################################################################
# ThreatFox IOCs: recent domains - CSV format                  #
# Last updated: 2025-08-30 01:10:23 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2025-08-30 01:10:23", "1577837", "37.101.voltexpressdelivery.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-30 03:10:23", "75", "None", "gtt/9,Vidar", "0", "abuse_ch"
"2025-08-30 00:01:25", "1577830", "r3.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.161.209.117+r3.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-08-30 00:01:25", "1577831", "rootdz.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.161.209.117+rootdz.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-08-30 00:01:24", "1577829", "b2.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.161.209.117+b2.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-08-30 00:01:04", "1577825", "www.libertydroid-magma.top", "domain", "botnet_cc", "apk.hook", "None", "Hook", "2025-08-30 00:01:05", "100", "https://search.censys.io/hosts/178.63.215.79+www.libertydroid-magma.top", "AS24940,C2,censys,HETZNER-AS,Hookbot", "0", "DonPasci"
"2025-08-29 23:20:27", "1577809", "monozfx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:20:27", "1577810", "milliam.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:20:27", "1577811", "atomqne.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:19", "1577805", "interbk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577789", "pitbubs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577790", "willozm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577791", "waterkz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577792", "stepwxv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577793", "poisoha.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577794", "aerokju.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577795", "realhwo.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577796", "buttalx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577797", "saltzmx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577798", "ravimwz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577799", "theapte.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577800", "eminpxo.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577801", "backkrj.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577802", "acarkkg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577803", "rapsmmv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:18", "1577804", "grodpgy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:17", "1577785", "ozoned.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:17", "1577786", "meadofnb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:17", "1577787", "gravilh.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 23:10:17", "1577788", "blacksu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-08-29 22:49:08", "1577779", "ns2.pakistancode.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-30 02:49:22", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 22:49:06", "1577778", "ns1.pakistancode.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-30 02:49:20", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 22:49:03", "1577775", "n1.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-30 02:49:17", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 22:49:03", "1577776", "n2.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-30 02:49:17", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 22:49:03", "1577777", "n3.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-30 02:49:17", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 22:49:01", "1577774", "lab.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-30 02:49:16", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 22:48:54", "1577773", "auth.inmediavault.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-30 02:49:09", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 20:01:17", "1577753", "static.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.161.209.117+static.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-08-29 18:01:05", "1577740", "senaildebe.xyz", "domain", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://tria.ge/250829-te2pwavxcy", "C2,domain,RedLine,RedlineStealer,stealer,triage", "0", "DonPasci"
"2025-08-29 18:01:05", "1577741", "adoniexmar.xyz", "domain", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://tria.ge/250829-te2pwavxcy", "C2,domain,RedLine,RedlineStealer,stealer,triage", "0", "DonPasci"
"2025-08-29 18:00:35", "1577738", "mauasas35safael5.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250829-ttdxcsyqt7", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-08-29 18:00:34", "1577735", "mauasas35safael2.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250829-ttdxcsyqt7", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-08-29 18:00:34", "1577736", "mauasas35safael3.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250829-ttdxcsyqt7", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-08-29 18:00:34", "1577737", "mauasas35safael4.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250829-ttdxcsyqt7", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-08-29 18:00:33", "1577734", "mauasas35safael1.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-29 18:00:34", "100", "https://tria.ge/250829-ttdxcsyqt7", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-08-29 18:00:21", "1577732", "expected-sleeps.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250829-vrbvnav1g1", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-29 18:00:21", "1577733", "engineering-consensus.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250829-sxy62afl9y", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-29 18:00:20", "1577731", "lines-jordan.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-08-29 18:00:21", "100", "https://tria.ge/250829-we6pyagk7t", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-29 14:49:15", "1577701", "genuumc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-29 23:20:28", "100", "https://tria.ge/250829-m3dvdsvrt2", "c2,domain,Lumma,stealer,triage", "0", "DonPasci"
"2025-08-29 14:21:39", "1577678", "couturellin.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115111998021449477", "SmartApeSG", "0", "monitorsg"
"2025-08-29 14:21:37", "1577680", "humble-photo.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-29 12:15:08", "100", "https://infosec.exchange/@monitorsg/115111998021449477", "SmartApeSG", "0", "monitorsg"
