################################################################
# ThreatFox IOCs: recent domains - CSV format                  #
# Last updated: 2026-06-04 00:08:23 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter"
"2026-06-04 00:08:23", "1822083", "gunanx.303-bet.buzz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 23:46:45", "1822078", "kpcifot.aypoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 23:45:40", "1822077", "!z!.aypoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 23:45:38", "1822076", "aypoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 23:45:41", "100", "False", "None", "3June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-03 23:17:27", "1822066", "7g5swyfn.bazipoop.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 23:15:58", "1822065", "r38it4zu.bazipoop.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 23:16:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 23:11:27", "1822064", "!z!.asa90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 23:10:29", "1822063", "gqxhbsg.asa90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 23:10:51", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 22:51:08", "1822058", "xrb3ppl3.akharinbama.ir", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 22:35:52", "1822057", "djkbtwq.aryabet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 22:34:37", "1822056", "!z!.aryabet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 22:04:13", "1822051", "wjsuzxt.arian90bet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 22:00:31", "1822049", "web.canamrental.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-03 23:25:07", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-03 22:00:30", "1822047", "web.duitsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-03 23:24:56", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-03 21:59:10", "1822042", "!z!.arian90bet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 21:59:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 21:24:53", "1822041", "pmieubk.arabs.promo", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 21:23:34", "1822040", "arabs.promo", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 21:23:38", "100", "False", "None", "3June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-03 21:19:51", "1822039", "zjtplqi.arabi.poker", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 21:16:44", "1822038", "t0uo8kf9.basketballiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 21:15:37", "1822037", "ghef1emo.basketballiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 21:16:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 20:48:45", "1822029", "ihmqfsm.arabicbet.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 20:44:08", "1822028", "arabicbet.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 20:44:10", "100", "False", "None", "3June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-03 20:34:30", "1822027", "nakodasuitings.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-06-03 20:34:24", "1822026", "effgtty.ar888starz.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 20:33:36", "1822025", "!z!.ar888starz.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 20:24:30", "1822024", "cxexxbb.apk.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 20:24:15", "1822023", "!z!.apk.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 20:23:43", "1822022", "apk.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 20:23:48", "100", "False", "None", "3June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-03 20:21:16", "1822021", "cxfvahh.404bet.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 20:20:25", "1822020", "404bet.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 20:20:29", "100", "False", "None", "3June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-03 19:55:13", "1822018", "loganwolverin2040.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/09a778c467ba4bebfc477f8aab889aa1fb5e9e4258b347106dcec48f91f32dc5/", "asyncrat", "0", "abuse_ch"
"2026-06-03 19:46:04", "1822017", "khuqcze.303.audio", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 19:45:12", "1822016", "303.audio", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 19:45:15", "100", "False", "None", "3June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-03 19:16:05", "1822008", "8vjdfz8n.basketballiran.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 19:15:05", "1822007", "s35umghu.basketballiran.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 19:15:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 19:10:13", "1822006", "hekjmsa.2026.futbol", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 19:09:56", "1822005", "2026.futbol", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 19:09:58", "100", "False", "None", "3June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-03 18:34:12", "1822001", "favmrwg.1xbet-official-xbet.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 18:33:35", "1822000", "!z!.1xbet-official-xbet.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 18:27:04", "1821999", "qyteglr.1xbetios.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 18:25:08", "1821998", "qzr.canamrental.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-03 21:25:13", "75", "False", "None", "ar3k0,Vidar", "0", "abuse_ch"
"2026-06-03 18:24:56", "1821996", "qzr.duitsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-03 21:25:01", "75", "False", "None", "ar3k0,Vidar", "0", "abuse_ch"
