################################################################
# ThreatFox IOCs: recent domains - CSV format                  #
# Last updated: 2026-02-02 18:03:38 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter"
"2026-02-02 18:03:38", "1740004", "godsgrace.ddns.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260202-pj2hfsfs7e", "C2,domain,nanocore,rat,triage", "0", "DonPasci"
"2026-02-02 18:02:46", "1740002", "bouboubobo1.no-ip.biz", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260202-ps33msfy4h", "C2,domain,njrat,triage", "0", "DonPasci"
"2026-02-02 18:00:30", "1739997", "slrbi356-58189.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260202-sylx4adt3b", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-02-02 18:00:29", "1739995", "darwin151-36102.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260202-wh898sfx6g", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-02-02 18:00:29", "1739996", "Iao-43691.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260202-v8h1asft9b", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-02-02 17:40:31", "1739994", "gnjmmlrgp.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/86cb89401b80e923b1d19dffd71fa321dc37eb493663022ad8261912e8057950/", "xworm", "0", "abuse_ch"
"2026-02-02 16:01:19", "1739992", "r.ciberseguridad-eia.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/45.33.88.161+r.ciberseguridad-eia.xyz", "AKAMAI-LINODE-AP,AS63949,censys,EvilGinx,panel,Phishing", "0", "DonPasci"
"2026-02-02 12:02:31", "1739976", "ArSiJa-51460.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260202-nr6xgacv4f", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2026-02-02 12:01:59", "1739975", "polly.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-02 12:02:01", "100", "False", "https://tria.ge/260202-gwm7lae13e", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-02-02 12:01:56", "1739974", "menangmulu.jp.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-02 12:01:58", "100", "False", "https://tria.ge/260202-gwm7lae13e", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-02-02 12:01:53", "1739973", "mynikevisit.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-02 12:01:56", "100", "False", "https://tria.ge/260202-k7x3qaew4a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-02-02 12:01:50", "1739972", "2kxxrt.sa.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-02 12:01:53", "100", "False", "https://tria.ge/260202-k7x3qaew4a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-02-02 12:01:47", "1739971", "topukluhaber.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-02 12:01:49", "100", "False", "https://tria.ge/260202-k7x3qaew4a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-02-02 12:01:05", "1739965", "wewillwin2026.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260202-mme3hshw8h", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2026-02-02 12:01:04", "1739964", "cee-tyla-006-bkk.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260202-m7xhasaz5e", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2026-02-02 12:01:02", "1739963", "cee-tyla-06.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260202-m7xhasaz5e", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2026-02-02 12:00:35", "1739959", "hkr9915-57340.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260202-nfyrqabv9f", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-02-02 09:05:34", "1739947", "wkaiuahaaxx.icu", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/4304237da4dd9420293819847daac53c6e10cef2880445c305c5e2798b9462e4/", "valleyrat_s2", "0", "abuse_ch"
"2026-02-02 09:03:08", "1739946", "digitechsoft.shop", "domain", "botnet_cc", "win.ducktail", "None", "DUCKTAIL", "", "100", "False", "https://x.com/suyog41/status/2018238746773303360", "c2,domain,DUCKTAIL", "0", "DonPasci"
"2026-02-02 08:46:55", "1739941", "sestraining.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/e59378642b40af2c68ae225500f74eb6413a0da3f00b81413298dfe415184919", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-02-02 08:45:57", "1739939", "awesomecamera.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/924336fab9e7f0c1527551d69abf40d203b58b1394ed7e541db74b8b41d86470", "c2,domain,macsync,stealer,virustotal", "0", "DonPasci"
"2026-02-02 08:38:22", "1739937", "grobrat.ru", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://x.com/Fact_Finder03/status/2017589661557002646", "c2,grobrat,panel,rat", "0", "DonPasci"
"2026-02-02 08:01:25", "1739935", "govearali.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch"
"2026-02-02 08:01:24", "1739934", "ligovera.shop", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch"
"2026-02-02 08:01:23", "1739933", "alianzeg.shop", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch"
"2026-02-02 08:01:21", "1739932", "ztdaliweb.shop", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch"
"2026-02-02 07:36:30", "1739919", "capztoolz.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch"
"2026-02-02 06:36:02", "1739884", "win64autoupdates.top", "domain", "botnet_cc", "win.raccoon", "Mohazo,RaccoonStealer,Racealer,Racoon", "Raccoon", "2026-02-02 18:48:02", "50", "False", "https://tracker.viriback.com/index.php?q=win64autoupdates.top", "Raccoon,ViriBack", "0", "abuse_ch"
"2026-02-02 06:03:22", "1739883", "pdxing-szxmm-0127.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260202-cqkr3abv4f", "C2,domain,rat,triage,valleyrat", "0", "DonPasci"
"2026-02-02 06:02:52", "1739881", "jyyjtjyt-63390.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260202-btawlaa12f", "C2,domain,njrat,triage", "0", "DonPasci"
