################################################################
# ThreatFox IOCs: recent domains - CSV format                  #
# Last updated: 2026-01-09 18:09:36 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter"
"2026-01-09 18:09:36", "1700173", "bielzingl-59529.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260109-p6b63sby6h", "C2,domain,njrat,triage", "0", "DonPasci"
"2026-01-09 18:07:10", "1700170", "api.alexanderprojectmanagement.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-09 18:07:13", "100", "False", "https://tria.ge/260109-tkgxnahx5h", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-09 18:07:00", "1700169", "logs.go88.se.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-09 18:07:06", "100", "False", "https://tria.ge/260109-tkgxnahx5h", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-09 18:03:05", "1700167", "proud-dawn-88929.pktriot.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260109-wbtwzacw3b", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-09 17:41:25", "1700162", "www.80win.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5fedfef844dedbe142eddea554560d3701207040bcbda3685d23319b973ac64a/", "quasar", "0", "abuse_ch"
"2026-01-09 17:41:24", "1700161", "www.0uyy41.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5fedfef844dedbe142eddea554560d3701207040bcbda3685d23319b973ac64a/", "quasar", "0", "abuse_ch"
"2026-01-09 17:41:17", "1700160", "motphimr.sh", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-01-09 18:07:28", "75", "False", "https://bazaar.abuse.ch/sample/5fedfef844dedbe142eddea554560d3701207040bcbda3685d23319b973ac64a/", "quasar", "0", "abuse_ch"
"2026-01-09 17:41:16", "1700159", "motfimchill.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-01-09 18:07:28", "75", "False", "https://bazaar.abuse.ch/sample/5fedfef844dedbe142eddea554560d3701207040bcbda3685d23319b973ac64a/", "quasar", "0", "abuse_ch"
"2026-01-09 17:41:15", "1700158", "motchillie.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-01-09 18:07:28", "75", "False", "https://bazaar.abuse.ch/sample/5fedfef844dedbe142eddea554560d3701207040bcbda3685d23319b973ac64a/", "quasar", "0", "abuse_ch"
"2026-01-09 17:36:41", "1700152", "www.ikukuomaproject2026backup2.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/5431cf9e20f237f5ab64332223fcc87a6d88fe4568518a14df0ee18fbdf8cc49/", "remcos", "0", "abuse_ch"
"2026-01-09 17:36:40", "1700151", "www.ikukuomaproject2026backup1.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/5431cf9e20f237f5ab64332223fcc87a6d88fe4568518a14df0ee18fbdf8cc49/", "remcos", "0", "abuse_ch"
"2026-01-09 17:36:39", "1700150", "www.ikukuomaproject2026.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/5431cf9e20f237f5ab64332223fcc87a6d88fe4568518a14df0ee18fbdf8cc49/", "remcos", "0", "abuse_ch"
"2026-01-09 17:36:22", "1700149", "leehoi02.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/f8341e72d93e2964776226002a496fa4584419c589329e239e315c1eda3aa2a6/", "xworm", "0", "abuse_ch"
"2026-01-09 17:08:41", "1700137", "fallbeginner.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch"
"2026-01-09 17:08:41", "1700138", "runhouses.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch"
"2026-01-09 16:48:53", "1700084", "schedule.eznosdrivingschool.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "False", "", "SocGholish,tds", "0", "rmceoin"
"2026-01-09 16:48:53", "1700086", "obsidianmidnight.top", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-09 15:07:12", "100", "True", "https://infosec.exchange/@monitorsg/115865762330577828", "SmartApeSG", "0", "monitorsg"
"2026-01-09 16:09:43", "1700122", "folkwakes.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/007034737725b4537efd35585b7e0f3751f641b0c7ef1495f1817e0c9b26842b", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-09 16:08:18", "1700119", "furlabase.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/d27474842c4ab1983ac5e274ee7b7ad6f6bc50353ca650af5f6362d97a014327", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-09 16:06:42", "1700118", "argoflyleens.world", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/1caaa1024fae973a94687137cdd2452897f8db7a660dd78389088aa3d9354468", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-09 16:04:35", "1700117", "ursamade.space", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/4f325366ac906fd62e4336c371fac8f54a7da9e834c2af189b8f0951f6f8930b", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-09 16:03:00", "1700108", "accindexer.space", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/375bb2ea42fb2f959f0aa5c05a927f100aa9a704ce9f2084fe9269cee49b48fe", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-09 16:01:30", "1700105", "foldexmoon.today", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/59e7ecbafa65d90d0d8541c368d91643addefac83ac00696f0434c7547a68a75", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-09 15:58:50", "1700104", "jmpbowl.today", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/db172add02c083e39cf83d8e8226f760184e6edecfaefba6c4c05afb4c7be7ff", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-09 15:56:52", "1700103", "jmpbowl.world", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/47663a7704ffe36c270ba206b920cad75e6ddc20a3880f62f63b1567bdacf16f", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-09 15:53:01", "1700102", "torducks.fun", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/9db3bbb449813f331b023d9c23347e3232823eee3eeea57ad7527514540518b9", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-09 15:51:00", "1700101", "barbermoo.world", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/fb1700a80f4a70c045eb1236623c5ea72ef5aa5e18a0f45582d398af65c7ccfa", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-09 15:45:57", "1700100", "logs.gemwin.me", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/4726d66f1b8658da43e436c8ac365e3e7d94a46f87db622059536164efab6e1b/", "asyncrat", "0", "abuse_ch"
