################################################################
# ThreatFox IOCs: recent domains - CSV format                  #
# Last updated: 2025-05-12 20:34:55 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2025-05-12 20:34:55", "1520335", "suave0316.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-05-12 20:34:04", "1520333", "aliendemon.no-ip.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots"
"2025-05-12 20:34:04", "1520334", "williamou.no-ip.biz", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots"
"2025-05-12 20:33:47", "1520332", "hackeroibambini-38888.portmap.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "", "c2,nanocore", "0", "juroots"
"2025-05-12 20:33:22", "1520331", "kpnoq8eil.localto.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots"
"2025-05-12 19:56:23", "1520311", "licz.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 19:15:28", "1520303", "balp.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 18:13:58", "1520292", "nygz.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 17:43:11", "1520288", "junm.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 17:26:41", "1520285", "biuropgcnc.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250512-r8cazattaz", "c2,domain,RAT,remcos", "0", "DonPasci"
"2025-05-12 17:26:41", "1520286", "biuropgcncbk.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250512-r8cazattaz", "c2,domain,RAT,remcos", "0", "DonPasci"
"2025-05-12 17:02:16", "1520284", "sulf.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 16:26:29", "1520282", "jipg.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 15:55:48", "1520269", "xelw.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 15:35:21", "1520262", "qupt.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 15:14:54", "1520261", "lykr.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 14:19:33", "1520248", "chinapark.top", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114495031926136972", "SmartApeSG", "0", "monitorsg"
"2025-05-12 14:19:30", "1520252", "www.roammco.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "2025-05-12 14:01:03", "100", "https://infosec.exchange/@monitorsg/114495036382654178", "SocGholish", "0", "monitorsg"
"2025-05-12 14:19:29", "1520251", "totalsolucao.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-12 18:15:00", "100", "https://infosec.exchange/@monitorsg/114495031926136972", "SmartApeSG", "0", "monitorsg"
"2025-05-12 13:53:06", "1520253", "dynk.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 12:54:23", "1520244", "tvmovies.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-12 19:55:24", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-05-12 12:54:23", "1520245", "udevd.microsoftools.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-12 19:55:24", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-05-12 12:02:01", "1520241", "cp.exchangeodds.live", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/81.0.247.170+cp.exchangeodds.live", "AS51167,censys,CONTABO,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-05-12 12:02:00", "1520240", "net-2-45-248-130.cust.vodafonedsl.it", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/2.45.248.130+net-2-45-248-130.cust.vodafonedsl.it", "AS30722,C2,censys,panel,Unam,VODAFONE-IT-ASN", "0", "DonPasci"
"2025-05-12 10:32:28", "1520224", "jeqov.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 10:32:18", "1519952", "tofukai.cfd", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-12 09:53:42", "1520221", "kabla.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-05-12 09:53:41", "1520220", "byamba.webredirect.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-05-12 09:53:22", "1520203", "www.rimeone.fun", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520204", "www.romof.irish", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520205", "www.ronbloodtattoos.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520206", "www.ryt.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520207", "www.scritorioonline.store", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520208", "www.sghgs.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520209", "www.spainproxy129.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520210", "www.tfe2f.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520211", "www.tp-jos178-a1.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520212", "www.ubliccnfdcbqae.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520213", "www.usclecarsales.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520214", "www.ustraliafamilycare.store", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520215", "www.vatardesigns.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520216", "www.vx1s297.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520217", "www.y71751.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520218", "www.yesite.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:22", "1520219", "www.zcc90.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520183", "www.nsitechsolatam.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520184", "www.ntelligenceplatform.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520185", "www.ochafariasbusiness.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520186", "www.odeinfra.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520187", "www.omfortemporium.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520188", "www.ommodity-market-29.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520189", "www.oogleplay.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520190", "www.ordphanter.