"2026-06-03 18:21:52", "1821994", "!z!.1xbetios.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 18:22:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 17:52:36", "1821992", "qjothjo.1xbetandroid.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 17:51:29", "1821991", "4ly606b9.aftabsport.ir", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 17:48:49", "1821990", "vtqjke.1xbet1farsi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 17:47:11", "1821989", "!z!.1xbetandroid.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 17:46:49", "1821988", "1xbetandroid.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 17:46:56", "100", "False", "None", "3June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-03 17:16:43", "1821987", "bqm57dpz.betgit.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 17:14:53", "1821986", "betgit.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 17:15:01", "100", "False", "None", "3June2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm"
"2026-06-03 17:10:53", "1821985", "!z!.1xbet90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 17:11:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 16:35:26", "1821981", "!z!.1shart.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 16:35:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 16:08:13", "1821950", "code-jquery.net", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "jquery,Magecart,skimmer,typosquat", "1", "josebartos2016"
"2026-06-03 16:08:13", "1821951", "code-jquery.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "jquery,Magecart,skimmer,typosquat", "1", "josebartos2016"
"2026-06-03 16:08:13", "1821952", "bootstrapccdn.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "jquery,Magecart,skimmer,typosquat", "1", "josebartos2016"
"2026-06-03 16:08:12", "1821953", "bootstrapscdn.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "jquery,Magecart,skimmer,typosquat", "1", "josebartos2016"
"2026-06-03 16:08:12", "1821954", "cdnjs.cloudflire.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "jquery,Magecart,skimmer,typosquat", "1", "josebartos2016"
"2026-06-03 16:08:11", "1821955", "cdnjs.cloudflire.net", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "jquery,Magecart,skimmer,typosquat", "1", "josebartos2016"
"2026-06-03 16:08:11", "1821956", "cdnjs.bootstrapscdn.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "jquery,Magecart,skimmer,typosquat", "1", "josebartos2016"
"2026-06-03 16:08:10", "1821957", "ajax.googleaips.net", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "jquery,Magecart,skimmer,typosquat", "1", "josebartos2016"
"2026-06-03 16:08:09", "1821958", "cdn.googleaips.net", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "jquery,Magecart,skimmer,typosquat", "1", "josebartos2016"
"2026-06-03 16:08:09", "1821959", "stat.keitaro.company", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "jquery,Magecart,skimmer,typosquat", "1", "josebartos2016"
"2026-06-03 16:07:53", "1821960", "mc.yadnex.net", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "jquery,Magecart,skimmer,typosquat", "1", "josebartos2016"
"2026-06-03 15:59:53", "1821974", "!z!.1kickbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 16:00:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 15:40:03", "1821941", "mfepyxz.bet888starzz.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 15:38:37", "1821940", "wydkbnq.bet888starzz.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 15:24:04", "1821802", "dangelo.lol", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-03 12:07:01", "100", "True", "None", "KongTuke", "0", "monitorsg"
"2026-06-03 15:23:56", "1821829", "bernardi.lol", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-03 15:10:18", "100", "True", "https://infosec.exchange/@monitorsg/116686329659341364", "KongTuke", "0", "monitorsg"
"2026-06-03 15:23:53", "1821834", "ironsignal.top", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-06-03 13:08:50", "100", "True", "https://infosec.exchange/@monitorsg/116686331123691132", "SmartApeSG", "0", "monitorsg"
"2026-06-03 15:23:52", "1821845", "cabaretcorporation.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "https://bazaar.abuse.ch/sample/0a2b733519d04f2b7539935eaa3ae2199c9cbad748b808637fdfeb020f189f04/", "c2,RemusStealer", "0", "burger"
"2026-06-03 15:23:49", "1821930", "second-confirmation.top", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-03 22:07:10", "100", "True", "https://infosec.exchange/@monitorsg/116686752048109572", "KongTuke", "0", "monitorsg"
"2026-06-03 15:23:47", "1821935", "lucidgrovelab.top", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-06-03 15:10:35", "100", "True", "https://infosec.exchange/@monitorsg/116686810801486417", "SmartApeSG", "0", "monitorsg"
"2026-06-03 15:23:45", "1821937", "api.oysterfloats.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/116686813386386002", "SocGholish", "0", "monitorsg"
"2026-06-03 15:15:26", "1821939", "2os894vl.betfire90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 15:14:15", "1821938", "d29u9g6c.betfire90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 15:03:53", "1821933", "nuulycp.bet365iran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 15:03:01", "1821932", "uniajji.bet365iran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 14:50:32", "1821928", "yyyf168.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/48f4e1be06c9f197a0cbd34c33cdec5ee8b1d5f55c8c27a6f3fd0eaca9d154e2/", "asyncrat", "0", "abuse_ch"
"2026-06-03 14:50:30", "1821926", "f168viet.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/48f4e1be06c9f197a0cbd34c33cdec5ee8b1d5f55c8c27a6f3fd0eaca9d154e2/", "asyncrat", "0", "abuse_ch"
"2026-06-03 14:50:30", "1821927", "ff168.club", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/48f4e1be06c9f197a0cbd34c33cdec5ee8b1d5f55c8c27a6f3fd0eaca9d154e2/", "asyncrat", "0", "abuse_ch"