"2026-01-09 15:45:53", "1700099", "go88.se.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-09 18:07:00", "75", "False", "https://bazaar.abuse.ch/sample/4726d66f1b8658da43e436c8ac365e3e7d94a46f87db622059536164efab6e1b/", "asyncrat", "0", "abuse_ch"
"2026-01-09 15:45:51", "1700098", "download.gemwin.me", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-09 18:07:20", "75", "False", "https://bazaar.abuse.ch/sample/4726d66f1b8658da43e436c8ac365e3e7d94a46f87db622059536164efab6e1b/", "asyncrat", "0", "abuse_ch"
"2026-01-09 15:45:49", "1700097", "client.gemwin.me", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/4726d66f1b8658da43e436c8ac365e3e7d94a46f87db622059536164efab6e1b/", "asyncrat", "0", "abuse_ch"
"2026-01-09 15:45:48", "1700096", "api.gemwin.me", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/4726d66f1b8658da43e436c8ac365e3e7d94a46f87db622059536164efab6e1b/", "asyncrat", "0", "abuse_ch"
"2026-01-09 15:45:46", "1700095", "alexanderprojectmanagement.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-09 18:07:10", "75", "False", "https://bazaar.abuse.ch/sample/4726d66f1b8658da43e436c8ac365e3e7d94a46f87db622059536164efab6e1b/", "asyncrat", "0", "abuse_ch"
"2026-01-09 15:22:35", "1700093", "wto.azl.one", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-09 15:22:35", "1700094", "wto.mir-massage.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-09 13:11:20", "1700080", "winrler.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-09 13:10:20", "100", "True", "https://infosec.exchange/@monitorsg/115865302817718428", "KongTuke", "0", "monitorsg"
"2026-01-09 13:08:43", "1700077", "wde.azl.one", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-09 13:08:43", "1700078", "wde.mir-massage.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-09 13:02:16", "1699982", "27001-online.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "False", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:50:30", "1700072", "ssl.googletls.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-09 17:59:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-09 12:46:29", "1700063", "tarabridals.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:29", "1700064", "tenforjustice.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:29", "1700065", "thefrugalengineers.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:29", "1700066", "theoutfield.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:29", "1700067", "unitscale.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:29", "1700068", "victorcrafter.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:29", "1700069", "wakeupcalltofarmers.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:29", "1700070", "wearecarne.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:29", "1700071", "worldofmerix.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700048", "printeritsupport.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700049", "recruiting-101.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700050", "romconinc.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700051", "sagesblogtours.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700052", "sailportsmouthnh.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700053", "www.scrabblestop.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700054", "screenkeys.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700055", "uw3some.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700056", "sirensofsuspense.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700057", "slackersline.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700058", "slowrideguide.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700059", "smashthefat.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700060", "stephenkneale.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700061", "sundayfundayfw.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:28", "1700062", "sunstaribike.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700033", "lamarinalivinglab.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700034", "www.lgmobilephones.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700035", "loftinnovation.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700036", "www.masonryofdenver.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700037", "metalapolis.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700038", "momragepodcast.