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520191", "www.ouasd.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520192", "www.oyle-lawgroup.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520193", "www.pblanket.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520194", "www.pcuappconnect-7x.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520195", "www.perturear.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520196", "www.rade-your-teacher.store", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520197", "www.raft-opia.app", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520198", "www.rainontheterrain.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520199", "www.rca-nc-test-13.fyi", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520200", "www.reaatendimento.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520201", "www.reefiremaxapk.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:21", "1520202", "www.ridgingruralcommunities.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520162", "www.iomar.biz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520163", "www.iringpartnersinc.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520164", "www.ishlist.run", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520165", "www.isneyai.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520166", "www.itmap.group", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520167", "www.itness-center-id-5619388.world", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520168", "www.ivajjmahal.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520169", "www.jhekite.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520170", "www.lainfacedproductions.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520171", "www.laza.construction", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520172", "www.lexacons.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520173", "www.ljorge.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520174", "www.llabordage-team.tech", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520175", "www.lus-size-swimsuit.today", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520176", "www.msp672.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520177", "www.naughtbooks.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520178", "www.naycrystalsava.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520179", "www.ncryptchat.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520180", "www.ndreas-marketing.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520181", "www.nipers.digital", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:20", "1520182", "www.notherattributeecosystem.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520141", "www.eilaiquan.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520142", "www.eltatechnologies.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520143", "www.elzz.store", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520144", "www.emzone.asia", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520145", "www.eomappa.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520146", "www.ercowboy.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520147", "www.erityhub.tech", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520148", "www.esignedbyclaire.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520149", "www.etrev.world", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520150", "www.etwaymkrwell.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520151", "www.eviewyourdata.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520152", "www.fghfghf.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520153", "www.gbdth.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520154", "www.gencewebinaire.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520155", "www.gkdemy.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520156", "www.hatchadoin.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520157", "www.hcar.asia", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520158", "www.hescxpoi.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520159", "www.iami-florida-county.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520160", "www.idas-development.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:19", "1520161", "www.implyhome.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520119", "www.ar79872479489.today", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520120", "www.ardedout.store", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520121", "www.arehouse-jobs-52853.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520122", "www.arkettelligence.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520123", "www.arveno.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520124", "www.asereward.cloud", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520125", "www.asternky.university", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520126", "www.ataleague.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520127", "www.avada129.casino", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520128", "www.avada566.casino", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520129", "www.azerian.fun", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520130", "www.b-us-stone-panels-27f.today", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520131", "www.conomicaccelerationzones.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520132", "www.devgirdi.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520133", "www.dgx0i.