "0984.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 03:17:12", "1617724", "5002201.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 03:08:57", "1617723", "620714.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 02:58:09", "1617722", "45019.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 02:48:04", "1617717", "juyu1.yifanyi.app", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:15", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-19 02:47:58", "1617716", "132541.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:09", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-19 02:43:46", "1617715", "1205.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 02:37:33", "1617714", "777.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 02:27:44", "1617713", "07a9.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 02:17:46", "1617712", "34972.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 02:08:29", "1617711", "028.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 01:54:28", "1617710", "7652190.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 02:04:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 01:48:58", "1617709", "100587.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 01:38:24", "1617707", "9026.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 01:28:02", "1617706", "431.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 01:17:45", "1617705", "05c8.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 01:07:54", "1617704", "035.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 00:51:29", "1617702", "9912043.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 00:47:44", "1617701", "260941.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 00:37:09", "1617700", "70018.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 00:27:22", "1617699", "4823.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 00:17:25", "1617698", "719.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 00:23:36", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 00:07:50", "1617697", "42a5.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-19 00:02:42", "1617693", "desktop.dmg-tech.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-19 04:00:49", "100", "https://search.censys.io/hosts/18.191.251.170+desktop.dmg-tech.com", "AMAZON-02,AS16509,censys,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-10-19 00:02:42", "1617694", "assets.dmg-tech.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-19 04:00:50", "100", "https://search.censys.io/hosts/18.191.251.170+assets.dmg-tech.com", "AMAZON-02,AS16509,censys,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-10-18 23:57:01", "1617690", "0615.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 23:49:24", "1617689", "9031542.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 23:37:57", "1617688", "740182.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 23:29:12", "1617686", "56039.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 23:17:21", "1617685", "1207.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 23:07:33", "1617684", "384.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 22:57:14", "1617683", "1m.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 22:41:02", "1617681", "c8.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 22:31:46", "1617680", "p0.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 22:28:05", "1617679", "0zq.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 22:15:36", "1617678", "v3.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 22:19:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 22:07:50", "1617677", "h1.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 21:58:33", "1617676", "s.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 22:00:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 21:47:14", "1617675", "arm.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 21:38:28", "1617674", "rye.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 21:28:10", "1617673", "vet.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 21:17:20", "1617672", "gas.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 21:06:03", "1617671", "gig.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 20:58:08", "1617669", "fit.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 20:45:18", "1617668", "sap.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 20:38:03", "1617667", "ai.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 20:28:35", "1617666", "eh.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 20:10:37", "1617665", "yo.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 20:21:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 20:07:28", "1617664", "pan.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 19:57:02", "1617651", "him.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 19:48:01", "1617650", "far.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 19:39:16", "1617648", "hi.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 19:27:50", "1617647", "six.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 19:11:49", "1617646", "too.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 19:07:38", "1617645", "gab.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 19:11:23", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 18:57:20", "1617644", "gi.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 18:47:33", "1617643", "ice.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 18:38:14", "1617641", "gap.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 18:28:56", "1617640", "zed.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 18:18:08", "1617639", "gin.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 18:02:43", "1617637", "red.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 18:01:57", "1617629", "editor-formula.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251018-s6mjlatkaw", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-10-18 18:01:45", "1617626", "throughout-groundwater.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251018-vdez6aex9h", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-10-18 18:01:45", "1617627", "maxem228666-55949.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251018-r8eq4asnay", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-10-18 18:01:44", "1617625", "example-kit.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251018-v6ng1ahl8t", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-10-18 17:53:57", "1617624", "wed.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 17:17:28", "1617623", "coy.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 17:08:11", "1617622", "wet.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 16:57:22", "1617621", "out.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 16:47:04", "1617620", "he.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 16:37:16", "1617618", "fur.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 16:27:56", "1617617", "rid.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 16:17:39", "1617616", "tic.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 16:20:15", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 16:08:22", "1617614", "id.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 16:01:58", "1617608", "www.mona-ads.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://search.censys.io/hosts/45.86.163.126+www.mona-ads.com", "AS44066,C2,censys,DE-FIRSTCOLO,RAT,SpiceRAT", "0", "DonPasci"
"2025-10-18 15:56:22", "1617607", "gag.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 15:40:27", "1617606", "w1656569g.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 15:37:17", "1617601", "hid.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 15:24:56", "1617599", "wok.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 15:15:08", "1617598", "hag.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 15:20:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 15:07:54", "1617597", "age.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 14:58:08", "1617596", "hay.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 14:47:49", "1617595", "due.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 14:39:27", "1617594", "mist.jix3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 14:37:30", "1617593", "yap.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 14:39:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 14:27:42", "1617592", "fab.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 14:20:52", "1617591", "fig.jix3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 14:18:26", "1617590", "ow.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 14:20:52", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 14:01:54", "1617589", "bold.jix3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 14:01:01", "1617588", "ape.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 14:01:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 13:51:11", "1617587", "art.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:51:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 13:48:02", "1617586", "lot.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 13:41:18", "1617585", "jet.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:51:55", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 13:36:43", "1617584", "air.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:41:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 13:27:50", "1617583", "few.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 17:24:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 13:17:31", "1617582", "try.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:25:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 13:16:48", "1617581", "tray.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:29:07", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 13:07:44", "1617580", "nap.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:16:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 12:59:53", "1617579", "muse.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 12:57:28", "1617578", "er.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:59:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 12:45:36", "1617575", "ban.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:51:03", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 12:38:21", "1617572", "tag.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 12:37:22", "1617571", "bark.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:51:03", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 12:28:03", "1617570", "pat.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:37:22", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 12:18:15", "1617569", "ran.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:28:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 12:07:58", "1617568", "cup.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:11:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 12:01:49", "1617557", "fin.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:11:19", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 12:01:46", "1617556", "pepes18921.webredirect.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251018-lxf7wsek5s", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-10-18 12:01:41", "1617555", "late-operates.