"2025-08-29 14:21:37", "1577690", "app.montreallimousineservice.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2025-08-29 13:15:47", "100", "https://infosec.exchange/@monitorsg/115112218038599633", "SocGholish", "0", "monitorsg"
"2025-08-29 14:21:36", "1577695", "stats.pinaview.com", "domain", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "https://tria.ge/250829-qkpqqaxjt9/behavioral3", "None", "0", "burger"
"2025-08-29 14:21:36", "1577696", "track.pinaview.com", "domain", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "https://tria.ge/250829-qkpqqaxjt9/behavioral3", "None", "0", "burger"
"2025-08-29 14:21:35", "1577697", "mimyfai0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-29 13:41:36", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-29 14:21:31", "1577699", "diruroy2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-29 14:12:15", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-29 13:10:56", "1577691", "cavehuy5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-08-29 12:50:29", "1577687", "muma.91xs.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-30 02:49:17", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 12:50:20", "1577686", "c2.wifi.hypdncy.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-30 02:49:10", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 12:50:15", "1577685", "1311056882-lcqm122smr.ap-guangzhou.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-30 02:49:06", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 12:40:21", "1577684", "samyfiy2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-08-29 12:10:28", "1577676", "14.ae.voltexpressdelivery.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-30 00:10:43", "75", "None", "gtt/9,Vidar", "0", "abuse_ch"
"2025-08-29 12:09:38", "1577673", "vyjilua3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-08-29 12:01:59", "1577671", "tnuuu.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2025-08-29 12:01:59", "100", "https://tria.ge/250829-g8vr7sy1gt", "C2,domain,rat,triage,valleyrat", "0", "DonPasci"
"2025-08-29 12:01:16", "1577669", "app.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.161.209.117+app.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-08-29 12:00:20", "1577654", "fuckrat.store", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250829-kawtdstqt3", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-29 12:00:19", "1577653", "only-standing.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250829-nklyqawkz9", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-29 11:45:48", "1577649", "murphkirk.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds"
"2025-08-29 11:38:58", "1577647", "qegikua9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-08-29 11:03:13", "1577643", "tiwahyi6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-08-29 09:08:32", "1577636", "oneflof.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-29 23:20:28", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-08-29 09:08:32", "1577637", "epitherd.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-29 23:20:28", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-08-29 09:08:32", "1577638", "backab.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-29 23:20:28", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-08-29 09:08:31", "1577639", "eigwos.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-29 23:20:28", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-08-29 08:01:23", "1577618", "rs.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.161.209.117+rs.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-08-29 07:06:01", "1577596", "wblspc.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-08-29 06:42:07", "1576332", "es6featureshub.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch"
"2025-08-29 06:42:06", "1576326", "mityxyo4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 12:08:49", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-29 06:42:04", "1576333", "prototypechain.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch"
"2025-08-29 06:42:03", "1576334", "debuggingscripts.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch"
"2025-08-29 06:42:02", "1576335", "typescripttools.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch"
"2025-08-29 06:42:01", "1576340", "cudefoe9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 13:10:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-29 06:42:00", "1576336", "javascriptbasics.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch"
"2025-08-29 06:42:00", "1576337", "buvusio6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 12:45:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-29 06:41:59", "1576342", "files.taxibleapp.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2025-08-28 13:15:52", "100", "https://infosec.exchange/@monitorsg/115106557945032541", "SocGholish", "0", "monitorsg"
"2025-08-29 06:41:59", "1576343", "mql5.offers-special.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,m1m1c", "0", "HuntYethHounds"
"2025-08-29 06:41:58", "1576347", "mykutea4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 13:41:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-29 06:41:56", "1576351", "spider-wamp.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-28 14:02:16", "100", "None", "SmartApeSG", "0", "monitorsg"
"2025-08-29 06:41:55", "1576349", "linomu.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "None", "SmartApeSG", "0", "monitorsg"
"2025-08-29 06:41:52", "1576365", "freaks.icu", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "None", "0", "pitachu"
"2025-08-29 06:41:49", "1576367", "salvmps.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu"
"2025-08-29 06:41:49", "1576368", "saocloud.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:48", "1576376", "swrcfjlm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu"
"2025-08-29 06:41:46", "1576379", "nimdelcapital.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:45", "1576381", "proteamgroup.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-28 18:34:38", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:44", "1576386", "axiscx.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:43", "1576384", "qhost.ro", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:41", "1576387", "healthstation1.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:41", "1576389", "washerv.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-08-29 06:41:40", "1576390", "noggs.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-08-29 06:41:40", "1576391", "georgej.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz"