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520134", "www.eaconfactory.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520135", "www.ealallergystudyhall.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520136", "www.eddingready.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520137", "www.eforcertx5090.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520138", "www.egapay.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520139", "www.egapersoneaals.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:18", "1520140", "www.egapromodealsdirect.world", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520100", "www.3groupe.business", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520101", "www.4249984.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520102", "www.4249987.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520103", "www.4260380.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520104", "www.4260576.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520105", "www.4270911.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520106", "www.4loj.cyou", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520107", "www.6wvpeijflqtm.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520108", "www.8299.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520109", "www.acauchocolateonline.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520110", "www.ahamasskate.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520111", "www.aiasangels.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520112", "www.ailis.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520113", "www.alancedteam.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520114", "www.ameweb.cloud", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520115", "www.aminvip3210.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520116", "www.ammem.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520117", "www.andersbro.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:17", "1520118", "www.ar6toprea.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:16", "1520092", "www.0189.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:16", "1520093", "www.06157.club", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:16", "1520094", "www.0929.locker", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:16", "1520095", "www.0psrx.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:16", "1520096", "www.1500.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:16", "1520097", "www.1kkee321.lat", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:16", "1520098", "www.20840682.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 09:53:16", "1520099", "www.2345bgnrty.lol", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-05-12 08:01:55", "1519944", "csp.posteid-a365.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/81.0.247.170+csp.posteid-a365.com", "AS51167,censys,CONTABO,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-05-12 08:01:54", "1519941", "access.accessingdiba.posteid-a365.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/81.0.247.170+access.accessingdiba.posteid-a365.com", "AS51167,censys,CONTABO,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-05-12 08:01:54", "1519942", "www.exchangeodds.live", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/81.0.247.170+www.exchangeodds.live", "AS51167,censys,CONTABO,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-05-12 08:01:54", "1519943", "c.paypal.posteid-a365.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/81.0.247.170+c.paypal.posteid-a365.com", "AS51167,censys,CONTABO,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-05-12 08:01:27", "1519934", "dazzling-dhawan.94-156-177-241.plesk.page", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/94.156.177.241+dazzling-dhawan.94-156-177-241.plesk.page", "AS214943,AsyncRAT,C2,censys,RAILNET,RAT", "0", "DonPasci"
"2025-05-12 07:47:52", "1519921", "tt.cbrw.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-12 18:47:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-12 07:47:51", "1519923", "coinomi.space", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz"
"2025-05-12 07:43:49", "1519927", "32.aa.4t.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x"
"2025-05-12 06:24:59", "1519901", "botangroup.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://bazaar.abuse.ch/sample/33ae31fda991c819b899db7b7816c72e11465e9101a2f0a132c746730aa49435/", "XWorm", "0", "abuse_ch"
"2025-05-12 05:55:28", "1519888", "sheetmorning.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch"
"2025-05-12 05:54:40", "1519887", "coachhoney.info", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch"
"2025-05-12 05:53:49", "1519884", "institute-trademarks.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-05-12 20:36:25", "50", "", "c2,xworm", "0", "juroots"
"2025-05-12 05:52:55", "1519883", "cursuve.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-05-12 05:52:41", "1519872", "badass3456-45555.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-12 05:52:41", "1519873", "dagodnox.ddns.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-12 05:52:41", "1519874", "elhombre3176-56154.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-12 05:52:41", "1519875", "harbingerofdeath-46635.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-12 05:52:41", "1519876", "haroborobo971-30110.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-12 05:52:41", "1519877", "impala701-47727.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-12 05:52:41", "1519878", "mongrel38-43817.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-12 05:52:41", "1519879", "pearlharbor953-54421.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-12 05:52:41", "1519880", "rawcostura80-56041.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-12 05:52:41", "1519881", "shirosensei2486-37140.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-12 05:52:41", "1519882", "zuckkyrabi198-60433.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-12 05:51:41", "1519867", "members-path.at.playit.gg", "domain", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "2025-05-12 20:34:37", "50", "", "c2,orcus", "0", "juroots"
