################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2025-03-25 00:03:09 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-03-25 00:03:09", "1458419", "mail.b.ora-0-web.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+mail.b.ora-0-web.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-25 00:03:09", "1458420", "webdisk.aaa.104-168-101-27.cprapid.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+webdisk.aaa.104-168-101-27.cprapid.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-25 00:03:09", "1458421", "cpanel.ora-0-web.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpanel.ora-0-web.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-25 00:03:08", "1458417", "cpcontacts.aaa.104-168-101-27.cprapid.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpcontacts.aaa.104-168-101-27.cprapid.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-25 00:03:08", "1458418", "cpanel.a.multi-canale.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpanel.a.multi-canale.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-24 21:11:57", "1458396", "bosstan027.beget.tech", "domain", "botnet_cc", "apk.anubis", "BankBot,android.bankbot,android.bankspy", "Anubis", "", "50", "", "anubis,c2", "0", "juroots" "2025-03-24 21:11:57", "1458397", "hawus.net", "domain", "botnet_cc", "apk.anubis", "BankBot,android.bankbot,android.bankspy", "Anubis", "", "50", "", "anubis,c2", "0", "juroots" "2025-03-24 21:11:57", "1458398", "tryagain.beget.tech", "domain", "botnet_cc", "apk.anubis", "BankBot,android.bankbot,android.bankspy", "Anubis", "", "50", "", "anubis,c2", "0", "juroots" "2025-03-24 20:53:07", "1458370", "www.sorelshopitalia.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458371", "www.stranded.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458372", "www.surfboard-quarterly.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458373", "www.synchroport.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458374", "www.takeactionphysio.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458375", "www.taradiary.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458376", "www.thefriendsofmaryc.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458377", "www.thereseraulin.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458378", "www.thespiritualabolitionist.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458379", "www.thetruediversity.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458380", "www.towstate.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458381", "www.usjiikay.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458382", "www.wedividebyzero.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458383", "www.wilmington.guide", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458384", "www.wisheskennel.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458385", "www.xdlbiyj.icu", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:07", "1458386", "www.xinmotlanchet.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458348", "www.jlxrzz.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458349", "www.jutuiess.site", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458350", "www.juventudvq.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458351", "www.kamiapp.today", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458352", "www.losangeleslandscapedesigner.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458353", "www.mamentos.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458354", "www.meditationmateau.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458355", "www.meridianconversation.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458356", "www.meunegocioonlineoficial.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458357", "www.minnesotaunited.club", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458358", "www.mojhawaii.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458359", "www.monologuestudios.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458360", "www.myworldtwentyfourseven.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458361", "www.northacai.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458362", "www.nothingbeatsagreatstory.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458363", "www.pleasingpleasure.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458364", "www.qianwanshang.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458365", "www.querooo.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458366", "www.relliant-rehab.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458367", "www.shoppret.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458368", "www.sitokatachinhhang.club", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:06", "1458369", "www.sohbetegelin.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458328", "www.bolezi21.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458329", "www.bosphorusorthopedics.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458330", "www.bussinktransport.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458331", "www.content-trip.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458332", "www.coraltechnologygroup.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458333", "www.designantageuk.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458334", "www.emerald-creative.co.uk", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458335", "www.equityinengineering.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458336", "www.eurokidscreative.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458337", "www.exm-dronesecurity.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458338", "www.fiathfirst.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458339", "www.finskills.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458340", "www.firstamm.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458341", "www.floridapremierestates.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458342", "www.foodloversdirect.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458343", "www.frenchtogether.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458344", "www.guoyijidian.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458345", "www.ilhadeitaparicatem.