"2026-02-02 06:01:53", "1739879", "yoenacevedo7-51272.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260202-czhn3abw5e", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2026-02-02 06:01:25", "1739878", "p-el3keto.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-02 06:01:26", "100", "False", "https://tria.ge/260202-dzzs1sbz3a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-02-02 06:01:21", "1739877", "tamasomajyotirgamay.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-02-02 06:01:24", "100", "False", "https://tria.ge/260202-dzzs1sbz3a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-02-02 06:00:27", "1739876", "UnknownRazer-39100.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260202-abss1shv7f", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-02-01 19:30:30", "1739833", "webiz-magazine.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:30", "1739834", "wowlabzstaging.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:30", "1739835", "wehouse.au", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:29", "1739829", "waitv.net", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:29", "1739830", "thietbilanh.cokhiviendong.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:29", "1739831", "willlog7.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:29", "1739832", "vsure.trumpcode.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:28", "1739827", "visa.ourdubaitravel.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:28", "1739828", "touruvaevinho.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:27", "1739824", "tileroofinglasvegas.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:27", "1739825", "tenabl.io", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:27", "1739826", "webdisk.karamelsitges.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:26", "1739820", "tamara.scrappinmonkeys.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:26", "1739821", "soko-jikara.jp", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:26", "1739822", "thetavernonfourth-com.bubars.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:26", "1739823", "theoldschool.sc", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:25", "1739817", "smtp.bldg-restoration.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:25", "1739818", "sultanshopee.ninetysix.in", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:25", "1739819", "techtotalix.com.topmostfreight.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:24", "1739816", "smartpromotions.seanborgmans.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:23", "1739815", "sales.activemedicaresolutions.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:22", "1739814", "rbcleaningmaintenance.ca", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:21", "1739813", "pgadmin.ddsis.com.mx", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:20", "1739808", "odva.wbinnova.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:20", "1739809", "nouralhalaby.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:20", "1739810", "peach.prgss.dev", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:20", "1739811", "obchod.moravskysommelier.cz", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:20", "1739812", "orkayacademy.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:19", "1739806", "nhahang3.umemarketingagency.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:19", "1739807", "newsite.jacquiejordan.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:18", "1739803", "mail.rodasaopaulo.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:18", "1739804", "mail.psicogenealogia.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:18", "1739805", "mail.reclaimyourfunds.org", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:17", "1739798", "mail.lumadigital.net", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:17", "1739799", "mail.newday-gt.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:17", "1739800", "mail.palmettoseasalttherapy.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:17", "1739801", "mail.peablueinteriors.co.uk", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:17", "1739802", "mail.pvu.gbh.mybluehost.me", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:16", "1739790", "mail.genesseevalleygolfcourse.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:16", "1739791", "mail.imeldaespinoza.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:16", "1739792", "mail.istar-vip.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:16", "1739793", "lp.rainhadosconsorcios.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:16", "1739794", "lpdd.co.za", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:16", "1739795", "mail.bennnene.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:16", "1739796", "mail.kvmjcleaning.ca", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:16", "1739797", "mail.diskopumkm-minahasa.my.id", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:15", "1739787", "linanil.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:15", "1739788", "mail.belezamolecular.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:15", "1739789", "mail.destinationecuador.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:14", "1739782", "kachoro.tokyo", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:14", "1739783", "luukske.nl", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:14", "1739784", "kojirasetravel.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:14", "1739785", "hoiku-crayon.