"2025-05-12 05:51:41", "1519868", "plutoniumxxx.kro.kr", "domain", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "2025-05-12 20:34:37", "50", "", "c2,orcus", "0", "juroots"
"2025-05-12 05:50:59", "1519863", "aprendizleao.no-ip.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots"
"2025-05-12 05:50:59", "1519864", "xxxploit.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots"
"2025-05-12 05:50:41", "1519861", "microsoftdefenderr.serveftp.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "", "c2,nanocore", "0", "juroots"
"2025-05-12 05:50:41", "1519862", "military-nelson.at.playit.gg", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "", "c2,nanocore", "0", "juroots"
"2025-05-12 05:49:47", "1519858", "ss037.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots"
"2025-05-12 05:47:53", "1519845", "view.mexcs.shop", "domain", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "", "c2,kimsuky", "0", "juroots"
"2025-05-12 05:24:05", "1519828", "neguh.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-12 05:01:18", "1519807", "mail.tempoestil.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.132.51.146+mail.tempoestil.com", "AS3132,C2,censys,Mythic", "0", "dyingbreeds_"
"2025-05-12 05:01:17", "1519808", "autodiscover.tempoestil.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.132.51.146+autodiscover.tempoestil.com", "AS3132,C2,censys,Mythic", "0", "dyingbreeds_"
"2025-05-12 05:01:11", "1519806", "webmail.tempoestil.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.132.51.146+webmail.tempoestil.com", "AS3132,C2,censys,Mythic", "0", "dyingbreeds_"
"2025-05-12 05:01:07", "1519801", "sst.zidd0o.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.219.163.113+sst.zidd0o.com", "AS45102,C2,censys", "0", "dyingbreeds_"
"2025-05-12 05:01:06", "1519800", "playnest.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.219.163.113+playnest.tech", "AS45102,C2,censys", "0", "dyingbreeds_"
"2025-05-12 05:00:35", "1519644", "godblessyou.world", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "c2,domain,net support,RAT,remote access", "0", "deccy"
"2025-05-12 05:00:35", "1519645", "blessyoumother.world", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "c2,domain,net support,RAT,remote access", "0", "deccy"
"2025-05-12 05:00:28", "1519827", "traxanhc2.duckdns.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-05-12 11:40:14", "75", "None", "Mirai", "0", "elfdigest"
"2025-05-12 05:00:23", "1519583", "electrurm.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "c2", "0", "ninjacatcher"
"2025-05-12 02:53:11", "1519798", "14j1eqpwe044f.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-12 19:54:53", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-05-12 00:01:34", "1519611", "bestwallet.my-profai.com", "domain", "botnet_cc", "osx.poseidonstealer", "Rodrigo Stealer", "Poseidon Stealer", "", "100", "https://search.censys.io/hosts/104.21.24.105+bestwallet.my-profai.com", "AS13335,C2,censys,CLOUDFLARENET,panel,Poseidon,stealer", "0", "DonPasci"
"2025-05-12 00:01:34", "1519612", "tradingview.little-mouse.xyz", "domain", "botnet_cc", "osx.poseidonstealer", "Rodrigo Stealer", "Poseidon Stealer", "", "100", "https://search.censys.io/hosts/172.67.175.193+tradingview.little-mouse.xyz", "AS13335,C2,censys,CLOUDFLARENET,panel,Poseidon,stealer", "0", "DonPasci"
"2025-05-11 22:24:56", "1519599", "sijyh.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-11 19:39:15", "1519584", "cv.cbrw.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-12 10:31:10", "100", "None", "clearfake", "1", "ttakvam"
"2025-05-11 18:57:14", "1519501", "sorov.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-11 08:54:40", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-11 18:57:14", "1519556", "kepov.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-11 16:52:51", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-11 18:57:13", "1519523", "pexab.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-11 12:14:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-11 18:57:13", "1519557", "ciwid.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-11 17:23:32", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-11 18:57:12", "1519558", "mygar.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-11 17:54:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-11 18:57:12", "1519559", "electrurn.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "c2", "0", "ninjacatcher"
"2025-05-11 18:57:11", "1519560", "electrurn.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "c2", "0", "ninjacatcher"
"2025-05-11 18:56:38", "1519576", "skyprotech.ru", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-12 19:55:23", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-05-11 18:56:26", "1519575", "ns1.shamless.sbs", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-12 19:55:14", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-05-11 18:56:20", "1519574", "metalliko-industr.ru", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-12 19:55:10", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-05-11 18:49:46", "1519572", "lancery.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots"
