################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2025-10-20 00:47:32 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-10-20 00:47:32", "1618232", "bay.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-20 00:36:44", "1618231", "mud.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-20 00:33:54", "1618230", "use.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-20 00:27:35", "1618229", "sea.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-20 00:17:20", "1618228", "fix.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-20 00:08:02", "1618227", "gap.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-20 00:04:03", "1618226", "3.91.9.4:1224", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/3.91.9.4", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-10-20 00:03:59", "1618225", "206.189.107.207:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/206.189.107.207", "AdaptixC2,AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "DonPasci" "2025-10-20 00:03:58", "1618224", "34.22.85.55:8091", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/34.22.85.55", "AdaptixC2,AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM", "0", "DonPasci" "2025-10-20 00:03:55", "1618223", "114.67.65.99:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/114.67.65.99", "AS138421,C2,censys,CU-CN-AS,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-10-20 00:03:07", "1618222", "3.209.248.230:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "100", "https://search.censys.io/hosts/3.209.248.230", "AMAZON-AES,AS14618,C2,censys,DeimosC2", "0", "DonPasci" "2025-10-20 00:02:32", "1618221", "27.124.41.58:4443", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/27.124.41.58", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,RAT,Venom", "0", "DonPasci" "2025-10-20 00:02:28", "1618220", "102.117.166.215:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/102.117.166.215", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-10-20 00:01:50", "1618219", "185.194.141.222:62161", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/185.194.141.222", "AS197540,C2,censys,CobaltStrike,cs-watermark-666666666,NETCUP-AS", "0", "DonPasci" "2025-10-19 23:57:10", "1618218", "ink.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 23:48:24", "1618217", "of33333.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 23:38:07", "1618216", "six.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 23:27:37", "1618215", "day.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 23:18:19", "1618214", "lip.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 23:08:31", "1618213", "shy.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 22:57:32", "1618212", "act.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 22:47:12", "1618211", "tea.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 22:44:57", "1618210", "25e9fc6010b89648f02e8da1121c4b29", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:56", "1618206", "d60d944168dc37e539abc2c2a0ec0b301bc076d24373d50bc31aaf8c6c3a8967", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:56", "1618207", "cda3bacaf482ae66746295d93d95d5fe", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:56", "1618208", "657bd6c0a0f6a707e40486a318283d0bd17c8fe2", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:56", "1618209", "07c8a86e797b6ff14abb1f093dd276809d5955b08e8c08d217aafcfe3c3046fc", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:55", "1618202", "8fde8c362bd8a052beeaa34d6037ea9b9c47e59c", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:55", "1618203", "5e532dc348cea226907ee286cc623670b87c8f642262ea771b226b7b684fc7d9", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:55", "1618204", "84109d283687230f5dfcf60dabc59f76", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:55", "1618205", "8476cbccc5b903377d7666749898e60b0d93911c", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:54", "1618199", "9e3eeefb7d8af947709bd6e2f38b67a9408809fe", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:54", "1618200", "a58c8b458a1e1ea8000fd8314decaf3d28f2883e514cd22f1a2174610941011b", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:54", "1618201", "20e04263428ee7c59caeb7248e486ba9", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:53", "1618195", "59659b4e17bb4555c96eea19e4730587", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:53", "1618196", "837be31604e5d639eabf853103fc0ac6158ce8df", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:53", "1618197", "99ad8a05662a178655ad915b6c94984303d16aa9499d65a80d7b26bc2d294a7f", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:53", "1618198", "eba09a554fe5f6d31933e9dbcb2b4d79", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:52", "1618192", "0042f1a21cee068ad4c92e379e95c434", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:52", "1618193", "8239f306ab353e5846df6969ac8fb2c2cfc6b7a6", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:52", "1618194", "b89292463a77b0cf81a6f277e1adfb2391d9f45452e7e3d506681d639e3d0ff5", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:51", "1618188", "e8caac829b55f23bf9ee8880342a529ae2af9f446f820fec1828645d6d15d9f6", "sha256_hash", "payload", "win.xenorat", "None", "XenoRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:51", "1618189", "0e77eec6449ae6d26e684f181d13563d", "md5_hash", "payload", "win.xenorat", "None", "XenoRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:51", "1618190", "b094fa1a9dc3ff487c5816aa85ad676479f64d46", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:51", "1618191", "e0a444eabd9edbb0a12978aab8b58883fc251f47bbb8a01448962c1bd6a1e5e7", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:50", "1618184", "7a3413d3fbdcf97d2fadbe1e0ff188b11459d39f", "sha1_hash", "payload", "win.zingo_stealer", "Ginzo", "ZingoStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:50", "1618185", "763c4764e5d49c51cab7c9157c42d33a66f25204919de72334e7d533375a58d7", "sha256_hash", "payload", "win.zingo_stealer", "Ginzo", "ZingoStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:50", "1618186", "d78a7c5e0add32170ba776f859012e6c", "md5_hash", "payload", "win.zingo_stealer", "Ginzo", "ZingoStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:50", "1618187", "193ceecae1c0fb5312c3ee9217daee2d71135bea", "sha1_hash", "payload", "win.xenorat", "None", "XenoRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:49", "1618181", "6de469e68db986fc78aca190bcacbdeeb77d1cc9", "sha1_hash", "payload", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:49", "1618182", "cabf319baf5f3c955f6e251d101bdc61a1d7c3ced40e3f313c7d43f8571c00dd", "sha256_hash", "payload", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:49", "1618183", "fefd3627416d34ab1f1aef77720fdfe0", "md5_hash", "payload", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:48", "1618177", "fafe849701c2ffe525d1379c93d949cc", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:48", "1618178", "c599c28b9be681b9c31b0bfb3132d79ec68ff9c7", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:48", "1618179", "d8b2e404bea7fea43a3ee579a2b4f823bb5da27a584cfa5b2a57e72527c6c15c", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:48", "1618180", "7db20b1942acf5405f2bddcddb708452", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:47", "1618173", "32526f3023c6fbb3c066ba43fa26400df8e94f47ec60d996139520443c352bee", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:47", "1618174", "51549b44a10df19912ec9adbb7769cdf", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:47", "1618175", "817bca2695b4de82895fae6b857cb21955f262a1", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:47", "1618176", "94fa3ef5e8d5c216b11f1344a61d614b9b970e9e9023fac771a1bb0fe0501cd0", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:46", "1618170", "66d699c0cc4896d7864f839d77cedfc6b49b6080ee687d7a75be7a1552aad144", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:46", "1618171", "aca873cc7fc968ae0e1c40ce4e8da23f", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:46", "1618172", "d4036918f3bc52fa322ab5f987bac597440b9a00", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:45", "1618166", "61606268f507f2715f5a59566b870304029df879", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:45", "1618167", "29c0d4984b75249ca32eb674095996913758b9b91746c788db80a419dd984e50", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:45", "1618168", "623a4ec531da1626002444142417d043", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:45", "1618169", "047a13fa8cb402f707a8a83350654fac17dd079f", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:44", "1618163", "8fa9d99d41947af175315ecc502d2262026f845d", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:44", "1618164", "001b0cc8c936c9ae511779738d2ebd5412f03ce656e1fb64151271b2e1908eb6", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:44", "1618165", "152f613226a8430fbd978db4a9cab7e5", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:43", "1618159", "f39dd5264b784547f60d4d5f1d898ae1", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:43", "1618160", "99a20ea34a69d4a704e3b9446cb66b55d98bdb79", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:43", "1618161", "8e20a148ccc479c3566dd0ea9c518273f6b4df5e9e2e934468c5bab6f9a1c0eb", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:43", "1618162", "8767f0ca7f98d0e0e513afc9e21040fd", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:42", "1618156", "7d278d1b762954f8e7f365694adea615", "md5_hash", "payload", "win.redenergy_stealer", "None", "RedEnergy Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:42", "1618157", "21535db3417a1c9dd4fd820d143bc3979162d2c9", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:42", "1618158", "c17c8b468c08916972bf930c757a555a0620b3800c089872f21bff4678628092", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:41", "1618152", "998cf81f968ac4baf3bd58f4a3fcef2f80f44ff3d9f294a83874ae5389a1868f", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:41", "1618153", "1c2b64540690f500d15939caa3387ef8", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:41", "1618154", "3fc122fc78a3da161dc68d917777c1adf581024c", "sha1_hash", "payload", "win.redenergy_stealer", "None", "RedEnergy Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:41", "1618155", "9de72bbf7efdb9b528351ec7ad706d6197e860a78b2846adf700cbc10d0760fa", "sha256_hash", "payload", "win.redenergy_stealer", "None", "RedEnergy Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:40", "1618148", "d6e4f8e20ea05b946f3a266e279da3891ab6f6e0", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:40", "1618149", "266f6e9f2549af2849ca867871923f1b4b6752247949e095f3b4b6777cafed4c", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:40", "1618150", "ea1fa6af9ee6ea5fdf1664e6018e5b1e", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:40", "1618151", "e63e6204e1717615f020097c32aa2eba7cf5e1d9", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:39", "1618145", "34e4697ce05cf46373e7b7e3e537ded6d63e6fc8", "sha1_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:39", "1618146", "cb29310b5e68fa5f5c4aab781924807aea4f10e1d40164892cbf8651abf7bfd7", "sha256_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:39", "1618147", "843e725eba3cd24a9bf3c6732d8de93f", "md5_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:38", "1618141", "7ffb3572cf07c5c9d51bd934b56b0ab2", "md5_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:38", "1618142", "f3a2e5075a98e42697798449253191c077ccf783", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:38", "1618143", "5e0a4beb8673b04848cb7fd3a0b7db41e1324a8e61cef35bff881faab222abfc", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:38", "1618144", "cc036bc1c4a87c8fc575a4be15341e84", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:37", "1618138", "f2a47a79e28f13804a0def70d58f240b", "md5_hash", "payload", "win.zstealer", "Z*Stealer", "ZStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:37", "1618139", "cf7009f69eb3eb06961740b05ea3a55b5dc39fff", "sha1_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:37", "1618140", "7eb16b0b45dab6d07f6b00b20923751acc5313db25c978ee5f5c42317479af3b", "sha256_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:36", "1618134", "fdb35e60a509a02f08c2d67ad4ff174ad1a84f6afe2ea36613571409f90f5911", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:36", "1618135", "e15cca136f224797b39a056969c96c5a", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:36", "1618136", "477addd3f56fd710ef1a3c71afac4cc234dc9ccc", "sha1_hash", "payload", "win.zstealer", "Z*Stealer", "ZStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:36", "1618137", "39ac23bb74eee07c11557b58d0c4d484c822064cbedf25fe5f651236059b5e7c", "sha256_hash", "payload", "win.zstealer", "Z*Stealer", "ZStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:35", "1618131", "3bacd9c91287fed6490b9c85a293b8b531339c320d79f6ecda28bf74fb563444", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:35", "1618132", "675ceff3331f925e6051a8fddeabfe7e", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:35", "1618133", "efdccc9e2221c4e362c938b508b22c2dafc2404c", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:34", "1618127", "3a58ef61f0f1bffc554d6f59381efffc57c488f2", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:34", "1618128", "25509f262052425db2d825c3da7fd1c46fd340f238f2ac5c48ee0182737a6271", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:34", "1618129", "068659452d0c12e9d6965a74cc921a95", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:34", "1618130", "0ea1c9f75cac194f6dab2b6802af31825d22c584", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:33", "1618124", "a6811d8f4868acda8822ff1aebb01dc9c8332c69", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:33", "1618125", "7a265184b5c9190604f0e8e96584b19208dc9feb6c6cca45eea82852f626a36c", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:33", "1618126", "0a7de1f33c995ce3f240ab6b68684b63", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:32", "1618120", "18a60dcf20b5ba38ce24a550e6d7cd0e", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:32", "1618121", "1e58033c91f9d071b8b58f2f66cce468bcd4d924", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:32", "1618122", "ac0ea1bec62ff284b78817402fda9168abf6171bdea078f812c24fb22bfcd311", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:32", "1618123", "a6ab0e0bd357492df4dce90fd3a626c8", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:31", "1618116", "8ccea06cdc1f3cdcfdd0a9fa2b01316d7d42422b84bfa5422feab22a87feb477", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