"2025-08-29 06:41:39", "1576392", "macusa.best", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:38", "1576395", "tadanohito.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:38", "1576396", "cloudflare-c9g.pages.dev", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:37", "1576397", "macnaved.pages.dev", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-28 19:14:43", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:37", "1576398", "cloudflarev-pfm.pages.dev", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:23", "1576400", "cloudverify-1ua.pages.dev", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:22", "1576401", "cloudfarev.pages.dev", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-08-29 06:41:21", "1576402", "ANIMAILSHEALTHYFOODSLINE.TOP", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "simplehelp", "0", "tanner"
"2025-08-29 06:41:19", "1576440", "susedey1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-29 06:41:18", "1576441", "tirohua7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-29 06:16:33", "1576723", "dugoreu2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam"
"2025-08-29 06:03:48", "1576722", "complete-youth.gl.at.ply.gg", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://tria.ge/250829-d946gssmv2", "C2,domain,neptunerat,rat,triage", "0", "DonPasci"
"2025-08-29 06:01:29", "1576721", "pepesigmarespect.servemp3.com", "domain", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://tria.ge/250829-dpyg7sysbv", "C2,domain,RedLine,RedlineStealer,stealer,triage", "0", "DonPasci"
"2025-08-29 06:00:38", "1576715", "62e993f98a75.ngrok-free.app", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250829-be7l1sej5x", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-08-29 06:00:38", "1576716", "connections.ignorelist.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250829-be7l1sej5x", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-08-29 06:00:38", "1576717", "grandoner.cloudns.pro", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250829-be7l1sej5x", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-08-29 06:00:37", "1576714", "testconnection.servemp3.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250829-be7l1sej5x", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-08-29 04:00:07", "1576676", "www.qinyue.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/154.12.26.73+www.qinyue.cc", "AS401696,C2,censys,COGNETCLOUD", "0", "dyingbreeds_"
"2025-08-28 23:10:24", "1576657", "2ch.im.versiononefinance.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-29 11:10:27", "75", "None", "gtt/9,Vidar", "0", "abuse_ch"
"2025-08-28 20:01:35", "1576433", "reklama.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-29 04:01:01", "100", "https://search.censys.io/hosts/185.161.209.117+reklama.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-08-28 18:00:15", "1576371", "g100cf.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250828-qnnyla11cy", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-28 18:00:14", "1576370", "linux-seminars.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250828-t7tjzatset", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-28 15:10:26", "1576357", "dru.x.fortisheritagebank.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-28 22:10:49", "75", "None", "gtt/9,Vidar", "0", "abuse_ch"
"2025-08-28 12:00:37", "1576322", "mierwos.loseyourip.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-28 12:00:37", "100", "https://tria.ge/250828-m5dmeazye1", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-08-28 12:00:35", "1576321", "morad.mywire.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-28 12:00:36", "100", "https://tria.ge/250828-m5dmeazye1", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-08-28 12:00:34", "1576320", "screenconecctserv.giize.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-28 12:00:35", "100", "https://tria.ge/250828-m5dmeazye1", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-08-28 11:44:13", "1576313", "hylyqoo2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 11:12:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 11:44:12", "1576315", "bawejai1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 11:37:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 10:46:38", "1576310", "rezufaa4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 09:39:57", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 10:46:37", "1576312", "vajigiy7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 10:20:57", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 09:24:13", "1576308", "myqareu9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 08:53:47", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 09:24:12", "1576309", "hovopuy9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 09:09:10", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 08:02:13", "1576300", "rubalyi3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 07:39:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 08:00:48", "1576305", "dev.cukurukuk.fun", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-29 04:00:36", "100", "https://search.censys.io/hosts/103.235.75.42+dev.cukurukuk.fun", "AS135444,C2,censys,Havoc,IDNIC-IKUBARU-AS-ID", "0", "DonPasci"
"2025-08-28 07:28:18", "1576296", "pcx.h.fortisheritagebank.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-28 14:10:50", "100", "", "Vidar", "0", "crep1x"
"2025-08-28 07:27:07", "1576288", "maxoxio6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 07:18:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 07:21:14", "1576291", "carowf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-28 17:43:57", "100", "https://tria.ge/250828-fpkmfsbq31", "c2,domain,lumma,stealer,triage", "0", "DonPasci"
"2025-08-28 07:20:17", "1576290", "ebalazhabagadyku.icu", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250828-e3spjs1qy5", "c2,domain,stealc,stealer,triage", "0", "DonPasci"
"2025-08-28 06:56:37", "1576283", "JYNX404-53109.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots"
"2025-08-28 06:56:37", "1576284", "engine-decide.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots"