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:14", "1739786", "kaiwa-club.tokyo", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:13", "1739780", "intellect-technologies.src.sjl.mybluehost.me", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:13", "1739781", "kooshacompany.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:12", "1739778", "importsbahia.com.br.caldasservice.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:12", "1739779", "intensive.sam-sebe-columb.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:11", "1739776", "guestpertpublishing.tvguestpert.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:11", "1739777", "heartfeltmarketingevents.tvguestpert.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:10", "1739775", "grb.prgss.dev", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:09", "1739772", "genesseevalleygolfcourse.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:09", "1739773", "fstaeco-com-br.pharmac.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:09", "1739774", "ftp.condominioparaiso.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:08", "1739771", "fenixlab.dev", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:07", "1739769", "countryhouse.tokyo", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:07", "1739770", "ebina.lawyer", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:06", "1739767", "dry-wall.lenz-berauscht.de", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:06", "1739768", "elitechoiceig.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:04", "1739765", "copiousinfotech.copiousconsult.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:04", "1739766", "deep-sea.gr", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:03", "1739764", "cpanel.science-ing.org", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:01", "1739761", "broadstoneatlasdev.fabric.red", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:01", "1739762", "bar-number9.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:01", "1739763", "consupreneur.zambosur.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:00", "1739755", "bytovymagazin.cz", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:00", "1739756", "brutarquitectura.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:00", "1739757", "canada.fotaonline.org", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:00", "1739758", "blog.solartrade.in", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:00", "1739759", "casaafiune.ddsis.com.mx", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:30:00", "1739760", "c4marketing.ae", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:59", "1739753", "ayzallure.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:59", "1739754", "bds2.umemarketingagency.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:58", "1739750", "aimm.eu.org", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:58", "1739751", "bartendersunltd-bubars-com.bubars.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:58", "1739752", "app.sahodapp.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:57", "1739748", "apartamentostudiosvenda.com.br", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:57", "1739749", "apiservinaut.amsd.cl", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:56", "1739744", "affordablesidingandgutters.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:56", "1739745", "ads.tech-be.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:56", "1739746", "admin.amsd.cl", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:56", "1739747", "a2bc.bditconsultancy.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:55", "1739741", "80-replica.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:55", "1739742", "admin.ddsis.com.mx", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:29:55", "1739743", "admin.zaferly.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2026-02-01 19:04:57", "1739740", "mq0oy98l.cornflake-ream.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-02-01 19:04:09", "1739739", "8nu7ypxl.cornflake-ream.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-02-02 13:13:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-02-01 18:00:35", "1739735", "Anonykous-54240.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-01 18:00:36", "100", "False", "https://tria.ge/260201-v4zggsaw8g", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-02-01 14:48:49", "1739719", "nfs.azure-css.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-02 18:48:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-02-01 14:44:54", "1739718", "solidolbabrering.shop", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260201-lv7l3agv9b", "c2,domain,stealc,triage", "0", "DonPasci"
"2026-02-01 12:03:48", "1739714", "hitler963.ddns.net", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://tria.ge/260201-hcjwhacv8g", "C2,domain,neptunerat,rat,triage", "0", "DonPasci"
"2026-02-01 12:02:12", "1739713", "ydszge1688.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260201-lbgljafz7a", "C2,domain,rat,triage,valleyrat", "0", "DonPasci"
"2026-02-01 12:01:37", "1739711", "kaidealdoland-44457.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260201-jd2clsdw8c", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2026-02-01 12:00:26", "1739701", "yoenacevedo7-41744.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260201-jjpk1adz2e", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-02-01 10:49:00", "1739690", "kycdn.azure-css.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-02-02 18:48:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-02-01 07:30:02", "1739671", "insomnia.top", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/31eadb85a13e58678b4b3c4576b7a0ba59b57f9adff72fe8f998313a0f54827a/", "None", "0", "abuse_ch"