:31", "1618117", "69957ae31f93d0178e89b2e4ad1bd6c7", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:31", "1618118", "0616d7850862bab0f3e5550328402be14b2e3a9b", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:31", "1618119", "76d04adae4c3745c6b059e1ce15e58b253257234b9d34ac259f71a7d7259d276", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:30", "1618113", "691c7411c7a9e418e81f51c34e323735bcc12dd8c21c7a58ee149b588f3d621b", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:30", "1618114", "fce087e6dc906c6c23e72631522fa890", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:30", "1618115", "566d574eceda14cc711aadaa3f9f0b80b4bb9fbb", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:29", "1618109", "ef9c40a9fd8c4fb1a95203eb1421e88e32b4fa20", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:29", "1618110", "d3f967529bbb788147ccc894f3b4b55e287ca6b7b964d34e3308cab70d05f64b", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:29", "1618111", "08a6be776429ccb8f4561e8a03131136", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:29", "1618112", "178ad0b76d7f2059676e9021e21bcb456004af74", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:28", "1618106", "fc273480ad1123bd72be26d4de3bed691640fefa", "sha1_hash", "payload", "win.meterpreter", "None", "Meterpreter", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:28", "1618107", "4a39cdbca98e3fc773ed44303828f250899874260dbd6f20f4deeca32c78e39f", "sha256_hash", "payload", "win.meterpreter", "None", "Meterpreter", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:28", "1618108", "16c44bb4d15f7d5ddc3d25a11bb052bc", "md5_hash", "payload", "win.meterpreter", "None", "Meterpreter", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:27", "1618102", "53e1c3989efd076c76766d348e89a152", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:27", "1618103", "1ee2db2e5ec2411d86dfe208e5681b7aa43b7e73", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:27", "1618104", "c411f481563dd48db8a218e063da6477062a9cb628d50c666009ad9040dfde21", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:27", "1618105", "3ec541e1a8f74cb9aab3d16cdcc0b1d6", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:26", "1618099", "8f697f00d086e3ad89565ec7ade0539d", "md5_hash", "payload", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:26", "1618100", "6604340822ec755f7ac2c32464506276da0d05b2", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:26", "1618101", "58bfa3720639c8e2a31e1e17b8d9ed710725bc1990bc5c654e64f282b7f33eaa", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:25", "1618096", "4bf47c1dcefd49df9ed60378a5adafc0", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:25", "1618097", "3fbdd78172ffa0b55d504561dbd205fd9cee235a", "sha1_hash", "payload", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:25", "1618098", "efffbda36edcb7d4130f65a57d3966e7694172fb5db37ce48f27849d239066c7", "sha256_hash", "payload", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:24", "1618093", "791a4416de44be3992b2718a893807d0", "md5_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:24", "1618094", "6ab31d1312b29235c8272f60a0c3388b0646f463", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:24", "1618095", "f82213affe81158bcce50557a5668d7938db2b597c630dbc778d816963135223", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:23", "1618090", "de038ee2b5164d994bba7aedcf388a3a", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:23", "1618091", "833c3465159fbfadf9a148e202bd64b8a4c02668", "sha1_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:23", "1618092", "262c9f2d04e3f0321b6a3d6f0695abd34213259de13a5b977d09b5f50d65ccbe", "sha256_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:22", "1618086", "4a4f79286b9e850bbff6d5c6a7a3ef5b382f241791ade08296d4ee294bda0bb9", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:22", "1618087", "99add7b4ac342fd7821d9c494aa4a9a8", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:22", "1618088", "2f84535f68b2331b461255abfc009316fff8a8fb", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:22", "1618089", "c13e46bb26088adf920ba4108efd64453febec6dbf2d634806b36cb9ae0b8a9a", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:21", "1618083", "78fa4293b7004d035265bd615b0c4676255ccf4e6e579984c0bb47cb28b1524d", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:21", "1618084", "d25ae81eac66e61e7cb86cf329d63fac", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:21", "1618085", "91b4d6be823d8bf9b76a6ff3a6b4f8ae6d265a46", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:20", "1618080", "fbe1211fd0df525e49cc2effadab484603bac9b250fb8fef8eb4d1655e56b65f", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:20", "1618081", "5e13c01ac4015c749ff58b378a67f2a9", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:20", "1618082", "55401a3780c1013256ebb5be88071144ba9dba94", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:19", "1618076", "cbf173c62ba90c27e22960c4f57cc254eac5bbc9", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:19", "1618077", "0adc451cc0691b1e3d8a0d05bfd5334d41f19cd7c54dd1d02c40592cdace4f45", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:19", "1618078", "f09c1b061f098216f181b9e39cc5feb1", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:19", "1618079", "5946af1bbeaae2adff1c529e110d510f650cda15", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:18", "1618073", "9e9a9da4bd0252540e4aa83e10f0464a884707b0", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:18", "1618074", "5b36eb63f4519ec3b39981b1e9b5ad10be9ecba8a09b86e87ab41a9a701b9511", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:18", "1618075", "a9cbc6f94d9b2792097b5a1dfbe85f61", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:17", "1618070", "7fe2aa6bdc3d68f3d3f8b1db4e962874f81a45f9", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:17", "1618071", "8a927bcb779dc1d3bdeaf95d39f9c5802e2d649de1577c60adb786f64e888a54", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:17", "1618072", "5000695b684311fc7e1bb6960965fbf5", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:16", "1618066", "686954102621e68218ae11fda60136a8", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:16", "1618067", "bf6677afc96cb84e836a4ac138aaf319e69efb29", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:16", "1618068", "48faed87423764726e02f5428e32a0e1f735fa4ff3e484823f51d5775b463084", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:16", "1618069", "277050abba0946b9ed9f57879a0d6ca7", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:15", "1618063", "9948c58afd2fb386846a496eb6816a09", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:15", "1618064", "e2b9c498f008f61729f0522b1b92c581acbf3c80", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:15", "1618065", "a8ae600d922f800e997019b60fe446a5a4d7b126981791963616bb0e3fa470b5", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:14", "1618059", "4eb9804a8558edab914ee49e62c0335b6bb77df7c2c0e7bcae1d69aa15180e6c", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:14", "1618060", "e8ecafa5df8c88701accf903bb147bfc", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:14", "1618061", "4cf07a3fdc8ff6caaa20a3ee0150dd63ac32d627", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:14", "1618062", "d01a2fb66e6de2d079865445e106535c7522dfc1c406de70423221941f2c1793", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:13", "1618056", "59cf8092c4041feb9527edb9786a5a77dc261b448ee25bcc9d1dc2f3bbe7a88f", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:13", "1618057", "0b51bdab3982ceda407dbed20495666c", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:13", "1618058", "d898da3981d7dfeb12b79cc4d64d203eb4c09a46", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:12", "1618052", "89ff802418be6161945a44d39767a8f91af64708", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:12", "1618053", "6c22a1818f78be2dd32749140bfcaa6d930cf94984f1c58a8f21c1a2b0b27e35", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:12", "1618054", "5e003f02cab7fbe9c8e44a75e022765e", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:12", "1618055", "4fad5c6c2b00487feab3d0bac5e4310fb2248cea", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:11", "1618050", "7df420f9c3846e357c6667378c6430fb32f9c964f4cc48838e61d2ba1d019519", "sha256_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:11", "1618051", "a4fdb2c382d874c8cb72ab67842cad72", "md5_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:44:10", "1618049", "e440a6026cf3cd35fedddc840d62613c6cef374c", "sha1_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2025-10-19 22:37:18", "1618048", "pin.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 22:29:04", "1618047", "mi.limpingbronco.com", "domain", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "", "Amadey", "0", "nickkuechel" "2025-10-19 22:28:30", "1618046", "car.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 22:19:10", "1618045", "https://dn721508.ca.archive.org/0/items/optimized_msi_20251017_0233/optimized_MSI.png", "url", "payload_delivery", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "", "dropper,Remcos", "0", "nickkuechel" "2025-10-19 21:59:38", "1618044", "dig.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 21:47:33", "1618043", "m0ma.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 21:34:43", "1618042", "big.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 21:27:24", "1618041", "off.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 21:17:06", "1618040", "rat.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 21:07:18", "1618036", "joy.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 20:58:00", "1618035", "ape.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 20:48:06", "1618034", "try.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 20:42:52", "1618033", "185.49.70.76:443", "ip:port", "botnet_cc", "win.warmcookie", "Badspace,Carrotstick,QUICKBIND", "WarmCookie", "", "100", "None", "warmcookie", "0", "Rony" "2025-10-19 20:34:06", "1618032", "gas.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 20:27:53", "1618031", "us.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 20:15:31", "1618030", "rag.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 20:03:06", "1618029", "58.244.47.120:10001", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/58.244.47.120", "AS4837,C2,censys,CHINA169-BACKBONE,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-10-19 20:02:55", "1618028", "192.142.10.111:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/192.142.10.111", "AS214036,C2,censys,Gafgyt,open-dir,ULTAHOST-AS", "0", "DonPasci" "2025-10-19 20:02:42", "1618027", "52.22.211.254:443", "ip:port", "botnet_cc", "win.nimplant", "None", "Nimplant", "", "100", "https://search.censys.io/hosts/52.22.211.254", "AMAZON-AES,AS14618,C2,censys,Nimplant", "0", "DonPasci" "2025-10-19 20:02:39", "1618026", "46.250.233.154:8080", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "", "100", "https://search.censys.io/hosts/46.250.233.154", "AS141995,C2,CAPL-AS-AP,censys,Posh", "0", "DonPasci" "2025-10-19 20:02:38", "1618025", "46.250.233.154:8443", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "", "100", "https://search.censys.io/hosts/46.250.233.154", "AS141995,C2,CAPL-AS-AP,censys,Posh", "0", "DonPasci" "2025-10-19 20:02:36", "1618024", "13.228.79.218:5844", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/13.228.79.218", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-10-19 20:02:35", "1618023", "137.220.145.254:443", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/137.220.145.254", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,DcRAT,RAT", "0", "DonPasci" "2025-10-19 20:02:29", "1618022", "136.115.153.49:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/136.115.153.49", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Mythic", "0", "DonPasci" "2025-10-19 20:02:23", "1618020", "196.251.72.72:5444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.72.72", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-10-19 20:02:23", "1618021", "157.20.182.9:4443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/157.20.182.9", "AS152485,AsyncRAT,C2,censys,HOSTER-AS-IN,RAT", "0", "DonPasci" "2025-10-19 20:02:22", "1618019", "117.72.107.55:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/117.72.107.55", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,Supershell", "0", "DonPasci" "2025-10-19 20:01:48", "1618017", "52.230.10.36:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/52.230.10.36", "AS8075,C2,censys,CobaltStrike,cs-watermark-987654321,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-10-19 20:01:48", "1618018", "120.48.123.10:8090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/120.48.123.10", "AS38365,BAIDU,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-10-19 20:01:47", "1618016", "185.196.11.20:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/185.196.11.20", "AS42624,C2,censys,CobaltStrike,cs-watermark-987654321,SWISSNETWORK02", "0", "DonPasci" "2025-10-19 20:00:36", "1618015", "sit.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 20:05:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 19:47:15", "1618014", "fat.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 19:39:04", "1618012", "zahcomputers.pk.modpersonnel.support", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "stealthserver", "0", "juroots" "2025-10-19 19:39:04", "1618013", "cloudstore.cam", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "stealthserver", "0", "juroots" "2025-10-19 19:38:31", "1618011", "herandhis.