"2025-05-11 18:42:08", "1519571", "samrat4-56907.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-11 18:41:39", "1519569", "dhaker.ddns.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots"
"2025-05-11 18:41:39", "1519570", "raypun.eastus.cloudapp.azure.com", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots"
"2025-05-11 16:01:25", "1519543", "magical-lumiere.94-156-177-241.plesk.page", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-12 04:00:34", "100", "https://search.censys.io/hosts/94.156.177.241+magical-lumiere.94-156-177-241.plesk.page", "AS214943,AsyncRAT,C2,censys,RAILNET,RAT", "0", "DonPasci"
"2025-05-11 15:13:23", "1519537", "login.mexc-signin.kro.kr", "domain", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "", "c2,kimsuky", "0", "juroots"
"2025-05-11 12:57:29", "1519533", "1re0-61442.portmap.io", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2025-05-12 20:36:25", "50", "", "c2,njrat", "0", "juroots"
"2025-05-11 12:57:15", "1519532", "djkms-32561.portmap.host", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "", "c2,nanocore", "0", "juroots"
"2025-05-11 10:45:29", "1519509", "ftp.fosna.net", "domain", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "50", "https://app.any.run/tasks/dedc8121-54bb-4114-b010-dfe44891d45f", "agenttesla,c2", "0", "juroots"
"2025-05-11 10:42:05", "1519507", "ftp.haliza.com.my", "domain", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "50", "https://app.any.run/tasks/f7429791-e5a7-4c20-9c8d-d1a406a794bf", "agenttesla,c2", "0", "juroots"
"2025-05-11 10:34:56", "1519505", "ftp.hitplas.ro", "domain", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "50", "https://app.any.run/tasks/ff2fa8e5-6770-4288-bb6a-ad0976bc4952", "agenttesla,c2", "0", "juroots"
"2025-05-11 08:15:32", "1519496", "niggerkiller69.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-11 08:01:30", "1519491", "cov.ph4nt0m.fr", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-12 04:00:51", "100", "https://search.censys.io/hosts/85.215.173.244+cov.ph4nt0m.fr", "AS8560,C2,censys,Havoc,IONOS-AS", "0", "DonPasci"
"2025-05-11 08:00:10", "1519477", "irc.xinxin.cam", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-05-11 08:00:10", "50", "", "c2,quasar", "0", "juroots"
"2025-05-11 08:00:10", "1519478", "xenqxd-42269.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots"
"2025-05-11 07:59:53", "1519476", "zizo.myftp.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots"
"2025-05-11 07:59:37", "1519475", "enzomtp.dragonia-pvp.fr", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "", "c2,nanocore", "0", "juroots"
"2025-05-11 07:59:21", "1519474", "dn-master.ddns.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots"
"2025-05-11 06:23:25", "1519457", "fepez.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-11 06:24:02", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-11 06:11:12", "1519424", "www.joydome.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.219.163.113+www.joydome.xyz", "AS45102,C2,censys", "0", "dyingbreeds_"
"2025-05-11 06:11:12", "1519425", "pixelpitstop.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.219.163.113+pixelpitstop.xyz", "AS45102,C2,censys", "0", "dyingbreeds_"
"2025-05-11 06:11:11", "1519426", "gamespheres.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.219.163.113+gamespheres.xyz", "AS45102,C2,censys", "0", "dyingbreeds_"
"2025-05-11 06:11:07", "1519435", "cpcalendars.tempoestil.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.132.51.146+cpcalendars.tempoestil.com", "AS3132,C2,censys,Mythic", "0", "dyingbreeds_"
"2025-05-11 06:11:01", "1519449", "electrunn.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "c2", "0", "ninjacatcher"
"2025-05-11 06:10:57", "1519405", "kyjej.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-10 21:22:06", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-11 06:10:54", "1519406", "jyjev.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-10 22:23:26", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-11 06:10:53", "1519419", "cyleb.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-11 02:23:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-11 06:10:51", "1519235", "araucahkbm.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-05-11 06:10:51", "1519236", "posseswsnc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-05-11 06:10:51", "1519237", "featurlyin.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-05-11 06:10:50", "1519259", "google-chrome.western-servers.net", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "80", "None", "FAKEUPDATES", "0", "pancak3lullz"
"2025-05-11 06:10:50", "1519260", "www.google-chrome.info", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "80", "None", "FAKEUPDATES", "0", "pancak3lullz"
"2025-05-11 06:10:49", "1519244", "fiwyj.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-10 17:19:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-11 06:10:48", "1519233", "flowerexju.bet", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-05-11 06:10:48", "1519234", "easterxeen.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-05-11 06:10:47", "1519227", "wybod.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-10 14:48:29", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-05-11 00:01:31", "1519415", "sliv.ph4nt0m.fr", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-11 04:00:50", "100", "https://search.censys.io/hosts/85.215.173.244+sliv.ph4nt0m.fr", "AS8560,C2,censys,Havoc,IONOS-AS", "0", "DonPasci"
# Number of entries: 250