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700039", "mybakingadventures.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700040", "nachomamasgrilledcheese.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700041", "neighborhoodsquare.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700042", "nicefashion.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700043", "www.no-name-yet.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700044", "nwrlibrary.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700045", "oceanliteracydialogues.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700046", "www.old-jewel.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:27", "1700047", "philosophy-forum.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700016", "www.greatbritishdogwalk.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700017", "greenann.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700018", "gumbootrestaurant.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700019", "hair-of-the-dog.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700020", "www.hermeneuticchaosjournal.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700021", "highprinttech.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700022", "ijamworld.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700023", "indiestickerpack.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700024", "inkandglue.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700025", "inkyfingersandribbon.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700026", "interferenceinc.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700027", "irchlb.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700028", "jumpforcemods.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700029", "k-1world.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700030", "kbnetgearrouter.net", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700031", "keykaloupatterns.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:26", "1700032", "lalasicecream.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700000", "cherrypharm.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700001", "chiangmaibest.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700002", "chrislarkinguitars.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700003", "www.chrom-art.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700004", "www.chronicmomlife.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700005", "crack-watch.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700006", "www.dartmoor-railway-sa.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700007", "databaserepair.net", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700008", "www.delegatesunbound.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700009", "digiskillsmap.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700010", "districthardware.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700011", "diversityinbrewing.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700012", "doradaar.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700013", "extraspecialpeople.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700014", "flyuavi.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:25", "1700015", "s100-manuals.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699983", "2c1c.net", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699984", "4cats2.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699985", "anambcn.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699986", "arts-kids.org", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699987", "arttwo50.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699988", "as24220.net", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699989", "bambootreerestaurants.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699990", "banbaoworld.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699991", "bestfreetraffic.net", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699992", "www.blog-growth.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699993", "stuffimakemyhusband.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699994", "boreidesign.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699995", "businessguysonbusinesstrips.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699996", "cambridgeprints.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699997", "carltonforestgroup.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699998", "chalkieandthechippy.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 12:46:24", "1699999", "changegout.com", "domain", "payload_delivery", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "https://github.com/GootloaderSites/Files/blob/main/gootloader-urls7jan26.csv", "gootloader", "0", "GootloaderSites"
"2026-01-09 11:55:45", "1699976", "riyaenterprises.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-09 12:03:28", "75", "False", "https://bazaar.abuse.ch/sample/61c14351e70ed5e45470d69468ddc974b09d4afdd053d140897d30f484803ca3/", "asyncrat", "0", "abuse_ch"