"2026-06-03 14:50:29", "1821924", "f168lv.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/48f4e1be06c9f197a0cbd34c33cdec5ee8b1d5f55c8c27a6f3fd0eaca9d154e2/", "asyncrat", "0", "abuse_ch"
"2026-06-03 14:50:29", "1821925", "f168news.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/48f4e1be06c9f197a0cbd34c33cdec5ee8b1d5f55c8c27a6f3fd0eaca9d154e2/", "asyncrat", "0", "abuse_ch"
"2026-06-03 14:50:28", "1821922", "f168.gold", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/48f4e1be06c9f197a0cbd34c33cdec5ee8b1d5f55c8c27a6f3fd0eaca9d154e2/", "asyncrat", "0", "abuse_ch"
"2026-06-03 14:50:28", "1821923", "f168.talk", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/48f4e1be06c9f197a0cbd34c33cdec5ee8b1d5f55c8c27a6f3fd0eaca9d154e2/", "asyncrat", "0", "abuse_ch"
"2026-06-03 14:50:27", "1821920", "f168.download", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/48f4e1be06c9f197a0cbd34c33cdec5ee8b1d5f55c8c27a6f3fd0eaca9d154e2/", "asyncrat", "0", "abuse_ch"
"2026-06-03 14:50:27", "1821921", "f168.futbol", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/48f4e1be06c9f197a0cbd34c33cdec5ee8b1d5f55c8c27a6f3fd0eaca9d154e2/", "asyncrat", "0", "abuse_ch"
"2026-06-03 14:50:26", "1821919", "f168-v1.cheap", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/48f4e1be06c9f197a0cbd34c33cdec5ee8b1d5f55c8c27a6f3fd0eaca9d154e2/", "asyncrat", "0", "abuse_ch"
"2026-06-03 14:43:45", "1821912", "hardsmi.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "c2,lumma", "0", "juroots"
"2026-06-03 14:42:51", "1821900", "88j.co.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-03 14:42:51", "1821901", "j88pro.club", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-03 14:42:51", "1821902", "macat433.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-03 14:42:51", "1821903", "orche.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-03 14:42:51", "1821904", "urchlogs.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-03 14:42:51", "1821905", "www.consultarprocesosramajudicial.com.co", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-03 14:42:25", "1821895", "loungelovers.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2026-06-03 14:42:25", "50", "False", "", "c2,nanocore", "0", "juroots"
"2026-06-03 14:42:25", "1821896", "ph88phil.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2026-06-03 14:42:25", "50", "False", "", "c2,nanocore", "0", "juroots"
"2026-06-03 14:42:25", "1821897", "purerawk.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2026-06-03 14:42:25", "50", "False", "", "c2,nanocore", "0", "juroots"
"2026-06-03 14:42:25", "1821898", "ww.maskelibros.cl", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "False", "", "c2,nanocore", "0", "juroots"
"2026-06-03 14:42:25", "1821899", "www.cinehouse.my", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "False", "", "c2,nanocore", "0", "juroots"
"2026-06-03 14:42:03", "1821894", "bejow65678-31238.portmap.host", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots"
"2026-06-03 14:28:05", "1821849", "niftxdi.bet313.app", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 13:52:28", "1821843", "liizlfb.bet30bet.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 13:52:07", "1821842", "eltyalg.bet30bet.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 13:46:23", "1821841", "ojxpecw.bet30bet.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 13:45:34", "1821840", "glwlroq.bet30bet.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 13:52:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 13:14:32", "1821839", "5yohaely.betexper.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 13:13:31", "1821838", "471yebmv.betexper.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 13:10:34", "1821837", "mobility-aids.in", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5db6e46ae0a2f0c1c7f6f2a7ff28fa2b50f4e36b5918906111928ae6cf24ea41/", "nanocore", "0", "abuse_ch"
"2026-06-03 13:08:43", "1821836", "oggo8gfy.betcompani.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 13:07:11", "1821827", "betcompani.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 13:07:17", "100", "False", "None", "3June2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm"
"2026-06-03 13:00:31", "1821825", "dtc.canamrental.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-03 17:25:09", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-03 13:00:30", "1821823", "dtc.duitsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-03 17:24:58", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-03 12:50:29", "1821819", "maskelibros.cl", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/378ac23df0db902049109577898d2926d72e8ad6a723159dc019f99f2ccbd01a/", "nanocore", "0", "abuse_ch"
"2026-06-03 12:05:35", "1821814", "rtfo.sa.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/30a9f9a9f677e73b8adfc87a7b426317a1e968a320f01addb0d8af794a64282d/", "nanocore", "0", "abuse_ch"
"2026-06-03 12:05:34", "1821813", "77bet.africa", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/30a9f9a9f677e73b8adfc87a7b426317a1e968a320f01addb0d8af794a64282d/", "nanocore", "0", "abuse_ch"
"2026-06-03 11:14:39", "1821806", "b33gup3p.betbet.city", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 11:14:16", "1821805", "ozmhw80r.adabiyat.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 10:45:57", "1821792", "xxxxxx69.cn", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "https://x.com/AndrewPetrus/status/2061837991212089750?s=20", "Fake Antivirus,PUA,PUP", "0", "andrewpetrus"