"2025-08-28 06:54:45", "1576277", "www.y488.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:45", "1576278", "www.ybx64y.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:45", "1576279", "www.zjiaqi.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576255", "www.renagames.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576256", "www.rhalten.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576257", "www.rhamoutreach.center", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576258", "www.rr01h.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576259", "www.rysimpson-judgeteam.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576260", "www.sbxn0.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576261", "www.spgo2.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576262", "www.spiringhopetherapy.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576263", "www.svsku.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576264", "www.telierprive.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576265", "www.terators-harmful.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576266", "www.tonano.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576267", "www.touvl.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576268", "www.trckt.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576269", "www.utch-lessons-utrecht.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576270", "www.utiara88slot.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576271", "www.v9.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576272", "www.vemaci.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576273", "www.vetxiu.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576274", "www.vixmedical.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576275", "www.xoyopa.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:44", "1576276", "www.xrdj6.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576232", "www.nviodigiitaalmail.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576233", "www.nviodigitalbox.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576234", "www.o-tci.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576235", "www.oinlivegoodbusiness.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576236", "www.okhaus.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576237", "www.oldsmitglass.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576238", "www.olimit4.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576239", "www.omcafe.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576240", "www.op-lottery.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576241", "www.oto.africa", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576242", "www.ourbon.beer", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576243", "www.overed-terrace-12433.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576244", "www.peneochub.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576245", "www.pentomorrow-team.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576246", "www.pi0wp.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576247", "www.pitegromab.lat", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576248", "www.plta.app", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576249", "www.poe154.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576250", "www.psrn.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576251", "www.pyd290.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576252", "www.rankie-shop.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576253", "www.ranscooter.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:43", "1576254", "www.readepagamentodocliente.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576211", "www.hyd309.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576212", "www.ian450.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576213", "www.iaurro.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576214", "www.iendaneba.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576215", "www.ij300.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576216", "www.ingfengyun.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576217", "www.inoro.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576218", "www.intechwizard.cloud", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576219", "www.iq0wh.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576220", "www.ir-condition-56201.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576221", "www.irtrghhgfgerd.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576222", "www.j-guiapg.win", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576223", "www.j-turismopg.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576224", "www.jyjmm.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576225", "www.lackheads-treatment-54469.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576226", "www.lassicaluxe.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576227", "www.layclub-win.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576228", "www.lobalschoolfinder.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576229", "www.loo-meet.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576230", "www.nglish-class-in12.today", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:42", "1576231", "www.nline-dating-90203.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576188", "www.e944.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576189", "www.ealmworld563.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576190", "www.ecordsuspension.services", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576191", "www.eds-bz.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576192", "www.eet-new-people-35202.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576193", "www.eet-new-people-42361.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576194", "www.eeyee.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576195", "www.elegcpnm.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576196", "www.ellogreentechproducts.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576197", "www.encentvxug.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576198", "www.enviodoocorreio.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576199", "www.ergki.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576200", "www.et-simpson-judgehq.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576201", "www.ewelry-39148.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576202", "www.eylonesports.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576203", "www.fhtre.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576204", "www.fxk6i.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576205", "www.g8.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576206", "www.gbrfvedc556.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576207", "www.gyl.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576208", "www.hopluxurys.