"2026-01-09 11:55:43", "1699975", "kbbet.app", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-09 12:03:30", "75", "False", "https://bazaar.abuse.ch/sample/61c14351e70ed5e45470d69468ddc974b09d4afdd053d140897d30f484803ca3/", "asyncrat", "0", "abuse_ch"
"2026-01-09 10:58:24", "1693478", "carryeky.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-09 10:58:24", "1693479", "potassyr.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-09 10:58:24", "1693480", "mecholuq.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-09 10:58:24", "1693481", "profancf.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-09 10:58:24", "1693482", "gowithcu.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-09 10:58:24", "1693483", "clapzdeh.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-09 10:58:24", "1693484", "bloomuje.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-09 10:53:33", "1693477", "frolessmoke.co.za", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/12af4abb0bd394bded4410dfb239a9a0be02bb16c4489764b07eee72f5316602", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-09 10:49:50", "1693476", "www.quick-shares.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-09 17:59:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-09 08:00:28", "1693431", "fir.azl.one", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-09 08:00:28", "1693432", "fir.mir-massage.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-09 06:47:10", "1693246", "mcafeeupdates.com", "domain", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "", "95", "False", "None", "APT41,ShadowPad", "0", "pancak3lullz"
"2026-01-09 06:47:09", "1693304", "frttsch.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-09 05:06:00", "100", "True", "https://infosec.exchange/@monitorsg/115859872162369620", "KongTuke", "0", "monitorsg"
"2026-01-09 06:47:08", "1693307", "roadmap.lifeinsurancemasters.net", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "False", "", "SocGholish,tds", "0", "rmceoin"
"2026-01-09 06:47:06", "1693328", "foresposition.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-08 17:08:38", "100", "True", "https://infosec.exchange/@monitorsg/115860577134868679", "SmartApeSG", "0", "monitorsg"
"2026-01-09 06:46:59", "1693336", "mercedesheritage.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "True", "https://infosec.exchange/@monitorsg/115860825174651550", "SmartApeSG", "0", "monitorsg"
"2026-01-09 06:46:55", "1693350", "farforshop.cfd", "domain", "botnet_cc", "win.aurastealer", "AURA Stealer,AURASTEAL", "Aura Stealer", "", "100", "False", "", "Aura,Aura Stealer,Domain,Stealer", "0", "RacWatchin8872"
"2026-01-09 06:02:47", "1693415", "ZobyYog3nyah123-35769.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260109-d88ghscx9c", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-09 02:49:28", "1693401", "bbb.flash-china.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-09 17:58:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-09 00:11:16", "1693392", "wey.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-09 06:03:31", "75", "False", "https://bazaar.abuse.ch/sample/0a4275368b5526f7c7276a4155f4e54e531f252659224efa27f63b1e074b4455/", "asyncrat", "0", "abuse_ch"
"2026-01-09 00:11:06", "1693391", "hhz.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-09 06:03:36", "75", "False", "https://bazaar.abuse.ch/sample/0a4275368b5526f7c7276a4155f4e54e531f252659224efa27f63b1e074b4455/", "asyncrat", "0", "abuse_ch"
"2026-01-08 23:01:01", "1693370", "www.gangotri.edu.np", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-09 00:03:48", "100", "False", "https://search.censys.io/hosts/45.143.166.57+www.gangotri.edu.np", "AS62005,BV-EU-AS,C2,censys", "0", "dyingbreeds_"
"2026-01-08 23:00:07", "1693360", "henry.xx.kg", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/47.79.93.137+henry.xx.kg", "AS45102,C2,censys", "0", "dyingbreeds_"
"2026-01-08 23:00:06", "1693359", "sxwa.nxjwl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/103.194.107.168+sxwa.nxjwl.com", "AS138995,C2,censys", "0", "dyingbreeds_"
"2026-01-08 20:04:12", "1693356", "login.ciberseguridad-eia.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-08 23:02:23", "100", "False", "https://search.censys.io/hosts/45.33.88.161+login.ciberseguridad-eia.xyz", "AKAMAI-LINODE-AP,AS63949,censys,EvilGinx,panel,Phishing", "0", "DonPasci"
"2026-01-08 20:04:11", "1693354", "join.ciberseguridad-eia.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-08 23:02:23", "100", "False", "https://search.censys.io/hosts/45.33.88.161+join.ciberseguridad-eia.xyz", "AKAMAI-LINODE-AP,AS63949,censys,EvilGinx,panel,Phishing", "0", "DonPasci"
"2026-01-08 20:04:11", "1693355", "outlook.ciberseguridad-eia.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-08 23:02:22", "100", "False", "https://search.censys.io/hosts/45.33.88.161+outlook.ciberseguridad-eia.xyz", "AKAMAI-LINODE-AP,AS63949,censys,EvilGinx,panel,Phishing", "0", "DonPasci"
"2026-01-08 20:03:53", "1693352", "sonbaharindirimi.sbs", "domain", "botnet_cc", "apk.hook", "None", "Hook", "2026-01-08 23:00:57", "100", "False", "https://search.censys.io/hosts/172.67.187.72+sonbaharindirimi.sbs", "AS13335,C2,censys,CLOUDFLARENET,Hookbot", "0", "DonPasci"