"2026-06-03 09:22:47", "1821712", "gfrewds.bet-303.fun", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-03 08:38:08", "1821705", "ledger.com.ag", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-03 08:38:08", "1821706", "ledger-shop.at", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-03 08:25:24", "1821707", "bet-303.fun", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 09:20:47", "100", "False", "None", "3June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-03 08:17:46", "1821704", "6aq224cu.luxerabet100.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 08:17:20", "1821703", "yr126pdf.luxerabet100.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 07:57:09", "1821698", "sun8i9tk.luxerabet1000.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 07:55:45", "1821693", "4snfemll.luxerabet1000.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 06:40:37", "1821681", "laohe4.myvnc.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/e6214ec3dc86e8aa709720e5fedaee79fd70b8dc0e25fcadd80ecdde63b50451/", "xworm", "0", "abuse_ch"
"2026-06-03 06:11:56", "1821679", "filezilla.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "100", "False", "https://bazaar.abuse.ch/sample/72abb09c4e65fe2369c3c2e328617bb44ddc12cad24181a7e5c53169b05fb543/", "CountLoader", "0", "abuse_ch"
"2026-06-03 06:08:25", "1821677", "dust.packetflow.cc", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "2026-06-03 06:08:25", "100", "False", "https://bazaar.abuse.ch/sample/014c9b69c6082a9b5a302605cfc95267e014a55c56ce4d0657d1251a81cbe113/", "ACRStealer", "0", "abuse_ch"
"2026-06-03 06:08:02", "1821676", "vdsina.vg", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "100", "False", "https://bazaar.abuse.ch/sample/014c9b69c6082a9b5a302605cfc95267e014a55c56ce4d0657d1251a81cbe113/", "CountLoader", "0", "abuse_ch"
"2026-06-03 05:56:48", "1821661", "yzqawgz5.7lf.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 05:55:17", "1821660", "rp05pfgt.7lf.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 05:55:12", "1821605", "feiyuwei.com", "domain", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "False", "", "Latrodectus", "0", "varysz"
"2026-06-03 03:56:38", "1821651", "vrlh0wdy.eutoor.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 03:54:40", "1821650", "ymihaw7a.eutoor.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 01:54:59", "1821632", "b7tibc5u.luxerabet1000.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 01:54:13", "1821631", "hsy1u75o.luxerabet1000.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-03 01:00:31", "1821627", "fre.duitsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-03 12:24:56", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-03 01:00:31", "1821629", "fre.canamrental.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-03 12:25:08", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-02 23:54:30", "1821618", "pf6n62u7.luxerabet5.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 23:53:46", "1821617", "6rdv0wtc.luxerabet5.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 21:54:03", "1821600", "23q34ztp.luxerabet1.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 21:54:00", "1821599", "ofslg5u1.luxerabet1.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 21:53:26", "1821598", "luxerabet1.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 21:53:31", "100", "False", "None", "2June2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm"
"2026-06-02 19:54:47", "1821519", "0u9irsk6.luxerabet10.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 19:52:54", "1821518", "zs42pkd6.luxerabet10.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 19:41:15", "1821473", "my-electrum.at", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:41:14", "1821474", "electrumn.gr.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:41:13", "1821475", "safepalwallet.co.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:41:13", "1821476", "safepals.gr.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:41:12", "1821477", "safe-pal.gr.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:41:11", "1821478", "new-rabby.at", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:41:10", "1821479", "rabby.com.mx", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:41:10", "1821480", "ldgr.co.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:39:45", "1821481", "ledgerlive.ldgr.co.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:39:44", "1821482", "trust-wallet.gr.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:39:37", "1821483", "new-rabby.gr.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:39:36", "1821484", "safepal-app.co.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "infostealer,stealer", "0", "ninjacatcher"
"2026-06-02 19:39:27", "1821494", "txtsm188.top", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "", "stealer", "0", "whoamix302"
"2026-06-02 19:30:31", "1821512", "juk.canamrental.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-02 19:30:30", "1821510", "juk.duitsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-02 18:00:40", "1821505", "caym.africa", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5eb4c9e5099fd47511d7e427514e92be2a2c2c7659bd73eb15b72b4caba16b2e/", "nanocore", "0", "abuse_ch"
"2026-06-02 18:00:40", "1821506", "comfortconcept.com.co", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5eb4c9e5099fd47511d7e427514e92be2a2c2c7659bd73eb15b72b4caba16b2e/", "nanocore", "0", "abuse_ch"