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458346", "www.intelligentinvestingtoday.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:05", "1458347", "www.jjm68.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:04", "1458322", "www.5sguy.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:04", "1458323", "www.agroproducts.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:04", "1458324", "www.ahmadhidayah.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:04", "1458325", "www.atomoffice.asia", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:04", "1458326", "www.bentrecfs.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:53:04", "1458327", "www.beyondsauerkraut.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 20:31:13", "1458253", "artillerygr.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://www.virustotal.com/gui/domain/artillerygr.shop", "c2,domain,lumma,VirusTotal", "0", "DonPasci" "2025-03-24 20:30:29", "1458252", "a1106670.xsph.ru", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://www.virustotal.com/gui/domain/a1106670.xsph.ru", "c2,domain,rat,VirusTotal", "0", "DonPasci" "2025-03-24 20:30:28", "1458251", "20789cm.darkproducts.ru", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://www.virustotal.com/gui/domain/20789cm.darkproducts.ru", "c2,domain,rat,VirusTotal", "0", "DonPasci" "2025-03-24 20:30:27", "1458250", "cr32765.tw1.ru", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://www.virustotal.com/gui/domain/cr32765.tw1.ru", "c2,domain,rat,VirusTotal", "0", "DonPasci" "2025-03-24 20:03:10", "1458247", "sjekk-min-id.info", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+sjekk-min-id.info", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-24 20:02:50", "1458244", "login.klogixsecurity.org", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/173.237.206.178+login.klogixsecurity.org", "AS26527,C2,censys,Havoc,LIGHTWAVE-NETWORKS", "0", "DonPasci" "2025-03-24 18:53:53", "1458235", "wccdefense.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114218751861775561", "KongTuke", "0", "monitorsg" "2025-03-24 16:53:51", "1458230", "ns2.chedn.shop", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-24 16:53:48", "1458228", "ns03.starhubb.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-24 16:53:48", "1458229", "ns1.chedn.shop", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-24 16:53:47", "1458226", "ns01.cl0udflark.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-24 16:53:47", "1458227", "ns02.micr0hard.click", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-24 16:24:07", "1458225", "ma-babes.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-03-24 15:36:58", "1457881", "pdmfg.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114218025169590636", "KongTuke", "0", "monitorsg" "2025-03-24 15:36:57", "1457901", "windows-cam.casacam.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/88.209.248.141+windows-cam.casacam.net", "AS215567,C2,censys,NETVAY,RAT", "0", "redrabytes" "2025-03-24 15:36:57", "1457902", "familyfriend.dynu.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/157.20.182.8+familyfriend.dynu.net", "AS152485,C2,censys,RAT", "0", "redrabytes" "2025-03-24 15:36:55", "1458173", "files.cloudconnect-auth0.top", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/176.65.141.187+files.cloudconnect-auth0.top", "AS215240,C2,censys,Hookbot,NETRESEARCH", "0", "redrabytes" "2025-03-24 15:36:53", "1458170", "172-105-27-15.ip.linodeusercontent.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.105.27.15+172-105-27-15.ip.linodeusercontent.com", "AS63949,C2,censys,Mythic", "0", "redrabytes" "2025-03-24 15:36:52", "1458198", "ip93.ip-178-32-113.eu", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/178.32.113.93+ip93.ip-178-32-113.eu", "AS16276,C2,censys,OVH", "0", "redrabytes" "2025-03-24 15:36:51", "1458202", "okta.microsoft-onedrive.upgrade1.zip", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/209.74.66.221+okta.microsoft-onedrive.upgrade1.zip", "AS22612,C2,censys,NAMECHEAP-NET", "0", "redrabytes" "2025-03-24 15:36:51", "1458204", "ok.microsoft-onedrive.upgrade1.zip", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/209.74.66.221+ok.microsoft-onedrive.upgrade1.zip", "AS22612,C2,censys,NAMECHEAP-NET", "0", "redrabytes" "2025-03-24 15:36:50", "1458203", "res.microsoft-onedrive.upgrade1.zip", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/209.74.66.221+res.microsoft-onedrive.upgrade1.zip", "AS22612,C2,censys,NAMECHEAP-NET", "0", "redrabytes" "2025-03-24 15:36:50", "1458205", "gui.microsoft-onedrive.upgrade1.zip", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/209.74.66.221+gui.microsoft-onedrive.upgrade1.zip", "AS22612,C2,censys,NAMECHEAP-NET", "0", "redrabytes" "2025-03-24 15:36:49", "1458208", "shortzy.ink", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/104.21.63.172+shortzy.ink", "AS13335,C2,censys,CLOUDFLARENET,Unam", "0", "redrabytes" "2025-03-24 15:36:49", "1458209", "maxnet.top", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/51.178.92.192+maxnet.top", "AS16276,C2,censys,OVH,Unam", "0", "redrabytes" "2025-03-24 15:26:33", "1458199", "kinggggg123212-33699.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-24 15:26:33", "1458200", "monhostip.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-24 15:26:33", "1458201", "test131-50314.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-24 15:26:01", "1458197", "bz-fnd3.ydns.eu", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-03-24 15:25:25", "1458183", "tfhoahegue.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-03-24 15:25:25", "1458184", "xfhoahegue.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-03-24 15:25:25", "1458185", "xfhoahegue.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-03-24 15:25:24", "1458176", "afhoahegue.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-03-24 15:25:24", "1458177", "afhoahegue.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-03-24 15:25:24", "1458178", "efhoahegue.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-03-24 15:25:24", "1458179", "efhoahegue.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-03-24 15:25:24", "1458180", "rfhoahegue.