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 19:36:46", "1618006", "7a946339439eb678316a124b8d700b21de919c81ee5bef33e8cb848b7183927b", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:36:46", "1618007", "10b54abba525686869c9da223250f70270a742b1a056424c943cfc438c40cc50", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:36:46", "1618008", "ece1620e218f2c8b68312c874697c183f400c72a42855d885fc00865e0ccc1a1", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:36:46", "1618009", "ab85924ba95692995ac622172ed7f2ebc1997450d86f5245b03491422be2f3d6", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:36:46", "1618010", "cf39bb998db59d3db92114d2235770a4a6c9cbf6354462cfedd1df09e60fe007", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:36:45", "1617999", "dc64c34ba92375f8dc8ae8cf90a1f535a0aa5a29fcf965af5ad4982cd16e9d71", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:36:45", "1618000", "8f8da8861c368e74b9b5c1c59e64ef00690c5eff4a95e1b4fcf386973895bef1", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:36:45", "1618001", "6347f46d77a47b90789a1209b8f573b2529a6084f858a27d977bf23ee8a79113", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:36:45", "1618002", "662890bb5baba4a7a9ba718bdedd6991fbf9867c83e676172f5527617e05cafa", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:36:45", "1618003", "264d88624ec527458d4734eff6f1e534fcacb77e5616ae61abed94a941389232", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:36:45", "1618004", "56260e90bba2c50af7c6d82e8656224ece23445f1d76e87a97c938ad9883005f", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:36:45", "1618005", "499f16ed2def90b3d4c0de5ca22d8c8080c26a1a405b4078e262a0a34bcb1e31", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://blog.xlab.qianxin.com/apt-stealthserver-en/#ioc", "StealthServer", "0", "juroots" "2025-10-19 19:34:54", "1617994", "964ec70fc2fdf23f928f78c8af63ce50aff058b05787e43c034e04ea6cbe30ef", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:54", "1617995", "d92bb6e47cb0a0bdbb51403528ccfe643a9329476af53b5a729f04a4d2139647", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:54", "1617996", "5dd629b610aee4ed7777e81fc5135d20f59e43b5d9cc55cdad291fcf4b9d20eb", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:54", "1617997", "b912f06cf65233b9767953ccf4e60a1a7c262ae54506b311c65f411db6f70128", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:54", "1617998", "2852770f459c0c6a0ecfc450b29201bd348a55fb3a7a5ecdcc9986127fdb786b", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617976", "a6b736988246610da83ce17c2c15af189d3a3a4f82233e4fedfabdcbbde0cff0", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617977", "74052cf53b45399b31743a6c4d3a1643e125a277e4ddcfcad4f2903b32bc7dc4", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617978", "20bde6276d6355d33396d5ebfc523b4f4587f706b599573de78246811aabd33c", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617979", "e345d793477abbecc2c455c8c76a925c0dfe99ec4c65b7c353e8a8c8b14da2b6", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617980", "96ada593d54949707437fa39628960b1c5d142a5b1cb371339acc8f86dbc7678", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617981", "925e6375deaa38d978e00a73f9353a9d0df81f023ab85cf9a1dc046e403830a8", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617982", "b249814a74dff9316dc29b670e1d8ed80eb941b507e206ca0dfdc4ff033b1c1f", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617983", "9b6fb4c4dd2c0fa86bffb4c64387e5a1a90adb04cb7b5f7e39352f9eae4b93fa", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617984", "d5ead682c9bed748fd13e3f9d0b7d7bacaf4af38839f2e4a35dc899ef1e261e2", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617985", "ece74382ec6f319890e24abbf8e0a022d0a4bd7e0aeaf13c20bab3a37035dcd1", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617986", "2dba8e38ac557374ae8cbf28f5be0541338afba8977fbff9b732dee7cee7b43e", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617987", "11e90765640cbb12b13afa1bcec31f96f50578a5e65e2aa7be24465001b92e41", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617988", "b2245ca7672310681caa52dc72e448983d921463c94cdab0ba9c40ad6b2a58fe", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617989", "c929ee54bdd45df0fa26d0e357ba554ef01159533501ec40f003a374e1e36974", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617990", "c0e3c93c59b45e47dda93438311f50ddb95808fd615a467285c9c359bce02cf0", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617991", "309da3c8422422089b7f9af3b1b3f89e2d5c36e48e4d9d9faa07affb7d9a7b17", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617992", "fdc86a5b3d7df37a72c3272836f743747c47bfbc538f05af9ecf78547fa2e789", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:53", "1617993", "25b1ec4d62c67bd51b43de181e0f7d1bda389345b8c290e35f93ccb444a2cf7a", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "katz", "0", "juroots" "2025-10-19 19:34:05", "1617975", "e5daa86418ac444d590a2c693cd7749d87134c47d8e0dbac30c69f23a8e8131f", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617947", "6f7c5bad09698592411560a236e87acae3195031646ff06a24f1cfada6774ba6", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617948", "6aa2989ebb38e77a247318b5a3410b5d4f72b283c7833a0b800ea7d1de84ccc6", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617949", "4c5d7e437f59b41f9f321be8c17ae1f128c04628107a36f83df21b33d12ff8db", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617950", "639eb0d2c2da5487412e7891638b334927232ff270781fad81dc5371f44f7c8e", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617951", "553d76d0c449377be550570e65e2bcae4371964fc3b539a1e1022d80699da5db", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617952", "a7993775f4518c6c68db08e226c11e51f9bc53314e4ff9385269baac582e2528", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617953", "7ddce5be3642b66c7559821e26877c9f0242c748da64b2e68a81844bb1a6b148", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617954", "84e0a543df302b18f1188139160fc5a8bd669da071e492453d5d6756064ee568", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617955", "97b76d61941b790deff9f025dec55484e32ebff32b1b6e173d6fbf42cd8996ef", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617956", "bf6a5e37097330d7d68b6ac3deb6a10a1d3269be575fd51315774d1e7e1eca34", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617957", "a62a81785714844a099a918c66df9367b5eb14df06e589d59bc81f392358c5cc", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617958", "920309f3822f993afeaa8ec70b4ef6b43dd2562be85cc2985efedc6cda2e7578", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617959", "421c4b4b53d291da2b53c068a491b3913d92fe0eb6f330861e7b60f3d9f8eee7", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617960", "87fae395c0e9ce3631dece94971befa578623ff0540d06539f583df921568814", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617961", "4b8bde867c06b617d731ea9e965bf64800330701942324e475b8119352122e7c", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617962", "3c6a8132df3351e2b7d186d0b3f41847e6920ebcb940548e3c9ed274901104c2", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617963", "76cbb0abd9511aab2cc9dda993e3b9ab77afb09d2959f143647065ca47e725cc", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617964", "ed1b4a03595c59e5a90dd4f02f1993a2c5a43ca46a33aab0d15a1bbb1f8b3d30", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617965", "c44bac8b66ad11756b4c5ff3b1cd7e1187c634088f9e7aa2250067033df24e8d", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617966", "63dfdb4927c0bca64f8952904f463330360eb052f2a2a749bf91a851a2be89b4", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617967", "373c820cc395ea5b9c6f38b9470913e6684e8afea59e9dfeb3da490014074bf1", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617968", "b263df6b58c9259000e45a238327de8c07e79f2e7462c2b687c1c5771bac1dd5", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617969", "f05bc36211301087e403df09daa014ea8f04f5bdae5cef75eb866b56b82af2d6", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617970", "c45d3b6d2237fc500688a73d3ba18335d0002917f1a1f09df6934c87deaa097f", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617971", "fcad234dc2ad5e2d8215bcf6caac29aef62666c34564e723fa6d2eee8b6468ed", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617972", "e05b7f44ef8d0b58cfc2f407b84dcff1cb24e0ec392f792a49ad71e7eab39143", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617973", "87c9bede1feac2e3810f3d269b4492fe0902e6303020171e561face400e9bdb4", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:04", "1617974", "c3de728850dc1e777ad50a211a4be212ca6c4ac9d94bf7bb6d5f7fe5f4574021", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:03", "1617940", "4ab4a37db01eba53ee47b31cba60c7a3771b759633717e2c7b9c75310f57f429", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:03", "1617941", "9ae50e74303cb3392a5f5221815cd210af6f4ebf9632ed8c4007a12defdfa50d", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:03", "1617942", "893ee952fa11f4bdc71aee3d828332f939f93722f2ec4ae6c1edc47bed598345", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:03", "1617943", "b60ee1cd3a2c0ffadaad24a992c1699bcc29e2d2c73107f605264dbf5a10d9b6", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:03", "1617944", "0df13fd42fb4a4374981474ea87895a3830eddcc7f3bd494e76acd604c4004f7", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:03", "1617945", "6051384898e7c2e48a2ffb170d71dbf87e6410206614989a037dac7c11b8d346", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:34:03", "1617946", "01222c6c2dbb021275688b0965e72183876b7adb5363342d7ac49df6c3e36ebe", "sha256_hash", "payload", "unknown_loader", "None", "Unknown Loader", "", "50", "https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/", "PhantomVAI", "0", "juroots" "2025-10-19 19:31:48", "1617939", "casadecampoamazonas.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://securelist.com/maverick-banker-distributing-via-whatsapp/117715/", "c2,Maverick", "0", "juroots" "2025-10-19 19:28:02", "1617938", "few.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 19:17:45", "1617937", "sap.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 19:07:59", "1617936", "me.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 18:54:07", "1617935", "tab.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 18:46:47", "1617934", "3.29.233.176:20326", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-10-20 00:46:34", "75", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2025-10-19 18:44:10", "1617933", "13.126.163.149:113", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-10-20 00:44:05", "75", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2025-10-19 18:03:29", "1617931", "zehir.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "https://tria.ge/251019-sye5jsbj7w", "C2,cybergate,domain,rat,triage", "0", "DonPasci" "2025-10-19 18:03:29", "1617932", "hackingrat.no-ip.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "2025-10-19 18:03:29", "100", "https://tria.ge/251019-swwphsbj6t", "C2,cybergate,domain,rat,triage", "0", "DonPasci" "2025-10-19 18:01:53", "1617930", "remmom.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251019-r2nqesvqf1", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-10-19 18:01:50", "1617929", "82.202.140.218:2323", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251019-s5y61awnat", "AS208677,C2,triage,xworm", "0", "DonPasci" "2025-10-19 18:01:49", "1617928", "come-social.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251019-tpmzgavpdl", "C2,domain,triage,xworm", "0", "DonPasci" "2025-10-19 17:31:50", "1617927", "sky7.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 17:26:38", "1617926", "old.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 17:17:52", "1617925", "van.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 17:07:33", "1617924", "top.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 16:58:17", "1617923", "sip.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 16:47:28", "1617922", "art.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 16:37:09", "1617921", "odd.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 16:27:53", "1617920", "sun.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 16:17:06", "1617919", "bit.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 16:18:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 16:07:51", "1617918", "gin.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 16:03:47", "1617917", "sites.dmg-tech.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.191.251.170+sites.dmg-tech.com", "AMAZON-02,AS16509,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-10-19 16:03:34", "1617916", "51.20.141.234:44817", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-10-20 00:47:19", "100", "https://search.censys.io/hosts/51.20.141.234", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-10-19 16:03:30", "1617915", "providence.nutorus.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-10-19 16:03:31", "100", "https://search.censys.io/hosts/50.92.58.195+providence.nutorus.com", "AS852,C2,censys,Havoc,TELUS", "0", "DonPasci" "2025-10-19 16:03:28", "1617914", "176.124.206.73:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-10-20 00:45:04", "100", "https://search.censys.io/hosts/176.124.206.73", "AEZA-AS,AS210644,C2,censys,Hookbot", "0", "DonPasci" "2025-10-19 16:03:27", "1617913", "51.38.189.142:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-20 00:47:20", "100", "https://search.censys.io/hosts/51.38.189.142", "AS16276,C2,censys,Mythic,OVH", "0", "DonPasci" "2025-10-19 16:03:22", "1617912", "85.239.236.90:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-10-20 00:47:51", "100", "https://search.censys.io/hosts/85.239.236.90", "AS40021,AsyncRAT,C2,censys,CONTABO-40021,RAT", "0", "DonPasci" "2025-10-19 16:03:21", "1617911", "93.233.104.82:51123", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-10-20 00:48:03", "100", "https://search.censys.io/hosts/93.233.104.82", "AS3320,AsyncRAT,C2,censys,DTAG,RAT", "0", "DonPasci" "2025-10-19 16:01:46", "1617909", "83.229.125.175:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/83.229.125.175", "AS139659,C2,censys,CobaltStrike,cs-watermark-987654321,LUCID-AS-AP", "0", "DonPasci" "2025-10-19 16:01:46", "1617910", "124.221.237.102:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/124.221.237.102", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-10-19 15:57:59", "1617908", "giga.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 15:47:42", "1617907", "cupandhandle.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 22:07:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 15:37:21", "1617906", "see.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 15:38:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 15:28:36", "1617905", "my.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 15:23:12", "1617904", "den.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 14:58:55", "1617903", "no555.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 14:36:38", "1617902", "add.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 14:27:53", "1617901", "kit.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 14:18:53", "1617900", "arm.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 14:07:34", "1617899", "ask4it.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 13:57:15", "1617896", "h0p.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 13:48:29", "1617895", "end.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 13:37:00", "1617894", "gun4.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 13:24:04", "1617893", "hen.