################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2024-12-04 17:05:52 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2024-12-04 17:05:52", "1352157", "sha-mara.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "dyingbreeds_" "2024-12-04 17:05:50", "1352163", "kemrox.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "75", "", "LandUpdate808", "0", "HuntYethHounds" "2024-12-04 17:05:50", "1352162", "chronicsmovie.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "dyingbreeds_" "2024-12-04 16:37:40", "1352152", "moneyluckwork.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "", "RAT,Remcos", "0", "nickkuechel" "2024-12-04 16:37:40", "1352151", "moneyluck.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "", "RAT,Remcos", "0", "nickkuechel" "2024-12-04 16:36:03", "1352150", "stipamana.com", "domain", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "2024-12-04 21:36:03", "50", "https://tracker.viriback.com/index.php?q=stipamana.com", "Lokibot,ViriBack", "0", "abuse_ch" "2024-12-04 14:03:45", "1352127", "renqidm.info", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2024-12-04 13:41:51", "1352123", "wavec2.joaophillip.dev", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "None", "Mirai", "0", "elfdigest" "2024-12-04 13:05:21", "1352116", "xoomep1.com", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://securelist.com/horns-n-hooves-campaign-delivering-netsupport-rat/114740/", "c2,netsupport", "0", "juroots" "2024-12-04 13:05:20", "1352117", "xoomep2.com", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://securelist.com/horns-n-hooves-campaign-delivering-netsupport-rat/114740/", "c2,netsupport", "0", "juroots" "2024-12-04 13:05:19", "1352118", "labudanka2.com", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://securelist.com/horns-n-hooves-campaign-delivering-netsupport-rat/114740/", "c2,netsupport", "0", "juroots" "2024-12-04 13:05:18", "1352119", "gribidi2.com", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://securelist.com/horns-n-hooves-campaign-delivering-netsupport-rat/114740/", "c2,netsupport", "0", "juroots" "2024-12-04 13:05:17", "1352120", "www.stipamana.com", "domain", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "None", "infostealer,lokibot,stealer", "0", "SarlackLab" "2024-12-04 11:55:07", "1352090", "secure1-imnotionshosting.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2024-12-04 11:55:06", "1352093", "load.webdatahoster.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2024-12-04 11:55:05", "1352097", "k358a192.ala.dedicated.aws.emqxcloud.com", "domain", "botnet_cc", "apk.copybara", "None", "Copybara", "", "49", "https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation", "None", "0", "johannes" "2024-12-04 11:55:05", "1352096", "dr0id.best", "domain", "botnet_cc", "apk.copybara", "None", "Copybara", "", "49", "https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation", "None", "0", "johannes" "2024-12-04 11:55:03", "1352098", "ie721f2d.ala.dedicated.aws.emqxcloud.com", "domain", "botnet_cc", "apk.copybara", "None", "Copybara", "", "49", "https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation", "None", "0", "johannes" "2024-12-04 10:00:20", "1352081", "blackshelter.org", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2024-12-04 09:54:36", "1352084", "nfcgov.com", "domain", "payload_delivery", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "", "100", "", "BumbleBee", "0", "abuse_ch" "2024-12-04 09:54:36", "1352083", "flagsair.com", "domain", "payload_delivery", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "", "100", "", "BumbleBee", "0", "abuse_ch" "2024-12-04 09:54:36", "1352082", "fileoutput.pro", "domain", "payload_delivery", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "", "100", "", "BumbleBee", "0", "abuse_ch" "2024-12-04 05:30:49", "1351948", "kresk.lol", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2024-12-04 08:22:59", "100", "", "c2,vidar", "0", "Lars" "2024-12-04 05:02:06", "1352034", "rt.mod0.ch", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/212.51.144.128+rt.mod0.ch", "AS13030,C2,censys,INIT7", "0", "dyingbreeds_" "2024-12-04 05:02:06", "1352035", "sleepy-khorana.193-239-86-216.plesk.page", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/193.239.86.216+sleepy-khorana.193-239-86-216.plesk.page", "AS9009,C2,censys,M247", "0", "dyingbreeds_" "2024-12-03 20:50:50", "1351923", "browser.crsdorg.in", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/64.227.157.239+browser.crsdorg.in", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2024-12-03 20:50:49", "1351921", "xn--noo-k5y.