"2026-06-02 17:54:02", "1821499", "cspzm3hg.luxerabet1068.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 17:52:32", "1821498", "dqs5h9gh.luxerabet1068.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 17:52:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 16:10:30", "1821491", "lesseffort.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/45e106568889434be142fcf8ad56ab2b658555edd612f007ab3c5c4a926b721b/", "nanocore", "0", "abuse_ch"
"2026-06-02 16:10:30", "1821492", "onrealms.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/f328ac4d4662fb2a9b2ce2ad9961c795404f62b73d4315cbcafa5779da2cb4c9/", "nanocore", "0", "abuse_ch"
"2026-06-02 15:52:21", "1821472", "r8cgf6ux.luxerabet100.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 15:52:00", "1821471", "duafwkrh.luxerabet100.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 08:17:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 15:17:56", "1821238", "content.sodakconcretecoatings.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/116680909918975759", "SocGholish", "0", "monitorsg"
"2026-06-02 14:55:37", "1821466", "bluespaceproperties.in", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/75c53840ad4978faba4569f16386846a12198b82c8af1761aa7544b978248af7/", "nanocore", "0", "abuse_ch"
"2026-06-02 14:36:28", "1821463", "kele12.vip", "domain", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "50", "False", "", "c2,gh0st", "0", "juroots"
"2026-06-02 14:36:08", "1821461", "byrnewealthmanagement.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "MacSync", "0", "juroots"
"2026-06-02 14:36:08", "1821462", "marbellaresales.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "MacSync", "0", "juroots"
"2026-06-02 14:35:25", "1821459", "timpwpomohungn.site", "domain", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "False", "", "c2,smokeloader", "0", "juroots"
"2026-06-02 14:35:25", "1821460", "trypiynchinoiiiik.ru", "domain", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "False", "", "c2,smokeloader", "0", "juroots"
"2026-06-02 14:35:24", "1821454", "badsaais2022.site", "domain", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "False", "", "c2,smokeloader", "0", "juroots"
"2026-06-02 14:35:24", "1821455", "kleinerycstone.site", "domain", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "False", "", "c2,smokeloader", "0", "juroots"
"2026-06-02 14:35:24", "1821456", "krutirurtlliagesta.ru", "domain", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "False", "", "c2,smokeloader", "0", "juroots"
"2026-06-02 14:35:24", "1821457", "slaloolasiksubnovayachim.ru", "domain", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "False", "", "c2,smokeloader", "0", "juroots"
"2026-06-02 14:35:24", "1821458", "swoonwastan.site", "domain", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "False", "", "c2,smokeloader", "0", "juroots"
"2026-06-02 14:34:22", "1821439", "sex.m-u88.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:22", "1821440", "styles2026.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:22", "1821441", "ug88.eu.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:22", "1821442", "vitrinekast-expert.nl", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:22", "1821443", "westy04.karslioglu4-tr.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821423", "burnoutbuddies.nl", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821424", "c2.m-u88.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821425", "chanbomaydi.m-u88.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821426", "coinduit.io", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821427", "fdfb.io", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821428", "hostyour.tv", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821429", "j88.studio", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821430", "jhx.uk.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821431", "lmat.sa.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821432", "macos.macosnimba.name", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821433", "macos2.macosnimba2.name", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821434", "macos3.macosnimba3.name", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821435", "payload.m-u88.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821436", "quotationlp.quotationlp.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821437", "rat.m-u88.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:21", "1821438", "saamhorigheidsfonds.nl", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:20", "1821417", "aabm.my", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:20", "1821418", "almacenoporto.com.co", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:20", "1821419", "appelhout.nl", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:20", "1821420", "arvand.co.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:20", "1821421", "aseguroconfiable21.mysynology.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:34:20", "1821422", "bomaylaliaw.m-u88.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots"