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 13:17:53", "1617892", "bad.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 13:08:05", "1617891", "tap.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 13:08:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 12:57:41", "1617890", "age.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 12:48:51", "1617889", "106.52.2.166:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:34", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-19 12:46:53", "1617888", "banit.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 12:37:29", "1617887", "n0w.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 12:28:43", "1617886", "keyz.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 12:17:11", "1617885", "bag.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 12:07:20", "1617884", "be1.ngiz5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 12:02:56", "1617883", "1.116.110.49:8001", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/1.116.110.49", "AS45090,C2,censys,hacktool,MetaSploit,Meterpreter,TENCENT-NET-AP", "0", "DonPasci" "2025-10-19 12:02:38", "1617881", "154.209.5.135:9999", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251019-mhj6ns1nbr", "AS142403,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-10-19 12:02:38", "1617882", "154.209.5.135:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251019-mhj6ns1nbr", "AS142403,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-10-19 12:02:34", "1617880", "34.230.185.98:80", "ip:port", "botnet_cc", "win.nimplant", "None", "Nimplant", "", "100", "https://search.censys.io/hosts/34.230.185.98", "AMAZON-AES,AS14618,C2,censys,Nimplant", "0", "DonPasci" "2025-10-19 12:02:31", "1617879", "154.214.55.46:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-10-20 00:44:30", "100", "https://search.censys.io/hosts/154.214.55.46", "AS54801,C2,censys,DeimosC2,ZILLION-NETWORK", "0", "DonPasci" "2025-10-19 12:02:29", "1617878", "93.198.178.7:82", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-10-20 00:48:02", "100", "https://search.censys.io/hosts/93.198.178.7", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci" "2025-10-19 12:02:28", "1617877", "102.96.148.94:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-10-20 00:43:07", "100", "https://search.censys.io/hosts/102.96.148.94", "AS36925,ASMedi,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-10-19 12:02:26", "1617876", "27.124.41.45:4443", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/27.124.41.45", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,RAT,Venom", "0", "DonPasci" "2025-10-19 12:02:03", "1617875", "18.231.188.90:4444", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-10-20 00:45:15", "100", "https://search.censys.io/hosts/18.231.188.90", "AMAZON-02,AS16509,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-10-19 12:01:50", "1617874", "parsec-47111.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251019-nswg5agr7y", "C2,domain,triage,xworm", "0", "DonPasci" "2025-10-19 11:58:45", "1617873", "dad.kpyb0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 11:59:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 11:48:05", "1617872", "by.kvus7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 15:08:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 11:45:07", "1617871", "147.185.221.180:32737", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "None", "RedLineStealer", "0", "abuse_ch" "2025-10-19 11:37:44", "1617870", "bee.wtes4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 11:27:56", "1617869", "mat.cpak0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 14:48:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 11:17:32", "1617868", "pad.bkud4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 11:07:13", "1617867", "lab.rkuc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 10:57:54", "1617866", "blackstar.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 10:57:26", "1617865", "hip.kduk8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 10:57:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 10:49:28", "1617861", "163.181.228.145:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:19", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-19 10:49:28", "1617862", "163.181.228.198:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:19", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-19 10:49:20", "1617860", "155.102.4.140:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:11", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-19 10:48:09", "1617859", "dip.hxit8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 10:49:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 10:37:21", "1617858", "net.ckon0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 10:28:35", "1617857", "851.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 10:17:47", "1617856", "061.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 10:07:59", "1617855", "7436901.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 10:01:49", "1617854", "lace.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 09:57:42", "1617853", "160287.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 10:01:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 09:50:55", "1617852", "dim.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 09:47:22", "1617851", "93055.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 09:50:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 09:37:33", "1617850", "4084.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 09:27:14", "1617849", "219.u521483.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 09:21:27", "1617848", "pond.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 09:20:48", "1617847", "nano2025.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-10-19 09:18:50", "1617846", "https://tk0001.jiayoutiktok.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199fbc3-b287-72f9-b891-b0f99e795e08", "c2,spynote,urlscan", "0", "juroots" "2025-10-19 09:18:29", "1617845", "034d2.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 09:21:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 09:08:10", "1617844", "118.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 08:57:52", "1617843", "6901420.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 08:49:52", "1617842", "42.193.230.26:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:36", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-19 08:48:25", "1617841", "bossone.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:11", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-19 08:47:59", "1617840", "777012.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 08:37:41", "1617839", "30951.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 08:40:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 08:37:26", "1617838", "spark.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 08:40:45", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 08:27:53", "1617837", "8427.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 08:37:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 08:22:36", "1617836", "oak.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 08:17:34", "1617835", "501.u069653.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 08:22:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 08:12:51", "1617834", "brim.bid5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 08:08:19", "1617833", "581.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 08:12:51", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 08:03:45", "1617832", "91.92.241.8:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/91.92.241.8", "AS214943,C2,censys,Gafgyt,open-dir,RAILNET", "0", "DonPasci" "2025-10-19 08:03:32", "1617831", "18.211.169.218:443", "ip:port", "botnet_cc", "win.nimplant", "None", "Nimplant", "", "100", "https://search.censys.io/hosts/18.211.169.218", "AMAZON-AES,AS14618,C2,censys,Nimplant", "0", "DonPasci" "2025-10-19 08:02:54", "1617830", "64.225.117.10:8081", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-10-20 00:47:29", "100", "https://search.censys.io/hosts/64.225.117.10", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-10-19 08:02:46", "1617829", "193.124.205.52:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-10-20 00:45:43", "100", "https://search.censys.io/hosts/193.124.205.52", "AS207994,AsyncRAT,BLOCKCHAIN-CREEK,C2,censys,RAT", "0", "DonPasci" "2025-10-19 08:02:33", "1617828", "109.199.119.43:43160", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-10-20 00:43:53", "100", "https://search.censys.io/hosts/109.199.119.43", "AS51167,C2,censys,CONTABO,RAT,Remcos", "0", "DonPasci" "2025-10-19 08:01:45", "1617827", "154.219.101.102:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:00", "100", "https://search.censys.io/hosts/154.219.101.102", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-100000", "0", "DonPasci" "2025-10-19 08:01:44", "1617826", "192.229.116.100:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:25", "100", "https://search.censys.io/hosts/192.229.116.100", "ANTBOX1-AS-AP,AS138995,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-10-19 08:01:43", "1617825", "155.94.154.27:8078", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:12", "100", "https://search.censys.io/hosts/155.94.154.27", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-10-19 07:57:24", "1617824", "0789.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 07:48:08", "1617823", "8451203.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 07:40:54", "1617822", "nap.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 07:38:20", "1617821", "706391.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:40:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 07:35:10", "1617820", "41002.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 07:30:01", "1617819", "twig.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 07:27:56", "1617818", "3135.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:30:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 07:17:39", "1617817", "925.y438414.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:19:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 07:11:21", "1617816", "curl.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:19:40", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 07:07:51", "1617815", "72563.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:11:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 06:57:34", "1617814", "080.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:01:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 06:52:27", "1617813", "beam.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 07:01:14", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 06:48:49", "1617812", "3998107.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 06:52:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 06:45:07", "1617811", "http://940942cm.nyash.es/UpdatemultiSqlUniversalTrack.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-10-19 06:41:14", "1617810", "e-cross.gl.at.ply.gg", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-10-19 06:40:35", "1617809", "http://tsrv4.ws/23.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "phorpiex", "0", "juroots" "2025-10-19 06:40:09", "1617808", "65.185.19.181:25565", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots" "2025-10-19 06:39:56", "1617807", "redirect.dedicated-coords.lol", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-10-19 06:39:20", "1617670", "91.134.240.139:8080", "ip:port", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "https://threatquery.com/engines/ip.html?value=91.134.240.139&type=ip", "AS16276,c2,LokiBot,threatquery", "0", "threatquery" "2025-10-19 06:39:19", "1617729", "45.207.158.21:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:43", "100", "https://search.censys.io/hosts/45.207.158.21", "AS61112,C2,censys", "0", "dyingbreeds_" "2025-10-19 06:39:19", "1617730", "47.243.175.24:65321", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:50", "100", "https://search.censys.io/hosts/47.243.175.24", "AS45102,C2,censys", "0", "dyingbreeds_" "2025-10-19 06:39:19", "1617731", "1.15.134.238:13356", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:25", "100", "https://search.censys.io/hosts/1.15.134.238", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-10-19 06:39:18", "1617733", "64.225.117.10:8082", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-10-20 00:47:29", "100", "https://search.censys.io/hosts/64.225.117.10", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2025-10-19 06:39:18", "1617734", "213.152.186.116:43763", "ip:port", "botnet_cc", "win.bit_rat", "None", "BitRAT", "2025-10-19 04:02:31", "100", "https://search.censys.io/hosts/213.152.186.116", "AS49453,C2,censys,GLOBALLAYER,RAT", "0", "dyingbreeds_" "2025-10-19 06:39:17", "1617732", "157.20.182.18:4443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-10-20 00:44:32", "100", "https://search.censys.io/hosts/157.20.182.18", "AS152485,C2,censys,RAT", "0", "dyingbreeds_" "2025-10-19 06:39:17", "1617737", "74.124.24.29:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/74.124.24.29", "AS13767,censys,DATABANK-DFW,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:16", "1617735", "177.21.21.15:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/177.21.21.15", "AS28186,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-19 06:39:15", "1617736", "172.86.192.30:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.86.192.30", "AS53732,Botnet,byob,C2,censys,INNSYS", "0", "dyingbreeds_" "2025-10-19 06:39:15", "1617738", "3.232.52.86:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.232.52.86", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:14", "1617739", "154.40.47.52:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.40.47.52", "AS979,censys,GoPhish,NETLAB-SDN,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:14", "1617740", "181.32.34.242:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/181.32.34.242", "AS3816,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:14", "1617741", "128.140.45.123:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/128.140.45.123", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:13", "1617742", "45.141.3.55:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.141.3.55", "AS212663,censys,GoPhish,Phishing,REMOTE-ADMIN-AS", "0", "dyingbreeds_" "2025-10-19 