"2026-01-08 18:03:03", "1693334", "ewaewaeawwe-47532.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260108-sesarstpcj", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-08 15:23:26", "1693316", "arvrestbnkonline.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://www.virustotal.com/gui/file/92b7676cdd9d4fe6793691201f4e8a8e68a575409be59fc6c231252a0ee0e969", "c2,connectwise,domain,rat,screenconnect,virustotal", "0", "DonPasci"
"2026-01-08 14:51:31", "1693314", "vci.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 18:07:59", "75", "False", "https://bazaar.abuse.ch/sample/0f523040c10857d5e03c5f0f88eefee85518ee22505f3a1f5850dcb12a70c94f/", "asyncrat", "0", "abuse_ch"
"2026-01-08 14:50:45", "1693313", "bbq.us.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 18:08:04", "75", "False", "https://bazaar.abuse.ch/sample/0f523040c10857d5e03c5f0f88eefee85518ee22505f3a1f5850dcb12a70c94f/", "asyncrat", "0", "abuse_ch"
"2026-01-08 14:46:44", "1693312", "sdancecompany.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 18:08:09", "75", "False", "https://bazaar.abuse.ch/sample/b11d93643cc7e3fbb44a141f3ae2251ce428f736e18aebf9e5a5a9b02dbbe2db/", "asyncrat", "0", "abuse_ch"
"2026-01-08 14:46:42", "1693311", "royalweddingcars.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 18:08:16", "75", "False", "https://bazaar.abuse.ch/sample/b11d93643cc7e3fbb44a141f3ae2251ce428f736e18aebf9e5a5a9b02dbbe2db/", "asyncrat", "0", "abuse_ch"
"2026-01-08 14:46:03", "1693310", "cce.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 18:08:12", "75", "False", "https://bazaar.abuse.ch/sample/b11d93643cc7e3fbb44a141f3ae2251ce428f736e18aebf9e5a5a9b02dbbe2db/", "asyncrat", "0", "abuse_ch"
"2026-01-08 14:45:44", "1693309", "antiglare.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 18:08:25", "75", "False", "https://bazaar.abuse.ch/sample/b11d93643cc7e3fbb44a141f3ae2251ce428f736e18aebf9e5a5a9b02dbbe2db/", "asyncrat", "0", "abuse_ch"
"2026-01-08 14:02:00", "1693302", "www.luongsontv3.tv", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74/", "asyncrat", "0", "abuse_ch"
"2026-01-08 14:01:57", "1693301", "www.luongsontv1.tv", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74/", "asyncrat", "0", "abuse_ch"
"2026-01-08 14:01:56", "1693300", "www.luongsontv.tv", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74/", "asyncrat", "0", "abuse_ch"
"2026-01-08 14:01:23", "1693299", "luongsontv2.tv", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 18:08:37", "75", "False", "https://bazaar.abuse.ch/sample/93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74/", "asyncrat", "0", "abuse_ch"
"2026-01-08 14:01:13", "1693298", "luongsontv.io", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 18:08:40", "75", "False", "https://bazaar.abuse.ch/sample/93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74/", "asyncrat", "0", "abuse_ch"
"2026-01-08 13:46:37", "1693297", "afonoditrixdxcomplany.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "False", "https://search.censys.io/hosts/158.94.208.89", "c2,censys,domain,Latrodectus", "0", "DonPasci"
"2026-01-08 13:43:59", "1693296", "oasioncounertstrike.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "False", "https://search.censys.io/hosts/91.92.242.67", "c2,censys,domain,Latrodectus", "0", "DonPasci"
"2026-01-08 13:40:06", "1693294", "gti.azl.one", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-08 13:40:06", "1693295", "gti.mir-massage.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-08 13:38:15", "1693291", "wewekikilopsterstakan.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "False", "https://threatfox.abuse.ch/ioc/1646053/", "c2,domain,Latrodectus", "0", "DonPasci"
"2026-01-08 12:39:18", "1693289", "relays.zyabozadpap.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://tria.ge/260108-kx1e4aez3a", "c2,ConnectWise,domain,rat,screenconnect,triage", "0", "DonPasci"
"2026-01-08 12:32:07", "1693287", "barbermoo.top", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 12:32:07", "1693288", "ballfrank.top", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 12:26:47", "1693285", "argoflyleens.coupons", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/ad00067d7e167220162331def9993691d9917ced17d9f4757aa3fdd38f861fdb", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 12:25:22", "1693284", "groovyfox.top", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 12:24:07", "1693283", "ballfrank.fun", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/1719098aee8451a12993ca39af950eb2295a4cee5397f433e11b5da11bee2485", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 12:22:51", "1693282", "groovyfox.fun", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/650bc797b00751fe300806209e020cca8c9212ebbc69ce2ae1dc5e801c9a284a", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 12:21:25", "1693281", "barbermoo.fun", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/1674ae195be7ce1e6fc606bcf4bbf0779a77dbf5f2650d100bf5da956c26c1b6", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 12:19:41", "1693280", "foldexmoon.top", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/c2c6bc04a5dd3395105df6dc1a6371576ba3cd6f51448f1fbe996ca8b32f3878", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 12:17:34", "1693279", "clausdoom.co.za", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/934bde8087e2d06a38fcd25bc364fe54c36a54236e25582d89c4192b2c5a1031", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 12:13:11", "1693278", "jmpbowl.top", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/311fe766513b7428f7039cc1d0ea3f49a86870f24bbf49b482dc127be0ff5300", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 12:11:33", "1693276", "foldexmoon.space", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 12:11:33", "1693277", "foldexmoon.