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/64.227.157.239+xn--noo-k5y.com", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2024-12-03 19:13:56", "1351879", "www.yijie.ltd", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-12-04 12:15:49", "100", "https://search.censys.io/hosts/149.88.69.43+www.yijie.ltd", "AS142032,C2,censys", "0", "dyingbreeds_" "2024-12-03 19:13:55", "1351877", "touduanyiyuan.bugmakerx.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-12-04 12:15:12", "100", "https://search.censys.io/hosts/110.42.14.112+touduanyiyuan.bugmakerx.cn", "AS136188,C2,censys", "0", "dyingbreeds_" "2024-12-03 18:57:10", "1351719", "pescador.twoko.io", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.67.197.197+pescador.twoko.io", "AS13335,censys,CLOUDFLARENET,EvilGoPhish,Phishing", "0", "dyingbreeds_" "2024-12-03 18:57:08", "1351722", "syn-172-251-171-170.res.spectrum.com", "domain", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "100", "https://search.censys.io/hosts/172.251.171.170+syn-172-251-171-170.res.spectrum.com", "AS20001,C2,censys,TWC-20001-PACWEST", "0", "dyingbreeds_" "2024-12-03 18:57:06", "1351723", "device-8e8a8c59-8567-48dc-b3fe-d803dce6494e.remotewd.com", "domain", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "100", "https://search.censys.io/hosts/86.98.18.122+device-8e8a8c59-8567-48dc-b3fe-d803dce6494e.remotewd.com", "AS5384,C2,censys", "0", "dyingbreeds_" "2024-12-03 18:57:04", "1351756", "webapi.w.cloudns.ph", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-12-04 12:15:02", "100", "https://search.censys.io/hosts/154.83.95.101+webapi.w.cloudns.ph", "AS61112,C2,censys", "0", "dyingbreeds_" "2024-12-03 18:57:03", "1351727", "ss.eesyodhhc.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-12-04 12:14:47", "100", "https://search.censys.io/hosts/154.83.95.101+ss.eesyodhhc.top", "AS61112,C2,censys", "0", "dyingbreeds_" "2024-12-03 18:56:16", "1351768", "pizza.net-v2-status.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.138.174.114+pizza.net-v2-status.net", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "dyingbreeds_" "2024-12-03 18:12:10", "1351876", "elite-api.su", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "censys,fbi.gov,mirai,MooBot", "0", "NDA0E" "2024-12-03 18:11:53", "1351875", "fr.elite-api.su", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://urlhaus.abuse.ch/host/80.76.51.45/", "censys,fbi.gov,mirai,moobot", "0", "NDA0E" "2024-12-03 14:28:20", "1351848", "q8ds.net", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113589316126095372", "SmartApeSG", "0", "monitorsg" "2024-12-03 14:21:46", "1351852", "www.oleonidas.gr", "domain", "payload_delivery", "win.purecrypter", "None", "PureCrypter", "", "100", "https://urlhaus.abuse.ch/host/www.oleonidas.gr/", "compromised,PureCrypter,QuasarRAT", "0", "NDA0E" "2024-12-03 11:14:24", "1351819", "cities-constraints.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-12-03 06:59:27", "1351805", "rechnungsportal.sbs", "domain", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://urlhaus.abuse.ch/url/3318248/", "CHE,geo,LummaStealer", "0", "abuse_ch" "2024-12-03 06:11:03", "1351729", "ggstor.shop", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2024-12-03 08:04:43", "100", "", "c2,vidar", "0", "Lars" "2024-12-03 06:10:51", "1351744", "dvlref.online", "domain", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "None", "infostealer,lokibot,stealer", "0", "SarlackLab" "2024-12-03 06:10:50", "1351747", "haxorbaba.duckdns.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-12-03 06:10:46", "1351750", "loans-hamburg.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-12-03 06:10:46", "1351748", "lemon.geoiplookup.live", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-12-03 06:10:45", "1351752", "cnet-contracting.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" # Number of entries: 47