06:39:13", "1617743", "13.37.206.106:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.37.206.106", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:12", "1617745", "66.103.210.105:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/66.103.210.105", "AS35916,censys,GoPhish,MULTA-ASN1,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:11", "1617744", "13.60.244.167:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.60.244.167", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:11", "1617746", "172.172.125.127:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.172.125.127", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:11", "1617747", "200.85.49.125:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/200.85.49.125", "AS23201,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:10", "1617748", "217.76.51.68:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/217.76.51.68", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:10", "1617749", "137.74.41.241:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/137.74.41.241", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:10", "1617750", "124.221.3.225:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/124.221.3.225", "AS45090,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:09", "1617751", "5.75.196.7:4444", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/5.75.196.7", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:09", "1617752", "124.70.11.63:46654", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/124.70.11.63", "AS55990,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:08", "1617753", "147.93.108.235:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/147.93.108.235", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:08", "1617754", "46.101.252.98:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/46.101.252.98", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-19 06:39:08", "1617767", "https://178.22.24.253:58888/gateway/18bv48hp.ve6up", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://app.any.run/tasks/a150ca79-daa7-4de4-87b0-0682c0fc9cec", "Rhadamanthys", "0", "mazznrz" "2025-10-19 06:39:07", "1617763", "http://167.172.107.164:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-19 09:18:53", "100", "None", "AS14061,DigitalOcean LLC,supershell", "0", "antiphishorg" "2025-10-19 06:39:04", "1617805", "v1.subgiare.vn", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-10-19 06:39:04", "1617806", "v2.subgiare.vn", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-10-19 06:38:23", "1617802", "134.209.173.227:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-10-19 06:38:23", "1617803", "134.209.173.227:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-10-19 06:38:23", "1617804", "134.209.173.227:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-10-19 06:38:06", "1617799", "gates.subgiare.vn", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-10-19 06:38:06", "1617800", "jaks.ddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-10-19 06:38:06", "1617801", "ze1exlpvm.localto.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-10-19 06:37:38", "1617798", "https://facai16.liucaiyun88.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlquery.net/report/e650b816-e416-4930-b88e-a64896f9e168", "c2,spynote,urlquery", "0", "juroots" "2025-10-19 06:37:37", "1617797", "https://ele07.xyz/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlquery.net/report/69072bcf-79ca-4546-b865-9a7ffe24d173", "c2,spynote,urlquery", "0", "juroots" "2025-10-19 06:36:20", "1617795", "https://wrat.in/sa1at/https:/wrat.in/sa1at/https:/wrat.in/sa1at/https:/wrat.in/sa1at/dns.googleht", "url", "botnet_cc", "win.salatstealer", "None", "SalatStealer", "", "50", "https://urlquery.net/report/d4fa2d7b-f55e-46f0-8f5c-9ead44e6b6d2", "c2,salatstealer,urlquery", "0", "juroots" "2025-10-19 06:36:20", "1617796", "https://wrat.in/sa1at/programfiles(x86)eprocessor_revision", "url", "botnet_cc", "win.salatstealer", "None", "SalatStealer", "", "50", "https://urlquery.net/report/159c789b-28ae-4585-82be-d3608c164553", "c2,salatstealer,urlquery", "0", "juroots" "2025-10-19 06:36:19", "1617794", "loft.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 06:35:32", "1617791", "https://server3.ninhaine.com/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/303953ca-6c87-4272-9f25-9a8760afdd17", "c2,glupteba,urlquery", "0", "juroots" "2025-10-19 06:35:32", "1617792", "https://server10.rentalhousezz.net/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/38fbf03a-3b56-4baf-becd-ee5aecd42522", "c2,glupteba,urlquery", "0", "juroots" "2025-10-19 06:35:32", "1617793", "https://server11.cdneurop.cloud/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/56366b63-6815-48bc-87a0-2c23a1cc5cf5", "c2,glupteba,urlquery", "0", "juroots" "2025-10-19 06:35:28", "1617790", "https://107.173.152.144:8888/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/f302275f-e220-4eda-9d96-0ace04c74144", "c2,supershell,urlquery", "0", "juroots" "2025-10-19 06:31:20", "1617789", "610294.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 06:36:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 06:28:11", "1617788", "57411.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 06:24:15", "1617787", "https://www.official-website.usdep-osha-portal.help-and-resources.osha-gov.status-drive.top/OSHA-Portal/?ID=gxyPuPq3SU4JEVWS", "url", "payload_delivery", "win.xworm", "None", "XWorm", "", "50", "https://urlquery.net/report/aadf012c-2013-4254-a1d7-4a8a1029fab3", "fakecaptcha,urlquery,xworm", "0", "juroots" "2025-10-19 06:24:14", "1617786", "http://94.159.113.37/ssd.png", "url", "payload_delivery", "win.xworm", "None", "XWorm", "", "50", "https://urlquery.net/report/9b747a48-b27c-47fc-bc99-d56c2818695a", "fakecaptcha,urlquery,xworm", "0", "juroots" "2025-10-19 06:17:21", "1617785", "4920.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 06:24:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 06:16:37", "1617784", "gem.wir2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 06:24:55", "100", "None", "clearfake", "1", "ttakvam" "2025-10-19 06:08:04", "1617783", "333.i327147.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 06:16:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 06:05:56", "1617782", "http://2979.my.to/obinna/king.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "2025-10-19 06:39:25", "100", "https://tria.ge/251019-cbc4nsypf1", "C2,loki,lokibot,triage", "0", "DonPasci" "2025-10-19 06:03:46", "1617777", "karmina118.sytes.net", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci" "2025-10-19 06:03:46", "1617778", "karmina119.sytes.net", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci" "2025-10-19 06:03:46", "1617779", "nibiru4.duckdns.org", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci" "2025-10-19 06:03:46", "1617780", "nibiru5.duckdns.org", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci" "2025-10-19 06:03:46", "1617781", "nibiru6.duckdns.org", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci" "2025-10-19 06:03:45", "1617776", "karmina117.sytes.net", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "https://tria.ge/251019-bhpklsdj9y", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci" "2025-10-19 06:02:11", "1617774", "njkb-24236.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251019-bekr9aymgs", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-10-19 06:02:11", "1617775", "slsryatdf.localto.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-10-19 06:40:58", "100", "https://tria.ge/251019-aqkqysyka1", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-10-19 06:02:02", "1617773", "dc14oct.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251019-eak41abv6a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-10-19 06:01:53", "1617772", "sodfhsiuhdvishvisdhivgh.con-ip.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-10-19 06:41:14", "100", "https://tria.ge/251019-eckk9adp9y", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-10-19 06:01:45", "1617771", "82.22.184.156:7771", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251019-e9dtzaek2y", "AS215703,C2,triage,xworm", "0", "DonPasci" "2025-10-19 05:57:45", "1617770", "05b8.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 05:47:51", "1617769", "964.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 05:37:33", "1617768", "7123001.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 05:27:46", "1617766", "180264.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 05:17:29", "1617765", "77950.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 05:20:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 05:07:59", "1617764", "6003.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 04:58:21", "1617762", "201.i554000.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 04:48:04", "1617761", "913c50.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 04:38:15", "1617760", "0482.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 04:27:56", "1617759", "169.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 04:15:35", "1617758", "7001845.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 04:08:32", "1617757", "55027.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 04:09:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 04:02:53", "1617756", "3.80.223.90:8159", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/3.80.223.90", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-10-19 04:02:03", "1617755", "172.94.36.23:1906", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-10-20 00:45:00", "100", "https://search.censys.io/hosts/172.94.36.23", "AS212238,C2,CDNEXT,censys,RAT,Remcos", "0", "DonPasci" "2025-10-19 03:59:05", "1617728", "8321.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 03:47:34", "1617727", "324.i373582.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 03:33:11", "1617726", "4137.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 03:27:29", "1617725", "0984.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 03:17:12", "1617724", "5002201.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 03:08:57", "1617723", "620714.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 02:58:09", "1617722", "45019.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 02:55:09", "1617721", "185.149.24.201:22330", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-10-19 02:49:16", "1617720", "211.159.178.25:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:28", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-19 02:49:09", "1617719", "175.178.225.121:2083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:22", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-19 02:49:07", "1617718", "159.75.95.192:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:19", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-19 02:48:04", "1617717", "juyu1.yifanyi.app", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:15", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-19 02:47:58", "1617716", "132541.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:09", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-19 02:43:46", "1617715", "1205.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 02:37:33", "1617714", "777.o679975.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 02:27:44", "1617713", "07a9.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 02:17:46", "1617712", "34972.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 02:08:29", "1617711", "028.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 01:54:28", "1617710", "7652190.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 02:04:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 01:48:58", "1617709", "100587.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 01:45:08", "1617708", "196.251.73.187:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-10-19 01:38:24", "1617707", "9026.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 01:28:02", "1617706", "431.o303024.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 01:17:45", "1617705", "05c8.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 01:07:54", "1617704", "035.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 01:00:03", "1617703", "76.72.162.53:3333", "ip:port", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "None", "RevengeRAT", "0", "abuse_ch" "2025-10-19 00:51:29", "1617702", "9912043.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 00:47:44", "1617701", "260941.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 00:37:09", "1617700", "70018.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 00:27:22", "1617699", "4823.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 00:17:25", "1617698", "719.o411213.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-19 00:23:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 00:07:50", "1617697", "42a5.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-19 00:02:59", "1617696", "54.89.229.206:789", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.89.229.206", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-10-19 00:02:58", "1617695", "81.68.194.58:4567", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/81.68.194.58", "AS45090,C2,censys,hacktool,MetaSploit,Meterpreter,TENCENT-NET-AP", "0", "DonPasci" "2025-10-19 00:02:42", "1617693", "desktop.dmg-tech.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-19 04:00:49", "100", "https://search.censys.io/hosts/18.191.251.170+desktop.dmg-tech.com", "AMAZON-02,AS16509,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-10-19 00:02:42", "1617694", "assets.dmg-tech.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-19 04:00:50", "100", "https://search.censys.io/hosts/18.191.251.170+assets.dmg-tech.com", "AMAZON-02,AS16509,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-10-19 00:02:29", "1617692", "13.40.127.157:4841", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/13.40.127.157", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-10-19 00:02:18", "1617691", "45.74.8.8:404", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-10-20 00:47:02", "100", "https://search.censys.io/hosts/45.74.8.8", "AS3223,AsyncRAT,C2,censys,RAT,VOXILITY", "0", "DonPasci" "2025-10-18 23:57:01", "1617690", "0615.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 23:49:24", "1617689", "9031542.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 23:37:57", "1617688", "740182.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 23:35:04", "1617687", "196.119.182.167:10000", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-10-18 23:29:12", "1617686", "56039.