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-03-24 15:25:24", "1458181", "rfhoahegue.su", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-03-24 15:25:24", "1458182", "tfhoahegue.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-03-24 15:24:54", "1458174", "approach-trembl.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots" "2025-03-24 15:24:54", "1458175", "september-idol.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots" "2025-03-24 15:24:36", "1458171", "bot.dstats.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-03-24 15:23:48", "1458163", "bilighbohooll.ru", "domain", "botnet_cc", "win.hancitor", "Chanitor", "Hancitor", "", "50", "", "c2,hancitor", "0", "juroots" "2025-03-24 15:23:48", "1458164", "eummentur.ru", "domain", "botnet_cc", "win.hancitor", "Chanitor", "Hancitor", "", "50", "", "c2,hancitor", "0", "juroots" "2025-03-24 15:23:48", "1458165", "lielftworiss.com", "domain", "botnet_cc", "win.hancitor", "Chanitor", "Hancitor", "", "50", "", "c2,hancitor", "0", "juroots" "2025-03-24 15:23:21", "1458150", "www.travelbackpackss.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:21", "1458151", "www.unempioymentpua.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:21", "1458152", "www.used-cars-58225.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:21", "1458153", "www.vdmo070.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:21", "1458154", "www.vegbydesign.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:21", "1458155", "www.vspectra.site", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:21", "1458156", "www.wcaconline.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:21", "1458157", "www.wevertexinc.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:21", "1458158", "www.window-replacement-60891.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:21", "1458159", "www.work-abroad-30072.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:21", "1458160", "www.yiugf.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:21", "1458161", "www.zorahthyart.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458136", "www.senashop.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458137", "www.sloppyasians.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458138", "www.smartphonesusapan.today", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458139", "www.smile88.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458140", "www.solar-generator-52678.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458141", "www.solar-systems-panels-44596.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458142", "www.stratcte.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458143", "www.strictlyotaku.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458144", "www.su-seikatu.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458145", "www.texasrefinances.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458146", "www.thelittleredcraftshack.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458147", "www.tiktokmart.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458148", "www.tilania.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:20", "1458149", "www.tp11okebet303.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458122", "www.paradisepsychotherapy.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458123", "www.pawchamamapet.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458124", "www.pelikansubelesindeindirim.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458125", "www.pilotsugardaddys.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458126", "www.prestigehometransformations.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458127", "www.protypepuggedpumpers.cloud", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458128", "www.reapen.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458129", "www.relaynext.services", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458130", "www.rocket178click.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458131", "www.rolexoff-watch.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458132", "www.russtybeats.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458133", "www.sanctitude-cuspidated.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458134", "www.securityacadamy.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:19", "1458135", "www.sellmyhouseolympia.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458106", "www.media-cruise.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458107", "www.mommabearmoney.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458108", "www.monitoring-devices-79097.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458109", "www.mothersofmatriarchy.club", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458110", "www.moutonneuropenihal.cloud", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458111", "www.mybabysisterscloset.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458112", "www.mysteryblack.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458113", "www.ninetofivemama.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458114", "www.nissicloud.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458115", "www.niulorge.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458116", "www.nursing-services-sa.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458117", "www.office-space-26524.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458118", "www.oggetto.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458119", "www.online-advertising-64131.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458120", "www.online-advertising-96907.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:18", "1458121", "www.online-dating-10276.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458093", "www.kissmanga.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458094", "www.klub8.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458095", "www.lailraw.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458096", "www.lakewoodcharity.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458097", "www.lilyamore.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458098", "www.llink.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458099", "www.loan-stalemate.