"2026-02-01 06:02:57", "1739665", "defender.ydns.eu", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260201-cray9afy6a", "C2,domain,njrat,triage", "0", "DonPasci"
"2026-02-01 06:00:21", "1739662", "policy-russia.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-02-01 06:04:13", "100", "False", "https://tria.ge/260201-c265faf12b", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-02-01 06:00:21", "1739663", "people-joyce.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260201-cv3hnsfy8f", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-02-01 06:00:21", "1739664", "adobe-cdn.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260201-acdeqacv7b", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-02-01 04:50:47", "1739661", "uydeg.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9eb860092c1118646f715bf5bacbf38c3053450fd601cc1f8a03e54b21b1d001/", "asyncrat", "0", "abuse_ch"
"2026-02-01 04:50:42", "1739660", "lmn.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9eb860092c1118646f715bf5bacbf38c3053450fd601cc1f8a03e54b21b1d001/", "asyncrat", "0", "abuse_ch"
"2026-02-01 04:50:40", "1739659", "bxr.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9eb860092c1118646f715bf5bacbf38c3053450fd601cc1f8a03e54b21b1d001/", "asyncrat", "0", "abuse_ch"
"2026-02-01 04:50:36", "1739658", "artabnewszamanpaper47.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9eb860092c1118646f715bf5bacbf38c3053450fd601cc1f8a03e54b21b1d001/", "asyncrat", "0", "abuse_ch"
"2026-02-01 04:40:31", "1739657", "vb0.za.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0c73c1f191c2e4a3d5399532c014fcdffedfe7bd4abc9887bd0965f8d86abf3f/", "asyncrat", "0", "abuse_ch"
"2026-02-01 04:40:29", "1739656", "kubetchuan.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0c73c1f191c2e4a3d5399532c014fcdffedfe7bd4abc9887bd0965f8d86abf3f/", "asyncrat", "0", "abuse_ch"
"2026-02-01 04:40:27", "1739655", "bajaban.sa.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0c73c1f191c2e4a3d5399532c014fcdffedfe7bd4abc9887bd0965f8d86abf3f/", "asyncrat", "0", "abuse_ch"
"2026-02-01 04:40:25", "1739654", "789club.za.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0c73c1f191c2e4a3d5399532c014fcdffedfe7bd4abc9887bd0965f8d86abf3f/", "asyncrat", "0", "abuse_ch"
"2026-02-01 04:00:56", "1739649", "www.scholze.family", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-02-01 11:00:26", "100", "False", "https://search.censys.io/hosts/45.132.246.141+www.scholze.family", "AS197540,C2,censys,Havoc,NETCUP-AS", "0", "DonPasci"
"2026-02-01 02:59:45", "1739630", "ne4w2nbw.moduplaza.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-02-01 02:58:37", "1739629", "7z38l1pp.moduplaza.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-02-01 00:02:48", "1739441", "downloads.beaconvistamedical.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/51.44.178.101+downloads.beaconvistamedical.com", "AMAZON-02,AS16509,C2,censys,CobaltStrike,open-dir", "0", "DonPasci"
"2026-02-01 00:01:17", "1739438", "8L0niGJfnjUQ3vnySTISYg==", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/7798165f2a3542ed381179e299c7b909af9c7cfd4d7c272ef30e5ddf62ecc867/", "xworm", "0", "abuse_ch"
"2026-01-31 21:01:28", "1739425", "iphotline.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-31 19:55:28", "1739409", "macfilestorage.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:28", "1739410", "macflowy.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:28", "1739411", "macicloudtrack.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:28", "1739412", "macsendpath.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:28", "1739413", "macsyncbin.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:28", "1739414", "megafilehub4.xyz", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:28", "1739415", "mymachelpdesk.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:28", "1739416", "sendportal02.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:27", "1739402", "imacmigrator.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:27", "1739403", "imacrestorehub.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:27", "1739404", "macared.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:27", "1739405", "maccloudbeam.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2026-01-31 19:55:29", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:27", "1739406", "maccloudstorage.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:27", "1739407", "macfilebeam.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:27", "1739408", "macfileshare.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:26", "1739399", "cloudboxmac.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:26", "1739400", "driveport38.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:55:26", "1739401", "fastsendportal02.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "domain,MacSync,stealer", "0", "dyingbreeds_"
"2026-01-31 19:37:46", "1739397", "RAGYDAGY-32447.portmap.host", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-31 19:37:46", "100", "False", "https://tria.ge/260131-x3lv4sf14c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-31 19:37:46", "1739398", "HhHolyShitttt1243-31975.portmap.host", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260131-xp6clafy6c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-31 19:37:13", "1739394", "yoenacevedo7-38238.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-01-31 19:39:16", "100", "False", "https://tria.ge/260131-xxy89afz6f", "C2,domain,triage,xworm", "0", "DonPasci"
# Number of entries: 179