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 23:17:21", "1617685", "1207.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 23:07:33", "1617684", "384.i733643.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 22:57:14", "1617683", "1m.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 22:55:04", "1617682", "101.200.124.250:7890", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "None", "Meterpreter", "0", "abuse_ch" "2025-10-18 22:41:02", "1617681", "c8.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 22:31:46", "1617680", "p0.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 22:28:05", "1617679", "0zq.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 22:15:36", "1617678", "v3.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 22:19:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 22:07:50", "1617677", "h1.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 21:58:33", "1617676", "s.5e8y8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 22:00:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 21:47:14", "1617675", "arm.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 21:38:28", "1617674", "rye.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 21:28:10", "1617673", "vet.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 21:17:20", "1617672", "gas.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 21:06:03", "1617671", "gig.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 20:58:08", "1617669", "fit.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 20:45:18", "1617668", "sap.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 20:38:03", "1617667", "ai.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 20:28:35", "1617666", "eh.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 20:10:37", "1617665", "yo.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 20:21:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 20:07:28", "1617664", "pan.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 20:03:04", "1617663", "213.176.19.66:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-10-20 00:46:18", "100", "https://search.censys.io/hosts/213.176.19.66", "AS207713,BianLian,C2,censys,GIR-AS", "0", "DonPasci" "2025-10-18 20:02:43", "1617661", "176.65.148.166:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-10-19 04:00:41", "100", "https://search.censys.io/hosts/176.65.148.166", "AS51396,C2,censys,moobot,PFCLOUD", "0", "DonPasci" "2025-10-18 20:02:43", "1617662", "176.46.152.89:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-10-19 04:00:42", "100", "https://search.censys.io/hosts/176.46.152.89", "AS214351,C2,censys,FEMOIT,moobot", "0", "DonPasci" "2025-10-18 20:02:32", "1617660", "15.160.191.234:44817", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-10-20 00:44:28", "100", "https://search.censys.io/hosts/15.160.191.234", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-10-18 20:02:26", "1617659", "79.137.196.144:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-10-19 04:00:23", "100", "https://search.censys.io/hosts/79.137.196.144", "AEZA-AS,AS210644,C2,censys,Hookbot", "0", "DonPasci" "2025-10-18 20:02:20", "1617657", "193.124.205.52:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-10-20 00:45:43", "100", "https://search.censys.io/hosts/193.124.205.52", "AS207994,AsyncRAT,BLOCKCHAIN-CREEK,C2,censys,RAT", "0", "DonPasci" "2025-10-18 20:02:20", "1617658", "157.20.182.18:2026", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-10-20 00:44:32", "100", "https://search.censys.io/hosts/157.20.182.18", "AS152485,AsyncRAT,C2,censys,HOSTER-AS-IN,RAT", "0", "DonPasci" "2025-10-18 20:02:16", "1617656", "195.246.231.248:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/195.246.231.248", "AS44925,C2,censys,payload,Sliver,THE-1984-AS", "0", "DonPasci" "2025-10-18 20:02:09", "1617655", "16.171.175.22:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-10-20 00:44:38", "100", "https://search.censys.io/hosts/16.171.175.22", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci" "2025-10-18 20:02:01", "1617654", "206.119.178.33:2043", "ip:port", "botnet_cc", "elf.gobrat", "None", "GobRAT", "", "100", "https://search.censys.io/hosts/206.119.178.33", "AS133199,C2,censys,GobRAT,RAT,SONDERCLOUDLIMITED-AS-AP", "0", "DonPasci" "2025-10-18 20:01:44", "1617653", "198.55.109.241:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:27", "100", "https://search.censys.io/hosts/198.55.109.241", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-10-18 20:01:42", "1617652", "5.199.139.36:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:54", "100", "https://search.censys.io/hosts/5.199.139.36", "AS24961,C2,censys,CobaltStrike,cs-watermark-987654321,MYLOC-AS", "0", "DonPasci" "2025-10-18 19:57:02", "1617651", "him.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 19:48:01", "1617650", "far.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 19:40:05", "1617649", "154.91.84.96:9865", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-10-18 19:39:16", "1617648", "hi.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 19:27:50", "1617647", "six.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 19:11:49", "1617646", "too.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 19:07:38", "1617645", "gab.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 19:11:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 18:57:20", "1617644", "gi.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 18:47:33", "1617643", "ice.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 18:44:11", "1617642", "135.125.107.53:9443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2025-10-20 00:44:08", "75", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2025-10-18 18:38:14", "1617641", "gap.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 18:28:56", "1617640", "zed.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 18:18:08", "1617639", "gin.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 18:10:07", "1617638", "193.233.164.21:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-10-18 18:02:43", "1617637", "red.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 18:02:37", "1617633", "154.23.184.79:3303", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251018-s7dm3sgp9t", "AS140227,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-10-18 18:02:37", "1617634", "103.236.70.38:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251018-r88zyafr6w", "AS134768,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-10-18 18:02:37", "1617635", "103.236.70.38:8888", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251018-r88zyafr6w", "AS134768,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-10-18 18:02:37", "1617636", "103.236.70.38:80", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251018-r88zyafr6w", "AS134768,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-10-18 18:02:36", "1617630", "38.47.221.20:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251018-tyfazsspal", "AS140227,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-10-18 18:02:36", "1617631", "154.23.184.79:3301", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251018-s7dm3sgp9t", "AS140227,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-10-18 18:02:36", "1617632", "154.23.184.79:3302", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251018-s7dm3sgp9t", "AS140227,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-10-18 18:01:57", "1617629", "editor-formula.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251018-s6mjlatkaw", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-10-18 18:01:47", "1617628", "64.225.69.61:7895", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251018-szq87sgp2v", "AS14061,C2,rat,remcos,triage", "0", "DonPasci" "2025-10-18 18:01:45", "1617626", "throughout-groundwater.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251018-vdez6aex9h", "C2,domain,triage,xworm", "0", "DonPasci" "2025-10-18 18:01:45", "1617627", "maxem228666-55949.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251018-r8eq4asnay", "C2,domain,triage,xworm", "0", "DonPasci" "2025-10-18 18:01:44", "1617625", "example-kit.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251018-v6ng1ahl8t", "C2,domain,triage,xworm", "0", "DonPasci" "2025-10-18 17:53:57", "1617624", "wed.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 17:17:28", "1617623", "coy.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 17:08:11", "1617622", "wet.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 16:57:22", "1617621", "out.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 16:47:04", "1617620", "he.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 16:40:06", "1617619", "5.175.234.16:7010", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-10-18 16:37:16", "1617618", "fur.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 16:27:56", "1617617", "rid.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 16:17:39", "1617616", "tic.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 16:20:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 16:15:03", "1617615", "31.223.81.157:1337", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2025-10-18 16:08:22", "1617614", "id.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 16:02:24", "1617612", "119.167.245.20:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-10-20 00:43:58", "100", "https://search.censys.io/hosts/119.167.245.20", "AS4837,C2,censys,CHINA169-BACKBONE,DeimosC2", "0", "DonPasci" "2025-10-18 16:02:24", "1617613", "89.116.44.137:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-10-20 00:47:54", "100", "https://search.censys.io/hosts/89.116.44.137", "AS46475,C2,censys,DeimosC2,LIMESTONENETWORKS", "0", "DonPasci" "2025-10-18 16:02:21", "1617611", "56.228.6.106:27957", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-10-20 00:47:25", "100", "https://search.censys.io/hosts/56.228.6.106", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-10-18 16:02:17", "1617610", "45.45.218.216:8082", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-10-19 04:00:23", "100", "https://search.censys.io/hosts/45.45.218.216", "AS63473,C2,censys,Hookbot,HOSTHATCH", "0", "DonPasci" "2025-10-18 16:02:16", "1617609", "161.35.224.107:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-20 00:44:41", "100", "https://search.censys.io/hosts/161.35.224.107", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-10-18 16:01:58", "1617608", "www.mona-ads.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://search.censys.io/hosts/45.86.163.126+www.mona-ads.com", "AS44066,C2,censys,DE-FIRSTCOLO,RAT,SpiceRAT", "0", "DonPasci" "2025-10-18 15:56:22", "1617607", "gag.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 15:40:27", "1617606", "w1656569g.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 15:38:57", "1617522", "http://196.251.114.38/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS401116,Nybula LLC,unam", "0", "antiphishorg" "2025-10-18 15:38:56", "1617600", "http://103.77.241.42/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-10-18 15:38:51", "1617605", "45.58.56.34:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-10-18 15:38:50", "1617603", "47.108.117.100:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-10-18 15:38:50", "1617604", "192.229.116.99:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:25", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-10-18 15:38:30", "1617602", "119.94.50.160:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-19 20:01:47", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-10-18 15:37:17", "1617601", "hid.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 15:24:56", "1617599", "wok.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 15:15:08", "1617598", "hag.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 15:20:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 15:07:54", "1617597", "age.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 14:58:08", "1617596", "hay.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 14:47:49", "1617595", "due.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 14:39:27", "1617594", "mist.jix3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 14:37:30", "1617593", "yap.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 14:39:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 14:27:42", "1617592", "fab.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 14:20:52", "1617591", "fig.jix3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 14:18:26", "1617590", "ow.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 14:20:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 14:01:54", "1617589", "bold.jix3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 14:01:01", "1617588", "ape.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 14:01:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 13:51:11", "1617587", "art.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:51:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 13:48:02", "1617586", "lot.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 13:41:18", "1617585", "jet.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:51:55", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 13:36:43", "1617584", "air.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:41:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 13:27:50", "1617583", "few.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 17:24:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 13:17:31", "1617582", "try.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:25:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 13:16:48", "1617581", "tray.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:29:07", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 13:07:44", "1617580", "nap.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 13:16:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 12:59:53", "1617579", "muse.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 12:57:28", "1617578", "er.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:59:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 12:49:25", "1617577", "143.92.43.246:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-18 12:49:07", "1617576", "114.132.235.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:40", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-18 12:45:36", "1617575", "ban.