"2026-06-02 14:33:59", "1821404", "f168.limo", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821405", "f168.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821406", "f168.town", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821407", "f1686s.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821408", "f1688.best", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821409", "f1688.icu", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821410", "f1688com.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821411", "f168bet.me", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821412", "f168bet.onl", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821413", "f168n.com.co", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821414", "pilgrimlutheranpreschool.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821415", "shbet126.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-02 14:34:00", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:59", "1821416", "sigmaboy86868-64288.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:58", "1821394", "ae888.living", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-02 14:34:00", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:58", "1821395", "bilaielpilpiol-47684.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:58", "1821396", "f168-co.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:58", "1821397", "f168.black", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:58", "1821398", "f168.blue", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:58", "1821399", "f168.church", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:58", "1821400", "f168.coach", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:58", "1821401", "f168.gallery", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:58", "1821402", "f168.ing", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:58", "1821403", "f168.law", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots"
"2026-06-02 14:33:34", "1821393", "k7elan-43083.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "False", "", "c2,njrat", "0", "juroots"
"2026-06-02 14:32:54", "1821389", "noreply2host.duckdns.org", "domain", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "50", "False", "", "c2,netwire", "0", "juroots"
"2026-06-02 14:32:54", "1821390", "wire.universitynetservice1979.info", "domain", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "50", "False", "", "c2,netwire", "0", "juroots"
"2026-06-02 14:32:24", "1821382", "www.uj3gb7q.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:24", "1821383", "www.usemention.ai", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:24", "1821384", "www.valentinar.ru", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:24", "1821385", "www.venloria.us", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:24", "1821386", "www.wrqgd.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:24", "1821387", "www.yinboxops.co", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:24", "1821388", "www.zavixaro.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821367", "www.ncooleyrealty.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821368", "www.nettflex.site", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821369", "www.neurowellnesslab.site", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821370", "www.ozenziraat.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821371", "www.park-promote-portability.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821372", "www.pepxly.makeup", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821373", "www.pokerdom-kasinos-site.ru", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821374", "www.projectyola.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821375", "www.souldiggin.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821376", "www.spectrumcomercial.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821377", "www.sydneyjoos.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821378", "www.taskforcebot.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821379", "www.thousandoaksbsalandscaping.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821380", "www.topclickgaming735.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:23", "1821381", "www.twgxcc.art", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821352", "www.getscalespilot.co", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821353", "www.h38zn.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821354", "www.happybusiness.fr", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821355", "www.heyarefamily.store", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821356", "www.hup30.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821357", "www.i4feaqo5h.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821358", "www.inscritos20266.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821359", "www.j3152xx.cc", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821360", "www.jefyd.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821361", "www.lillyandlark.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821362", "www.maedso.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821363", "www.marineinsurer.one", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821364", "www.mt9sx9.asia", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821365", "www.myleadsgen.co", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:22", "1821366", "www.naturalstone.store", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821337", "www.carolinabiscaro.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821338", "www.chipskk.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821339", "www.clawbytes.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821340", "www.contexception.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821341", "www.continuumclothing.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821342", "www.cutoffwheelsrus.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821343", "www.dakarcocktail.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821344", "www.dojcatena.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821345", "www.droppingjulzz.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821346", "www.dtu92.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821347", "www.duo240.