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458100", "www.lolydelapan.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458101", "www.loud-media.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458102", "www.lowdownlocal.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458103", "www.lyfgyjxt.world", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458104", "www.manhe3.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:17", "1458105", "www.mechaf.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458080", "www.helniu.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458081", "www.hiv-treatment-21144.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458082", "www.home-renovation-68987.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458083", "www.innerworkshops.love", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458084", "www.interstateimaging.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458085", "www.invest-eight.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458086", "www.iran09.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458087", "www.it-jobs-11489.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458088", "www.jedzeniomat.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458089", "www.jiangbozhibo.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458090", "www.k978-k2bsp-mr.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458091", "www.kayabrands.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:16", "1458092", "www.kforkidz.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458066", "www.eratosantorini.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458067", "www.essenciamoderna.store", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458068", "www.essisoasesorias.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458069", "www.ethgirls.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458070", "www.fitdad.fitness", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458071", "www.forbrighterlife.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458072", "www.furniture-76263.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458073", "www.gamefislot.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458074", "www.gamepixel.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458075", "www.gempharmatechllc.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458076", "www.grooming-gigi.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458077", "www.halsmart.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458078", "www.hatiyhgsnterahs.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:15", "1458079", "www.hellogringa.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458053", "www.cleanerkitchen-shop.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458054", "www.cleaning-services-99433.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458055", "www.cremation-services-63446.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458056", "www.danielortega.dev", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458057", "www.danmerinc.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458058", "www.deariededradekker.cloud", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458059", "www.delishany.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458060", "www.dibayadk.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458061", "www.dichvubangchuan.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458062", "www.dichvuviplike.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458063", "www.dutchesspistolpermit.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458064", "www.egplek.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:14", "1458065", "www.emerm.autos", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458040", "www.ao-m-nishinomiya.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458041", "www.appalachianfx.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458042", "www.appalachiangunrange.club", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458043", "www.appkanal-web.biz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458044", "www.aralending.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458045", "www.atmo.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458046", "www.bgocni.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458047", "www.bigiproperty.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458048", "www.brandsincart.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458049", "www.brazil920.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458050", "www.cas100.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458051", "www.casino-x-official-of6096.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:13", "1458052", "www.cfa-cuu.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:12", "1458033", "www.26166.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:12", "1458034", "www.583846.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:12", "1458035", "www.affiliate-marketing-82505.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:12", "1458036", "www.age-spot-treatment-89993.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:12", "1458037", "www.anahita-nl2.rest", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:12", "1458038", "www.anchorage-diels.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 15:23:12", "1458039", "www.ansomwareagile.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 12:54:06", "1457871", "api-pyciglnrcf.cn-beijing.fcapp.run", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-24 12:32:33", "1457865", "dukasbecomeagreatpersonwhowantotbecomegreatnessfor.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "", "RAT,RemcosRAT", "0", "abuse_ch" "2025-03-24 12:03:13", "1457860", "cpanel.webprocediweb.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpanel.webprocediweb.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-24 12:03:12", "1457858", "autodiscover.webprocediweb.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+autodiscover.webprocediweb.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-24 11:46:30", "1457846", "cometaxk.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-03-24 11:21:12", "1457845", "idonetire.