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:51:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 12:44:25", "1617574", "https://pastebin.com/raw/Fxzr3jeT", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "https://app.any.run/tasks/b5496615-c506-4f1f-b823-40c290e0d91b", "c2,xworm", "0", "juroots" "2025-10-18 12:41:28", "1617573", "91.92.241.145:59013", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "https://app.any.run/tasks/09601994-5630-4259-867a-a918617ebab9", "c2,xworm", "0", "juroots" "2025-10-18 12:38:21", "1617572", "tag.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 12:37:22", "1617571", "bark.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:51:03", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 12:28:03", "1617570", "pat.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:37:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 12:18:15", "1617569", "ran.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:28:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 12:07:58", "1617568", "cup.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:11:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 12:02:56", "1617567", "168.245.200.176:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/168.245.200.176", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-10-18 12:02:41", "1617565", "123.123.151.50:7777", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251018-f6p89sypay", "AS4808,C2,CHINA169-BJ,rat,triage,valleyrat", "0", "DonPasci" "2025-10-18 12:02:41", "1617566", "123.123.151.50:9999", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251018-f6p89sypay", "AS4808,C2,CHINA169-BJ,rat,triage,valleyrat", "0", "DonPasci" "2025-10-18 12:02:30", "1617564", "125.227.185.100:22053", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-10-20 00:44:04", "100", "https://search.censys.io/hosts/125.227.185.100", "AS3462,C2,censys,DeimosC2,HINET", "0", "DonPasci" "2025-10-18 12:02:27", "1617563", "13.36.178.155:41795", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-10-20 00:44:06", "100", "https://search.censys.io/hosts/13.36.178.155", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-10-18 12:02:22", "1617562", "194.5.97.227:1604", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-10-19 04:00:26", "100", "https://search.censys.io/hosts/194.5.97.227", "AS149020,C2,censys,Quasar,RAT,WEBHORIZON-AS-AP", "0", "DonPasci" "2025-10-18 12:02:21", "1617561", "91.92.242.76:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-10-19 04:00:24", "100", "https://search.censys.io/hosts/91.92.242.76", "AS209800,C2,censys,Hookbot,METASPINNER-ASN", "0", "DonPasci" "2025-10-18 12:02:20", "1617560", "138.68.177.82:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-20 00:44:12", "100", "https://search.censys.io/hosts/138.68.177.82", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-10-18 12:02:14", "1617559", "148.251.67.144:50000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-10-20 00:44:26", "100", "https://search.censys.io/hosts/148.251.67.144", "AS24940,AsyncRAT,C2,censys,HETZNER-AS,RAT", "0", "DonPasci" "2025-10-18 12:01:52", "1617558", "81.214.22.14:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-10-19 20:02:31", "100", "https://tria.ge/251018-n2ldhs1ke1", "AS9121,C2,quasar,rat,triage,TTNET", "0", "DonPasci" "2025-10-18 12:01:49", "1617557", "fin.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:11:19", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 12:01:46", "1617556", "pepes18921.webredirect.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251018-lxf7wsek5s", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-10-18 12:01:41", "1617555", "late-operates.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251018-jzka8adr21", "C2,domain,triage,xworm", "0", "DonPasci" "2025-10-18 11:58:04", "1617554", "can.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 12:01:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 11:47:45", "1617553", "nod.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:51:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 11:38:24", "1617552", "dusk.gyj0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:51:03", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 11:35:49", "1617551", "jet.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:38:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 11:27:23", "1617550", "bog.qvik5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:30:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 11:18:13", "1617549", "fern.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:30:01", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 11:15:32", "1617548", "has.cqom9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:18:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 11:10:20", "1617547", "era.mzas7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:14:20", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 11:08:11", "1617546", "clay.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:14:20", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 11:07:10", "1617545", "inn.jrih5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 11:08:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 10:58:25", "1617544", "its.npoj2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:59:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 10:52:06", "1617543", "pun.wkej2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 10:51:12", "1617542", "rim.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:59:12", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 10:48:51", "1617541", "114.67.243.235:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:41", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-18 10:48:19", "1617540", "51rteswqa.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:48:10", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-18 10:47:56", "1617539", "pet.rqyp1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:51:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 10:38:08", "1617538", "ski.jsuv0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:41:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 10:27:50", "1617537", "bed.sjyj1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:35:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 10:27:14", "1617536", "nest.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:41:01", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 10:20:02", "1617535", "185.208.158.78:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-10-19 20:02:31", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2025-10-18 10:19:34", "1617534", "cat.khoc9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:27:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 10:15:23", "1617533", "851.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:15:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 10:04:50", "1617532", "glow.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:15:53", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 10:03:32", "1617531", "06d1.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 10:04:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 09:57:20", "1617530", "7436901.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 09:47:31", "1617529", "160287.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 09:40:03", "1617528", "43.225.47.23:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-10-18 09:37:14", "1617527", "93055.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 09:40:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 09:28:51", "1617526", "4084.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 09:27:57", "1617525", "pine.luv6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 09:40:39", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 09:22:10", "1617524", "194.33.61.103:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1797558/0/iochtml", "AS215826,joesandbox,PARTNER-HOSTING-LTD,Rhadamanthys,stealer", "0", "DonPasci" "2025-10-18 09:17:51", "1617523", "219.93i197934.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 09:27:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 09:05:02", "1617521", "03452.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 08:57:44", "1617520", "118.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 08:49:00", "1617519", "dew.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 08:47:54", "1617518", "6901420.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:49:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 08:44:12", "1617517", "135.125.107.53:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2025-10-20 00:44:08", "75", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2025-10-18 08:37:36", "1617516", "777012.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:42:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 08:31:32", "1617515", "sail.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:42:24", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 08:28:20", "1617514", "30951.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:31:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 08:18:23", "1617513", "8427.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:19:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 08:08:05", "1617512", "501.49o103159.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:11:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 08:04:28", "1617511", "ray.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:19:26", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 08:02:53", "1617510", "3.26.67.220:554", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-10-20 00:46:33", "100", "https://search.censys.io/hosts/3.26.67.220", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-10-18 08:02:48", "1617509", "181.161.10.162:8080", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-10-19 04:00:25", "100", "https://search.censys.io/hosts/181.161.10.162", "AS7418,C2,censys,Quasar,RAT,TELEFONICA", "0", "DonPasci" "2025-10-18 08:02:41", "1617508", "107.173.152.144:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-19 04:00:17", "100", "https://search.censys.io/hosts/107.173.152.144", "AS-COLOCROSSING,AS36352,C2,censys,Supershell", "0", "DonPasci" "2025-10-18 07:58:19", "1617507", "581.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 08:04:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 07:53:13", "1617506", "forceadvance.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "50", "", "zphp", "0", "juroots" "2025-10-18 07:52:51", "1617503", "www.montanaivest.online", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-10-18 07:52:51", "1617504", "www.montanaivest.space", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-10-18 07:52:51", "1617505", "www.montanaivest.store", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-10-18 07:52:36", "1617502", "mirailoversddos.duckdns.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-10-18 07:52:20", "1617501", "youth-better.gl.at.ply.gg", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-10-18 07:52:08", "1617499", "asy8808.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-10-18 07:52:08", "1617500", "autodater.ddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-10-18 07:51:04", "1617498", "https://106.52.154.100:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/b2bbbda7-68c7-4090-bcef-57c00da730e6", "c2,supershell,urlquery", "0", "juroots" "2025-10-18 07:49:28", "1617497", "https://sec0de.cc/user.php?page=login", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://urlscan.io/result/0199f64b-8230-74f8-9e72-cd4a5ece8b47", "c2,raptor,urlscan", "0", "juroots" "2025-10-18 07:48:57", "1617496", "http://196.251.114.38/pages/login.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0199f64b-08a5-751e-8751-2a7bc192e36e", "c2,unam,urlscan", "0", "juroots" "2025-10-18 07:48:39", "1617495", "http://79.137.196.144/", "url", "payload_delivery", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/0199f64a-c391-775e-aa4d-6da76cd2a4ff", "c2,hookbot,urlscan", "0", "juroots" "2025-10-18 07:48:21", "1617494", "http://45.134.26.131/kaWt2QXfpPueNM/Login.php", "url", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/0199f64a-7f3a-759c-bfe3-60744c1dedb1", "amadey,c2,urlscan", "0", "juroots" "2025-10-18 07:48:20", "1617492", "https://185.208.156.252/u9dvjmfd/index.php", "url", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/0199f64a-78c3-77d1-a813-6507684da186", "amadey,c2,urlscan", "0", "juroots" "2025-10-18 07:48:20", "1617493", "http://91.92.242.27/kaWt2QXfpPueNM/Header.php", "url", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/0199f64a-7c85-702a-95fd-1f459be1df65", "amadey,c2,urlscan", "0", "juroots" "2025-10-18 07:48:19", "1617491", "https://191.96.225.126/appstore/index.php", "url", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/0199f64a-74c6-75f8-b361-fe40d1a0c9a8", "amadey,c2,urlscan", "0", "juroots" "2025-10-18 07:48:01", "1617490", "07c9.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:50:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 07:47:54", "1617489", "http://47.236.166.45:8888/supershell/login", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0199f64a-136d-74df-b3aa-bcf34acceb72", "c2,supershell,urlscan", "0", "juroots" "2025-10-18 07:47:53", "1617488", "http://107.174.64.180:8888/supershell/login", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0199f64a-0f9e-73c9-be40-4d2e5927c719", "c2,supershell,urlscan", "0", "juroots" "2025-10-18 07:47:52", "1617487", "http://106.52.154.100:8888/supershell/login", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0199f64a-0c0e-708b-ae1d-816513cbf0b4", "c2,supershell,urlscan", "0", "juroots" "2025-10-18 07:47:48", "1617486", "https://doudouni18.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-fdda-77e1-8344-2a8816090068", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:47", "1617485", "https://doudouni15.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-f7cd-7399-b337-7f2f11c21b38", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:45", "1617484", "https://doudouni13.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-f088-749e-b0f4-66c40e4c1118", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:43", "1617483", "https://doudouni12.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-e7fc-77dc-9024-22a1887edc8d", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:40", "1617482", "https://doudouni01.