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 12:10:24", "1693275", "goalblistr.ydns.eu", "domain", "botnet_cc", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "100", "False", "https://tria.ge/260108-mgrt5ayncp", "avemariarat,C2,domain,rat,triage,warzonerat", "0", "DonPasci"
"2026-01-08 12:09:43", "1693274", "foldexmoon.fun", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-01-08 12:11:33", "100", "False", "https://www.virustotal.com/gui/file/35e66b12b6c346f77156394b1135178520263abc6692b5828fa8e35916e41edd", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 12:07:54", "1693271", "claus2doom.es", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 12:07:54", "1693272", "claus4doom.es", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 12:07:54", "1693273", "claus5doom.es", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 12:05:49", "1693270", "claus3doom.es", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/4bb18ae6081c7cbe4bc7e0237b68dd643b08d6e4a62ee70d422fa918fb2a5611", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 12:04:27", "1693269", "api.qq88.za.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 12:04:29", "100", "False", "https://tria.ge/260108-lc9zgafs4c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 12:04:12", "1693265", "www.story-diary.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 12:04:15", "100", "False", "https://tria.ge/260108-mecx7aymep", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 12:04:09", "1693264", "foldexmoon.coupons", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/745db959459d1d005b375e787cbb8ee355ccac16565e4099a07a765770918e8e", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 12:02:52", "1693257", "argoflyleens.fun", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 12:02:48", "1693256", "2.tcp.cpolar.cn", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260108-mc5v7aymcm", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-08 12:02:00", "1693255", "ballfrank.shop", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/9e0feef17bb2589ec71eb8ea03eae46a6275f43af90ddac74960bf7a0cdc0f7e", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 12:00:31", "1693254", "jmpbowl.shop", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/745db959459d1d005b375e787cbb8ee355ccac16565e4099a07a765770918e8e", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 11:58:56", "1693253", "groovyfox.space", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/04af1bd4b6f7ddd0a684f58fdd4275c67b9e66349e8869fdc731088858f890b4", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 11:57:28", "1693252", "elfrodbloom.coupons", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/c38864e05392265f9e63a823c40937aeb5ed41a2c702b190b46e7ad6aa902288", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 11:56:02", "1693251", "barbermoo.coupons", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/c1d55bc5e3605b098a05e567cd19c881f8be0c6558f653ad357b3f43b6be3492", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 11:50:01", "1693250", "barbermoo.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/14285ac74a3e6de1720e7bdf5cef243b3d455c70da5f22715ff52d012abec8e3", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 11:48:34", "1693249", "elfrodbloom.space", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/fbaddcfdb4a308f943515f2cd6688bc7ea825bdd53c217e7341c41b3ef74d8ee", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 11:47:23", "1693247", "groovyfox.shop", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 11:47:23", "1693248", "groovyfox.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 11:45:13", "1693245", "jmpbowl.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/93449dcf4b1cfc477746b1b754d145a296f8e6fb5bc07264188fbac7445b5e15", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 11:43:41", "1693244", "ballfrank.coupons", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 11:41:28", "1693243", "claus5doom.co.za", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-08 11:13:33", "1693242", "claus3doom.co.za", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/03a0c96f035ada1cd247e639482006347a57cd4da275bfbfbb0022dcb5589bad", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 11:03:30", "1693238", "folkband.fun", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/5c48eb3be6bd1165604b6d4796c46ce7a18f5a5492a7d7a3363c6c2628fd2d12", "c2,domain,macsync,stealer,VirusTotal", "0", "DonPasci"