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576209", "www.hoppers.bet", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:41", "1576210", "www.hy-is-tiktok-back.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576167", "www.8622.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576168", "www.8j08o.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576169", "www.956.ceo", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576170", "www.a-lumiosa.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576171", "www.ampiq.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576172", "www.ands.services", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576173", "www.anfa.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576174", "www.angfuji.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576175", "www.arkinsons-treatment-15707.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576176", "www.arshaastore.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576177", "www.artadecondutorjunho.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576178", "www.aser-hair-removal-dje.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576179", "www.asorobles.pizza", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576180", "www.attcursor.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576181", "www.avddk.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576182", "www.b811.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576183", "www.c0679.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576184", "www.c4509.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576185", "www.c4821.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576186", "www.ceberg.black", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:40", "1576187", "www.deacloud.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576154", "www.1e1ff22.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576155", "www.1sosq.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576156", "www.1vwud.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576157", "www.24d9b8e.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576158", "www.2yxp0.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576159", "www.30cc.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576160", "www.3sao.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576161", "www.3x.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576162", "www.400forestwood.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576163", "www.55501.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576164", "www.6417968.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576165", "www.73102.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:54:39", "1576166", "www.849n7the.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-28 06:53:45", "1576023", "scorpionvirus.duckdns.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots"
"2025-08-28 06:46:41", "1575901", "fkyhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch"
"2025-08-28 06:46:40", "1575900", "yfvlive.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch"
"2025-08-28 06:42:14", "1575892", "careoaz.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise", "0", "abuse_ch"
"2025-08-28 06:00:57", "1575885", "scambaiting001-34039.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250828-eqfjfsbk4v", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-08-28 06:00:21", "1575884", "cbzr-98pq1.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250828-akm9wszkz3", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-08-28 05:47:45", "1575563", "quickomat.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds"
"2025-08-28 05:47:45", "1575564", "lyjydau5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-27 19:37:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:43", "1575589", "savenay2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-27 21:55:47", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:42", "1575881", "zeniqaa7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:41", "1575880", "sipejou7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:40", "1575882", "dodiquy0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-28 06:11:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:33", "1575583", "gytovao5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-27 20:38:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:33", "1575588", "jiriwia8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-27 21:14:22", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:32", "1575592", "dedyhao2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:32", "1575593", "bitxps.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872"
"2025-08-28 05:47:31", "1575594", "repottenfuc.fun", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872"
"2025-08-28 05:47:30", "1575595", "fractux.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872"
"2025-08-28 05:47:30", "1575596", "macropoffen.fun", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872"
"2025-08-28 05:47:29", "1575817", "wevolyo4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:24", "1575825", "jakacea2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:23", "1575844", "wajinye8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:23", "1575848", "wofehoo0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 05:47:09", "1575559", "qunohei5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-27 19:16:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-08-28 04:00:38", "1575862", "ec2-54-66-50-36.ap-southeast-2.compute.amazonaws.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-28 04:00:48", "100", "https://search.censys.io/hosts/54.66.50.36+ec2-54-66-50-36.ap-southeast-2.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys", "0", "dyingbreeds_"
"2025-08-28 04:00:09", "1575853", "hippopotamusyou.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/83.147.241.10+hippopotamusyou.site", "AS4213,C2,censys,EVOCATIVE-GLOBAL", "0", "dyingbreeds_"
"2025-08-28 04:00:09", "1575854", "processingfile.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/83.147.241.10+processingfile.com", "AS4213,C2,censys,EVOCATIVE-GLOBAL", "0", "dyingbreeds_"
"2025-08-28 04:00:08", "1575851", "pan.xinzyun.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/45.207.193.76+pan.xinzyun.cn", "AS401696,C2,censys,COGNETCLOUD", "0", "dyingbreeds_"
"2025-08-28 04:00:07", "1575850", "screened.autoinsurecare.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/173.254.201.23+screened.autoinsurecare.com", "AS-COLOCROSSING,AS36352,C2,censys", "0", "dyingbreeds_"
# Number of entries: 295