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-df0e-755b-98fe-5468bd49c0c3", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:38", "1617481", "https://sea0123.malaysiatiktok.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-d7ec-71b6-8d31-7969ccbe1b3f", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:37", "1617480", "https://ustr.nouz.cn/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-d3c6-725a-8807-69cdd55f5ec9", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:36", "1617479", "https://xmg102.wxlmail.com/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-cf9f-70ad-9bfc-b4e5a738c89e", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:37:42", "1617478", "8451203.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:43:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 07:35:03", "1617477", "85.208.84.208:4411", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2025-10-19 06:21:03", "100", "None", "XWorm", "0", "abuse_ch" "2025-10-18 07:32:56", "1617476", "mint.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:50:38", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 07:27:54", "1617475", "706391.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:32:56", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 07:18:36", "1617474", "41002.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:19:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 07:07:37", "1617473", "3135.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:11:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 07:01:38", "1617472", "plum.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:19:55", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 06:58:20", "1617471", "925.31e854642.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 07:01:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 06:47:20", "1617470", "72563.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 06:50:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 06:38:54", "1617469", "fox.wib8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-10-18 06:38:02", "1617468", "080.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 06:38:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 06:28:14", "1617467", "3998107.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 06:18:25", "1617466", "610294.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 06:07:55", "1617465", "57411.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 05:57:38", "1617464", "4920.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 05:58:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 05:48:24", "1617299", "https://lh24h7tp-5500.euw.devtunnels.ms/checker/1.pdb", "url", "payload_delivery", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://tria.ge/251017-p7v1ksdr8y/behavioral1", "DCRat,RAT", "0", "burger" "2025-10-18 05:47:51", "1617463", "333.37i658094.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 05:53:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 05:45:12", "1617462", "45.155.54.62:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "", "APT,APT36,StealthServer,TransparentTribe", "0", "abuse_ch" "2025-10-18 05:40:05", "1617461", "964.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 05:44:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 05:38:47", "1617460", "05b8.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 05:30:24", "1617459", "7123001.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 05:27:12", "1617458", "180264.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 05:17:23", "1617457", "77950.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 05:08:01", "1617456", "6003.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 04:57:13", "1617455", "201.30u241207.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 04:47:45", "1617454", "913560.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 04:35:16", "1617453", "0482.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 04:40:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 04:29:13", "1617452", "169.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 04:18:42", "1617451", "7001845.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 04:07:27", "1617450", "55027.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 04:02:24", "1617449", "41.141.124.55:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-10-20 00:46:48", "100", "https://search.censys.io/hosts/41.141.124.55", "AS36903,C2,censys,MT-MPLS,Netsupport,RAT", "0", "DonPasci" "2025-10-18 04:01:20", "1617447", "168.138.228.68:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/168.138.228.68", "AS31898,censys,GoPhish,ORACLE-BMC-31898,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:20", "1617448", "119.28.6.250:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/119.28.6.250", "AS132203,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:19", "1617446", "198.46.143.115:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/198.46.143.115", "AS-COLOCROSSING,AS36352,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:18", "1617444", "192.248.161.226:3000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/192.248.161.226", "AS-VULTR,AS20473,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:18", "1617445", "34.105.192.157:3389", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.105.192.157", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:17", "1617442", "109.73.201.245:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/109.73.201.245", "AS9123,censys,GoPhish,Phishing,TIMEWEB-AS", "0", "dyingbreeds_" "2025-10-18 04:01:17", "1617443", "193.70.42.0:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.70.42.0", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:16", "1617440", "37.59.112.102:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/37.59.112.102", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:16", "1617441", "18.135.6.22:2222", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.135.6.22", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:15", "1617438", "16.171.17.38:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/16.171.17.38", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:15", "1617439", "52.204.61.251:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.204.61.251", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:14", "1617437", "44.216.161.8:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/44.216.161.8", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:13", "1617436", "40.84.43.13:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/40.84.43.13", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-10-18 04:01:07", "1617435", "homeoffice.dmg-tech.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-18 04:02:36", "100", "https://search.censys.io/hosts/18.191.251.170+homeoffice.dmg-tech.com", "AMAZON-02,AS16509,censys,EvilGinx,Phishing", "0", "dyingbreeds_" "2025-10-18 04:00:54", "1617432", "118.91.36.181:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/118.91.36.181", "AS10175,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:54", "1617433", "61.77.145.112:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/61.77.145.112", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:54", "1617434", "39.109.145.78:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/39.109.145.78", "AS55430,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:53", "1617429", "70.94.36.247:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/70.94.36.247", "AS11427,Botnet,byob,C2,censys,TWC-11427-TEXAS", "0", "dyingbreeds_" "2025-10-18 04:00:53", "1617430", "211.193.130.88:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/211.193.130.88", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:53", "1617431", "220.92.72.82:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/220.92.72.82", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:52", "1617425", "212.251.145.230:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/212.251.145.230", "AS2119,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:52", "1617426", "41.205.51.242:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/41.205.51.242", "AS36907,Botnet,byob,C2,censys,TVCaboAngola", "0", "dyingbreeds_" "2025-10-18 04:00:52", "1617427", "119.199.107.160:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/119.199.107.160", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:52", "1617428", "222.104.130.91:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/222.104.130.91", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:51", "1617421", "119.197.86.48:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/119.197.86.48", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:51", "1617422", "114.29.89.96:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/114.29.89.96", "AS38669,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:51", "1617423", "14.39.94.118:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/14.39.94.118", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:51", "1617424", "121.131.45.82:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/121.131.45.82", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:50", "1617417", "202.128.23.121:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/202.128.23.121", "AS3605,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:50", "1617418", "61.76.128.209:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/61.76.128.209", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:50", "1617419", "138.19.136.60:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/138.19.136.60", "AS9269,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:50", "1617420", "110.35.142.86:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/110.35.142.86", "AS9569,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:49", "1617414", "42.98.205.186:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/42.98.205.186", "AS4760,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:49", "1617415", "116.49.241.4:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/116.49.241.4", "AS4760,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:49", "1617416", "69.14.17.104:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/69.14.17.104", "AS12083,Botnet,byob,C2,censys,WOW-INTERNET", "0", "dyingbreeds_" "2025-10-18 04:00:48", "1617412", "71.79.103.3:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/71.79.103.3", "AS10796,Botnet,byob,C2,censys,TWC-10796-MIDWEST", "0", "dyingbreeds_" "2025-10-18 04:00:48", "1617413", "89.23.240.21:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/89.23.240.21", "AS42541,Botnet,byob,C2,censys,FIBERBY", "0", "dyingbreeds_" "2025-10-18 04:00:47", "1617411", "218.212.157.249:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/218.212.157.249", "AS55430,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:41", "1617410", "137.220.145.250:443", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-10-18 04:02:23", "100", "https://search.censys.io/hosts/137.220.145.250", "AS152194,C2,censys,RAT", "0", "dyingbreeds_" "2025-10-18 04:00:24", "1617409", "172.94.111.55:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-10-20 00:44:59", "100", "https://search.censys.io/hosts/172.94.111.55", "AS9009,C2,censys,M247,RAT", "0", "dyingbreeds_" "2025-10-18 04:00:20", "1617408", "87.121.79.106:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-10-20 00:47:52", "90", "https://search.censys.io/hosts/87.121.79.106", "AS213725,C2,censys,UK-03AI", "0", "dyingbreeds_" "2025-10-18 04:00:19", "1617407", "185.112.144.245:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-10-20 00:45:20", "90", "https://search.censys.io/hosts/185.112.144.245", "AS44925,C2,censys,THE-1984-AS", "0", "dyingbreeds_" "2025-10-18 04:00:14", "1617406", "8.134.255.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-18 04:01:38", "100", "https://search.censys.io/hosts/8.134.255.60", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:13", "1617405", "47.108.21.186:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:45", "100", "https://search.censys.io/hosts/47.108.21.186", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:12", "1617404", "114.67.98.107:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-18 04:01:38", "100", "https://search.censys.io/hosts/114.67.98.107", "AS138421,C2,censys", "0", "dyingbreeds_" "2025-10-18 04:00:11", "1617403", "188.137.180.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-10-20 00:49:24", "100", "https://search.censys.io/hosts/188.137.180.79", "AS211381,C2,censys,PODAON", "0", "dyingbreeds_" "2025-10-18 04:00:08", "1617402", "tubifly.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/104.168.135.13+tubifly.com", "AS54290,C2,censys,HOSTWINDS", "0", "dyingbreeds_" "2025-10-18 03:58:37", "1617401", "8321.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 03:47:18", "1617400", "324.54o477354.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 03:38:26", "1617399", "04137.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 03:35:06", "1617398", "193.161.193.99:37356", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-10-18 03:28:07", "1617397", "984.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 03:17:50", "1617396", "5002201.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 03:23:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 03:08:01", "1617395", "620714.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 02:57:40", "1617394", "45019.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 02:47:23", "1617393", "1205.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 02:38:37", "1617392", "777.60e533569.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 02:27:08", "1617391", "581004.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 02:17:20", "1617390", "34972.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 02:08:03", "1617389", "028.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-10-18 02:10:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 01:58:17", "1617388", "7652190.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 01:47:59", "1617387", "100587.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 01:37:44", "1617386", "9023.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 01:27:53", "1617385", "431.11u812580.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 01:17:36", "1617384", "889.08u073852.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 01:07:18", "1617383", "05a9.08u073852.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-10-18 00:57:32", "1617382", "3007812.08u073852.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 845