"2026-01-08 11:01:47", "1693231", "claus2doom.co.za", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/57840c740eda337d8a1f6ea83e3fbe1a311c169f8b59abe36c4960c11d6d6fe7", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-01-08 10:21:02", "1693227", "rnk.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 12:04:21", "75", "False", "https://bazaar.abuse.ch/sample/787067428d9b1627cb65ad6dc2de51ff88e96078e45f3aea1ef00392e05d4c9a/", "asyncrat", "0", "abuse_ch"
"2026-01-08 10:20:56", "1693226", "novasghey.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 12:04:25", "75", "False", "https://bazaar.abuse.ch/sample/787067428d9b1627cb65ad6dc2de51ff88e96078e45f3aea1ef00392e05d4c9a/", "asyncrat", "0", "abuse_ch"
"2026-01-08 10:20:49", "1693225", "educationcentre.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 12:04:17", "75", "False", "https://bazaar.abuse.ch/sample/787067428d9b1627cb65ad6dc2de51ff88e96078e45f3aea1ef00392e05d4c9a/", "asyncrat", "0", "abuse_ch"
"2026-01-08 10:20:41", "1693224", "bgh4.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 12:04:19", "75", "False", "https://bazaar.abuse.ch/sample/787067428d9b1627cb65ad6dc2de51ff88e96078e45f3aea1ef00392e05d4c9a/", "asyncrat", "0", "abuse_ch"
"2026-01-08 09:52:30", "1693161", "cadjehounthrenody.com", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "", "100", "False", "https://bazaar.abuse.ch/sample/03d82d139e426e0681491151774ecb233deadc70851328a3ce623dcf8988baa8/", "DeerStealer", "0", "abuse_ch"
"2026-01-08 09:32:29", "1693097", "app.zyabozadpap.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "2026-01-08 12:39:18", "100", "False", "https://bazaar.abuse.ch/sample/3f2de9f29834ca7fb64dc53ac7415e9903b1cfb23e52b1b0a28dc08798c2f790/", "ConnectWise,ScreenConnect", "0", "abuse_ch"
"2026-01-08 09:31:23", "1693096", "peropanel.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "abuse_ch"
"2026-01-08 09:27:12", "1693094", "predovec.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-08 09:09:23", "100", "True", "https://infosec.exchange/@monitorsg/115858693138339990", "KongTuke", "0", "monitorsg"
"2026-01-08 08:26:08", "1693065", "xoclo.fordvungtau.com.vn", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "https://bazaar.abuse.ch/sample/088b1ec37bd2bd85f5ed2371e19cb852049eb8cae03e27cd6b1f270548a8e0ae/", "Mirai", "0", "abuse_ch"
"2026-01-08 07:59:19", "1693044", "ttu.azl.one", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-08 07:59:19", "1693045", "ttu.mir-massage.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-08 07:59:19", "1693046", "cph.tfba.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-08 07:59:19", "1693047", "cph.kievteplo.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-08 06:10:48", "1692754", "buradabmwking.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/15b77bfce146c89b6fa1177af63a1e40e59843ae122e20882b0c0dc17bb7a369/", "c2,MicroStealer", "0", "burger"
"2026-01-08 06:10:38", "1692722", "secure-signal.info", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/c0900fed685ecf4bc6816d16edeb0677562d2bc3d0730df7e8f9a6e21f97889c/", "BRAT,C2,RAT", "0", "burger"
"2026-01-08 06:07:35", "1693033", "trfvbhi.unrwpeifdot.info", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:07:35", "100", "False", "https://tria.ge/260108-bn7ndabs4d", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:07:33", "1693032", "connect.dadumaster.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:09:09", "100", "False", "https://tria.ge/260108-d6pavsgs7c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:07:32", "1693031", "connect.psyca.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:09:09", "100", "False", "https://tria.ge/260108-d6pavsgs7c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:07:30", "1693030", "connect.avan.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:09:08", "100", "False", "https://tria.ge/260108-d6pavsgs7c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:07:28", "1693029", "connect.cim.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:09:08", "100", "False", "https://tria.ge/260108-d6pavsgs7c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:07:27", "1693028", "connect.danhdeonline.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:09:08", "100", "False", "https://tria.ge/260108-d6pavsgs7c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:07:25", "1693027", "connect.emi.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:09:08", "100", "False", "https://tria.ge/260108-d6pavsgs7c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:07:22", "1693026", "connect.vn88a.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:09:08", "100", "False", "https://tria.ge/260108-d6pavsgs7c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:07:20", "1693025", "connect.bong88.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:09:08", "100", "False", "https://tria.ge/260108-d6pavsgs7c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:07:18", "1693024", "connect.gizmodo.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:09:07", "100", "False", "https://tria.ge/260108-d6pavsgs7c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:07:15", "1693022", "paw6f2wjk.localto.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:07:15", "100", "False", "https://tria.ge/260108-eltkhsvlap", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:07:15", "1693023", "connect.form.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:09:07", "100", "False", "https://tria.ge/260108-d6pavsgs7c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-08 06:03:37", "1693020", "n.gochatx.mov", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260108-emn2esvlcm", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2026-01-08 04:26:41", "1692823", "v4.vlxx.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9b53faf852762f014faf4f57c1aa35bbad9e754dce48973476ab561e710ee5d1/", "asyncrat", "0", "abuse_ch"