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://bazaar.abuse.ch/sample/5b7c236f1274f47f8ad66cf238dc5602155ca5e10bc3de905b68ae06843cb768/", "RAT,RemcosRAT", "0", "abuse_ch" "2025-03-24 09:58:43", "1457828", "d3b79f13.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457829", "d3b79f13.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457830", "d3b79f13.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457831", "d3b79f13.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457832", "d79046bd.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457833", "d79046bd.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457834", "d79046bd.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457835", "d79046bd.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457836", "db49f51f.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457837", "db49f51f.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457838", "db49f51f.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457839", "db49f51f.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457840", "fa2b8b86.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457841", "fa2b8b86.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457842", "fa2b8b86.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:43", "1457843", "fa2b8b86.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457810", "9e8fae09.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457811", "9e8fae09.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457812", "b170e747.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457813", "b170e747.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457814", "b170e747.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457815", "b170e747.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457816", "bc0324ae.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457817", "bc0324ae.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457818", "bc0324ae.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457819", "bc0324ae.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457820", "bfd8690b.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457821", "bfd8690b.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457822", "bfd8690b.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457823", "bfd8690b.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457824", "d27ef8b8.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457825", "d27ef8b8.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457826", "d27ef8b8.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:42", "1457827", "d27ef8b8.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457791", "791688a4.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457792", "80ce6519.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457793", "80ce6519.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457794", "80ce6519.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457795", "80ce6519.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457796", "9203ebc7.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457797", "9203ebc7.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457798", "9203ebc7.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457799", "9203ebc7.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457800", "9243e231.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457801", "9243e231.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457802", "9243e231.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457803", "9243e231.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457804", "942a8b18.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457805", "942a8b18.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457806", "942a8b18.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457807", "942a8b18.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457808", "9e8fae09.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:41", "1457809", "9e8fae09.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457774", "4ad74aab.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457775", "4ad74aab.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457776", "4e577395.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457777", "4e577395.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457778", "4e577395.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457779", "4e577395.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457780", "54f484f2.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457781", "54f484f2.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457782", "54f484f2.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457783", "54f484f2.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457784", "6e93d646.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457785", "6e93d646.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457786", "6e93d646.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457787", "6e93d646.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457788", "791688a4.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457789", "791688a4.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:40", "1457790", "791688a4.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:39", "1457764", "27dd67e8.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:39", "1457765", "27dd67e8.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:39", "1457766", "27dd67e8.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:39", "1457767", "27dd67e8.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:39", "1457768", "2d89e015.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:39", "1457769", "2d89e015.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:39", "1457770", "2d89e015.sbs", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:39", "1457771", "2d89e015.xyz", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:39", "1457772", "4ad74aab.biz.ua", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 09:58:39", "1457773", "4ad74aab.cfd", "domain", "botnet_cc", "js.darkwatchman", "None", "DarkWatchman", "", "100", "", "DarkWatchman", "0", "abuse_ch" "2025-03-24 08:03:22", "1457746", "cpcontacts.a.ora-0-web.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpcontacts.a.ora-0-web.