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821348", "www.eqtreporting.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821349", "www.finance77-laudantium.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821350", "www.fixitfuego.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:21", "1821351", "www.furbabyfortune.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821325", "www.43dqb.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821326", "www.4554.tw", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821327", "www.911itg.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821328", "www.adrisex.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821329", "www.aitooling.ru", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821330", "www.appliancerookies.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821331", "www.assessoriabr.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821332", "www.bethq.work", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821333", "www.biforin.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821334", "www.bosslifesa.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821335", "www.bythebellboxing.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:20", "1821336", "www.c8un2-bz0ox-ecsxpp.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:32:19", "1821324", "www.12points.se", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "False", "", "c2,formbook", "0", "juroots"
"2026-06-02 14:30:31", "1821250", "dnz.duitsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-02 14:30:31", "1821252", "dnz.canamrental.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-02 13:53:10", "1820932", "t6h2yu60.luxerabet1000.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 13:51:37", "1820931", "a8y1vw63.luxerabet1000.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 01:54:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 13:50:28", "1820930", "gg88.hevymotors.in", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/112ef076061a1f6be03945a02d98fc6ca2ae5d97510e33d04139f929f06758f8/", "nanocore", "0", "abuse_ch"
"2026-06-02 13:50:07", "1820929", "bwfmojo.tunny.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 13:50:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 13:40:28", "1820928", "esbydax.tobisha.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 13:41:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 13:30:27", "1820927", "sscedif.bahisbey90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 13:20:16", "1820926", "fpaqjul.bahiscom2023.online", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 13:05:46", "1820911", "oruaaga.1xbet1farsi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 12:40:03", "1820902", "glnason.lol", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg"
"2026-06-02 12:31:00", "1820906", "kxlkbmz.303-bet.buzz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 12:30:29", "1820905", "idyqkhp.303-bet.buzz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 11:56:13", "1820895", "kuyquso.akharinbama.ir", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 11:53:23", "1820894", "ps10z3qz.eutoor.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 11:51:14", "1820893", "eazcu9o7.eutoor.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 11:49:14", "1820892", "anxstwt.akharinbama.ir", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 11:10:00", "1820891", "xavytub.alternatifdekorasyon.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 11:08:50", "1820890", "nkhxdiy.alternatifdekorasyon.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 10:45:58", "1820847", "fun88kyc.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "", "ClearFake,Windows", "1", "triu"
"2026-06-02 10:45:50", "1820886", "1sun.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/75a7143599bc7154f6290dac048a9a9f75065b435080e44a3cdee74b87933439/", "remcos", "0", "abuse_ch"
"2026-06-02 10:33:58", "1820883", "pyfptfv.anadoluslot.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 10:33:16", "1820882", "juwhlbr.anadoluslot.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 10:00:32", "1820880", "hit.canamrental.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-02 10:00:31", "1820878", "hit.duitsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-02 09:58:51", "1820873", "citnflk.arayemek.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 09:57:42", "1820872", "iveyrtw.arayemek.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 09:52:09", "1820871", "ff4ekbmd.7lf.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 09:50:45", "1820870", "yn9307x6.7lf.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 09:30:31", "1820864", "hit.bluewestgroup.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-02 09:30:30", "1820862", "hit.dism188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-02 09:23:08", "1820860", "zyiwsis.betfire90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 09:22:53", "1820859", "ysqlyfg.betfire90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 09:22:22", "1820858", "betfire90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 15:14:32", "100", "False", "None", "2June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-02 08:48:08", "1820853", "ysivuys.betexper.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 08:46:43", "1820852", "gllmkzi.betexper.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 13:13:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 08:40:29", "1820850", "xoilacpro.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/8316795c025f8ea8c1d65c1c791aa39c15d73191fc2e39fc59d3b78f50cc3792/", "nanocore", "0", "abuse_ch"