"2026-01-08 04:26:39", "1692822", "v4.phimmoiz.dev", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9b53faf852762f014faf4f57c1aa35bbad9e754dce48973476ab561e710ee5d1/", "asyncrat", "0", "abuse_ch"
"2026-01-08 04:26:37", "1692821", "v3.vlxx.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:09:07", "75", "False", "https://bazaar.abuse.ch/sample/9b53faf852762f014faf4f57c1aa35bbad9e754dce48973476ab561e710ee5d1/", "asyncrat", "0", "abuse_ch"
"2026-01-08 04:26:36", "1692820", "v3.phimmoiz.dev", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9b53faf852762f014faf4f57c1aa35bbad9e754dce48973476ab561e710ee5d1/", "asyncrat", "0", "abuse_ch"
"2026-01-08 04:26:35", "1692819", "v2.vlxx.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9b53faf852762f014faf4f57c1aa35bbad9e754dce48973476ab561e710ee5d1/", "asyncrat", "0", "abuse_ch"
"2026-01-08 04:26:33", "1692818", "v2.phimmoiz.dev", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9b53faf852762f014faf4f57c1aa35bbad9e754dce48973476ab561e710ee5d1/", "asyncrat", "0", "abuse_ch"
"2026-01-08 04:26:32", "1692817", "v1.vlxx.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 12:45:12", "75", "False", "https://bazaar.abuse.ch/sample/9b53faf852762f014faf4f57c1aa35bbad9e754dce48973476ab561e710ee5d1/", "asyncrat", "0", "abuse_ch"
"2026-01-08 04:26:30", "1692816", "v1.phimmoiz.dev", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9b53faf852762f014faf4f57c1aa35bbad9e754dce48973476ab561e710ee5d1/", "asyncrat", "0", "abuse_ch"
"2026-01-08 03:21:05", "1692803", "form.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/f41c17f9bba9c25464b3055ba41f032a93384306dc1c555f62ef4b83f44fe751/", "asyncrat", "0", "abuse_ch"
"2026-01-08 03:15:54", "1692802", "gizmodo.co.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/e582a6b95ad02b028a3cef7c8b0989cb9add3bba91008f43d80bde34e2dd22df/", "quasar", "0", "abuse_ch"
"2026-01-08 03:15:47", "1692801", "dadumaster.co.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/e582a6b95ad02b028a3cef7c8b0989cb9add3bba91008f43d80bde34e2dd22df/", "quasar", "0", "abuse_ch"
"2026-01-08 00:03:43", "1692791", "alphalaval.testingweblink.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-08 11:00:29", "100", "False", "https://search.censys.io/hosts/188.166.156.56+alphalaval.testingweblink.com", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci"
"2026-01-07 23:00:28", "1692774", "web.nutorus.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-08 00:03:44", "100", "False", "https://search.censys.io/hosts/50.92.58.195+web.nutorus.com", "AS852,C2,censys", "0", "dyingbreeds_"
"2026-01-07 20:48:29", "1692758", "vision.cssc.design", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-09 17:59:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-07 20:48:27", "1692757", "spark.cssc.design", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-09 17:59:03", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-07 20:48:22", "1692756", "nexus.cssc.design", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-09 17:58:46", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-07 19:32:36", "1692730", "zlpiik.sa.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/808fb4904d102f9ca6bc523db3be820d7614230f843ae128ddf86f946e8980f7/", "asyncrat", "0", "abuse_ch"
"2026-01-07 19:32:33", "1692729", "y2matethumbnaildownloader.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/808fb4904d102f9ca6bc523db3be820d7614230f843ae128ddf86f946e8980f7/", "asyncrat", "0", "abuse_ch"
"2026-01-07 19:32:10", "1692728", "tuvrdk.sa.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/808fb4904d102f9ca6bc523db3be820d7614230f843ae128ddf86f946e8980f7/", "asyncrat", "0", "abuse_ch"
"2026-01-07 19:32:06", "1692727", "tfdqcr.sa.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/808fb4904d102f9ca6bc523db3be820d7614230f843ae128ddf86f946e8980f7/", "asyncrat", "0", "abuse_ch"
"2026-01-07 19:31:46", "1692726", "sc88mobi.shop", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/808fb4904d102f9ca6bc523db3be820d7614230f843ae128ddf86f946e8980f7/", "asyncrat", "0", "abuse_ch"
"2026-01-07 19:31:31", "1692725", "karenbrodiephotography.co.uk", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/808fb4904d102f9ca6bc523db3be820d7614230f843ae128ddf86f946e8980f7/", "asyncrat", "0", "abuse_ch"
"2026-01-07 19:30:43", "1692724", "ederh.za.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-08 06:41:03", "75", "False", "https://bazaar.abuse.ch/sample/808fb4904d102f9ca6bc523db3be820d7614230f843ae128ddf86f946e8980f7/", "asyncrat", "0", "abuse_ch"
# Number of entries: 267