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-24 08:03:22", "1457747", "webmail.multi-canale.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+webmail.multi-canale.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-24 08:03:07", "1457744", "travielup.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-03-24 07:52:20", "1457724", "escapoly.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-03-24 07:08:10", "1457719", "language-lose.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-24 07:08:10", "1457720", "makes-tonight.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-24 07:08:10", "1457721", "sell-doctor.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-24 07:08:10", "1457722", "smegmamuncher.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-24 07:07:28", "1457651", "whentime12.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:28", "1457652", "xn--gdask-y7a.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:28", "1457653", "xzaztlrl.icu", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457638", "roechling-roding.run", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457639", "ruffstuffstore.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457640", "sajjaddeveloper.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457641", "sewythingy.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457642", "shopjrock.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457643", "stockandbarrell.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457644", "sweetsasu.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457645", "tatsunoichie.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457646", "tdmmk.site", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457647", "tesla-commercio.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457648", "tiedcaps.rest", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457649", "tncnn.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:27", "1457650", "trephone.art", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457625", "modernhomeskitchen.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457626", "monnetier-mornex.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457627", "mosterth.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457628", "mousybusiness.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457629", "nationalreturnday.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457630", "neotactic.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457631", "nocreditcarswestpalm.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457632", "orchid-iris.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457633", "owner.codes", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457634", "packorganically.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457635", "penislandbrews.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457636", "prandartsagency.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:26", "1457637", "riquimbilis.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457611", "fjweiwang.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457612", "free-outlet.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457613", "friendsofhersheypa.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457614", "greaterdiabetes.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457615", "helptechservices.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457616", "hjscinc.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457617", "idealgaysex.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457618", "justincook.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457619", "latinaexpres.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457620", "mail-businessprinting.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457621", "make-trends.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457622", "mckarthylabscoe.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457623", "mcwildwest.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:25", "1457624", "mercyvh.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457596", "aplustd.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457597", "artofsapna.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457598", "bcheaptvwd.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457599", "beauskitchen.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457600", "breakfastcandy.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457601", "caffeinatedmamasblog.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457602", "candleish.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457603", "comminterbusiness.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457604", "crispcleanbodyrituals.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457605", "dentonparalegals.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457606", "devitasaude.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457607", "downlooader.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457608", "dreammakeloja.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457609", "erraticer.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:24", "1457610", "evokingcalm.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:23", "1457591", "43414newportdr.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:23", "1457592", "78kanshu.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:23", "1457593", "aloharecords.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:23", "1457594", "amazonprim8.art", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:07:23", "1457595", "amq-studio.com", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-24 07:06:45", "1457590", "dwdwdad2-57443.portmap.host", "domain", "botnet_cc", "win.xenorat", "None", "XenoRAT", "", "50", "", "c2,xenorat", "0", "juroots" "2025-03-24 07:06:29", "1457589", "hokagehuyaki.space", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "50", "", "vidar", "0", "juroots" "2025-03-24 07:04:51", "1457584", "pepegajus-33332.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-03-24 07:04:50", "1457582", "bayotam991-51100.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-03-24 07:04:50", "1457583", "morelogs.thruhere.