"2026-06-02 08:40:28", "1820849", "ck01.tv", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/31e929523db65c3e3a18e34ddeeeba27fad71dfe08a37e49c40bda104dfa7593/", "nanocore", "0", "abuse_ch"
"2026-06-02 08:12:44", "1820846", "dhddzix.betbet.city", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 08:11:27", "1820845", "betbet.city", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 11:06:25", "100", "False", "None", "2June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-02 07:59:06", "1820834", "7d6da0ri.axee.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 07:58:15", "1820833", "rs01xol9.axee.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 07:49:36", "1820832", "merindashop.cyou", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-02 16:55:57", "100", "False", "None", "ClickFix", "0", "threatcat_ch"
"2026-06-02 07:40:53", "1820831", "negfuie.bet888starzz.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 07:35:41", "1820830", "hqmathp.bet888starzz.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 15:39:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 07:00:57", "1820827", "esqbzfn.bet365iran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 07:00:34", "1820826", "kitlife.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/a81ab795e5d2dd555ab9db0b4c2e59429ab0660ed6c1374c602489acf5c0313d/", "nanocore", "0", "abuse_ch"
"2026-06-02 07:00:25", "1820825", "xnkqvxs.bet365iran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 15:03:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 06:25:13", "1820819", "pjfaqdf.bet313.app", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 06:24:39", "1820818", "bet313.app", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-03 14:28:31", "100", "False", "None", "2June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-02 05:57:19", "1820810", "sax166rh.funkboi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 05:57:03", "1820809", "adklk15j.funkboi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 05:49:34", "1820808", "kfvzenz.bahiscom2023.online", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 05:49:13", "1820807", "pxbhgsn.bahiscom2023.online", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 05:49:10", "1820806", "bahiscom2023.online", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 13:20:53", "100", "False", "None", "2June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-02 05:13:48", "1820805", "yhyrxap.bahisbey90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 05:13:41", "1820804", "bwwpcpi.bahisbey90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 05:14:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 04:52:34", "1820803", "veryhotcoffee.monster", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch"
"2026-06-02 04:38:19", "1820802", "zxzhjlk.artenadigital.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 04:38:12", "1820801", "dsipoxy.artenadigital.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 04:38:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 04:02:49", "1820800", "qemwisi.arayemek.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 04:02:48", "1820799", "tfasyxh.arayemek.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 09:57:51", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 03:57:44", "1820798", "cw5zuej3.baxus.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 03:56:39", "1820797", "snc9w77m.baxus.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 03:56:32", "1820796", "baxus.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 03:57:37", "100", "False", "None", "2June2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm"
"2026-06-02 03:32:11", "1820795", "usfltzp.anadoluslot.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 03:27:10", "1820794", "bobtgdr.anadoluslot.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 10:34:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 03:25:20", "1820793", "iiabc8.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/2ea67d98260f63e5eb13d6add3c0b6f2d093bd56a833756000e343c0179a5261/", "nanocore", "0", "abuse_ch"
"2026-06-02 02:52:00", "1820789", "zrgxhan.alternatifdekorasyon.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 02:51:37", "1820788", "haytmyo.alternatifdekorasyon.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 11:09:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 02:16:17", "1820787", "rvubnzq.akharinbama.ir", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 11:55:11", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 01:56:58", "1820783", "96mjt1sb.axee.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 01:56:07", "1820782", "syhjgg7o.axee.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 07:57:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-02 01:54:24", "1820781", "negozimobilireggioemilia.it", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-06-02 01:40:47", "1820780", "actmimo.aftabsport.ir", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 01:31:21", "1820779", "utgxkle.aftabsport.ir", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 01:30:21", "1820778", "aftabsport.ir", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 01:40:59", "100", "False", "None", "2June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-02 00:59:28", "1820775", "djineca.adabiyat.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-02 00:54:41", "1820774", "adabiyat.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-02 00:54:45", "100", "False", "None", "2June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
# Number of entries: 378