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251018-jzka8adr21", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-10-18 11:58:04", "1617554", "can.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:01:49", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 11:47:45", "1617553", "nod.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:51:03", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 11:38:24", "1617552", "dusk.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:51:03", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 11:35:49", "1617551", "jet.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:38:24", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 11:27:23", "1617550", "bog.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:30:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 11:18:13", "1617549", "fern.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:30:01", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 11:15:32", "1617548", "has.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:18:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 11:10:20", "1617547", "era.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:14:20", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 11:08:11", "1617546", "clay.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:14:20", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 11:07:10", "1617545", "inn.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:08:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 10:58:25", "1617544", "its.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:59:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 10:52:06", "1617543", "pun.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 10:51:12", "1617542", "rim.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:59:12", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 10:48:19", "1617540", "51rteswqa.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:10", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-18 10:47:56", "1617539", "pet.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:51:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 10:38:08", "1617538", "ski.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:41:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 10:27:50", "1617537", "bed.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:35:57", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 10:27:14", "1617536", "nest.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:41:01", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 10:19:34", "1617534", "cat.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:27:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 10:15:23", "1617533", "851.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:15:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 10:04:50", "1617532", "glow.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:15:53", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 10:03:32", "1617531", "06d1.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:04:50", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 09:57:20", "1617530", "7436901.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 09:47:31", "1617529", "160287.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 09:37:14", "1617527", "93055.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 09:40:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 09:28:51", "1617526", "4084.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 09:27:57", "1617525", "pine.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 09:40:39", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 09:17:51", "1617523", "219.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 09:27:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 09:05:02", "1617521", "03452.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 08:57:44", "1617520", "118.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 08:49:00", "1617519", "dew.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 08:47:54", "1617518", "6901420.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:49:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 08:37:36", "1617516", "777012.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:42:23", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 08:31:32", "1617515", "sail.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:42:24", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 08:28:20", "1617514", "30951.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:31:32", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 08:18:23", "1617513", "8427.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:19:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 08:08:05", "1617512", "501.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:11:40", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 08:04:28", "1617511", "ray.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:19:26", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 07:58:19", "1617507", "581.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:04:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 07:53:13", "1617506", "forceadvance.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "50", "", "zphp", "0", "juroots"
"2025-10-18 07:52:51", "1617503", "www.montanaivest.online", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-10-18 07:52:51", "1617504", "www.montanaivest.space", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-10-18 07:52:51", "1617505", "www.montanaivest.store", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-10-18 07:52:36", "1617502", "mirailoversddos.duckdns.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots"
"2025-10-18 07:52:20", "1617501", "youth-better.gl.at.ply.gg", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots"
"2025-10-18 07:52:08", "1617499", "asy8808.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots"
"2025-10-18 07:52:08", "1617500", "autodater.ddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots"
"2025-10-18 07:48:01", "1617490", "07c9.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:50:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 07:37:42", "1617478", "8451203.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:43:26", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 07:32:56", "1617476", "mint.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:50:38", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 07:27:54", "1617475", "706391.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:32:56", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 07:18:36", "1617474", "41002.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:19:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 07:07:37", "1617473", "3135.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:11:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 07:01:38", "1617472", "plum.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:19:55", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 06:58:20", "1617471", "925.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:01:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 06:47:20", "1617470", "72563.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 06:50:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 06:38:54", "1617469", "fox.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-10-18 06:38:02", "1617468", "080.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 06:38:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 06:28:14", "1617467", "3998107.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 06:18:25", "1617466", "610294.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 06:07:55", "1617465", "57411.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 05:57:38", "1617464", "4920.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 05:58:44", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 05:47:51", "1617463", "333.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 05:53:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 05:40:05", "1617461", "964.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 05:44:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 05:38:47", "1617460", "05b8.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 05:30:24", "1617459", "7123001.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 05:27:12", "1617458", "180264.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 05:17:23", "1617457", "77950.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 05:08:01", "1617456", "6003.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 04:57:13", "1617455", "201.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 04:47:45", "1617454", "913560.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 04:35:16", "1617453", "0482.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 04:40:40", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 04:29:13", "1617452", "169.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 04:18:42", "1617451", "7001845.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 04:07:27", "1617450", "55027.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 04:01:07", "1617435", "homeoffice.dmg-tech.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-18 04:02:36", "100", "https://search.censys.io/hosts/18.191.251.170+homeoffice.dmg-tech.com", "AMAZON-02,AS16509,censys,EvilGinx,Phishing", "0", "dyingbreeds_"
"2025-10-18 04:00:08", "1617402", "tubifly.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/104.168.135.13+tubifly.com", "AS54290,C2,censys,HOSTWINDS", "0", "dyingbreeds_"
"2025-10-18 03:58:37", "1617401", "8321.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 03:47:18", "1617400", "324.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 03:38:26", "1617399", "04137.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 03:28:07", "1617397", "984.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 03:17:50", "1617396", "5002201.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 03:23:50", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 03:08:01", "1617395", "620714.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 02:57:40", "1617394", "45019.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 02:47:23", "1617393", "1205.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 02:38:37", "1617392", "777.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 02:27:08", "1617391", "581004.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 02:17:20", "1617390", "34972.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 02:08:03", "1617389", "028.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 02:10:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 01:58:17", "1617388", "7652190.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 01:47:59", "1617387", "100587.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 01:37:44", "1617386", "9023.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 01:27:53", "1617385", "431.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 01:17:36", "1617384", "889.08u073852.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-10-18 01:07:18", "1617383", "05a9.08u073852.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
# Number of entries: 366