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-03-24 07:04:29", "1457581", "h0metowgh0svi3ws.servequake.com", "domain", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "50", "", "c2,orcus", "0", "juroots" "2025-03-24 07:04:14", "1457580", "deesesejh45.hopto.org", "domain", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "50", "", "c2,netwire", "0", "juroots" "2025-03-24 07:02:13", "1457566", "countries-discovery.gl.at.ply.gg", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-03-24 07:02:13", "1457567", "getting-regulation.gl.at.ply.gg", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-03-24 07:01:32", "1457559", "mindoi05.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "50", "", "c2,cryptbot", "0", "juroots" "2025-03-24 07:01:31", "1457558", "mincir07.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "50", "", "c2,cryptbot", "0", "juroots" "2025-03-24 07:00:51", "1457555", "naphax.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-03-24 07:00:51", "1457556", "xptmue1si.localto.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-03-24 06:59:34", "1457554", "procleaninger.top", "domain", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "", "amadey,c2", "0", "juroots" "2025-03-24 06:59:19", "1457553", "kilimcinursia3.com", "domain", "botnet_cc", "apk.alien", "AlienBot", "Alien", "", "50", "", "alien,c2", "0", "juroots" "2025-03-24 06:59:18", "1457550", "a05qdzfe6qa1.xyz", "domain", "botnet_cc", "apk.alien", "AlienBot", "Alien", "", "50", "", "alien,c2", "0", "juroots" "2025-03-24 06:59:18", "1457551", "abindizzobremin.tk", "domain", "botnet_cc", "apk.alien", "AlienBot", "Alien", "", "50", "", "alien,c2", "0", "juroots" "2025-03-24 06:59:18", "1457552", "buralarneler.com", "domain", "botnet_cc", "apk.alien", "AlienBot", "Alien", "", "50", "", "alien,c2", "0", "juroots" "2025-03-24 06:29:36", "1457508", "www.crimsoncovelabs.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.128.67.88+www.crimsoncovelabs.xyz", "AS132203,C2,censys", "0", "dyingbreeds_" "2025-03-24 06:29:36", "1457509", "a-0002.a2-msedge.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/65.87.7.79+a-0002.a2-msedge.net", "AS215659,C2,censys,MOEMOEKYUN", "0", "dyingbreeds_" "2025-03-24 06:29:35", "1457510", "node-sc.owemo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/142.171.116.94+node-sc.owemo.com", "AS35916,C2,censys,MULTA-ASN1", "0", "dyingbreeds_" "2025-03-24 06:29:34", "1457511", "grswjp.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/104.21.39.171+grswjp.com", "AS13335,C2,censys,CLOUDFLARENET,Hookbot", "0", "dyingbreeds_" "2025-03-24 06:25:57", "1457451", "astralforging.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:56", "1457452", "mweteorm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:56", "1457453", "qnaturecud.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:55", "1457454", "elegangtedg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:55", "1457455", "conqstructcor.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:55", "1457456", "townwand.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:54", "1457457", "panelplxace.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:53", "1457458", "usefulutivli.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:52", "1457459", "urbaninsi.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:52", "1457460", "suptplystati.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:51", "1457461", "hannndlehav.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:50", "1457462", "tfooltaver.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:50", "1457463", "modernmhake.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:50", "1457464", "guardiainpets.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:49", "1457465", "protectaze.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:49", "1457466", "upgradezunio.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:49", "1457467", "firepowerf.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:49", "1457468", "riflesandm.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:48", "1457469", "guncontrold.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:48", "1457470", "marksmanmy.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:44", "1457471", "sniperins.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:44", "1457472", "defensein.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:25:43", "1457473", "discoverou.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-24 06:21:38", "1457420", "youpteck.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "75", "None", "ClearFake", "0", "TRACLabs_" "2025-03-24 06:21:37", "1457426", "anti.linkpc.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2025-03-24 04:53:07", "1457507", "dickstops.mahua.one", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-24 04:03:00", "1457506", "webdisk.adesso-online.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+webdisk.adesso-online.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-24 04:02:59", "1457504", "autodiscover.a.ora-0-web.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+autodiscover.a.ora-0-web.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-24 04:02:59", "1457505", "cpanel.e.multi-canale.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpanel.e.multi-canale.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-24 02:52:42", "1457494", "cdn.ooponoob.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-24 02:52:41", "1457493", "c1.cannimade.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-23 20:02:34", "1457349", "cpcalendars.efcommxerce.ru", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/172.67.138.216+cpcalendars.efcommxerce.ru", "AS13335,C2,censys,CLOUDFLARENET,Hookbot", "0", "DonPasci" "2025-03-23 18:24:21", "1457342", "i99522h5.beget.tech", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://www.virustotal.com/gui/domain/i99522h5.beget.tech", "domain,virustotal", "0", "DonPasci" "2025-03-23 18:24:20", "1457341", "cg55176.tw1.ru", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://www.virustotal.com/gui/domain/cg55176.tw1.ru", "domain,virustotal", "0", "DonPasci" "2025-03-23 18:24:19", "1457340", "g321nosp.beget.tech", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://www.virustotal.com/gui/domain/g321nosp.beget.tech", "domain,virustotal", "0", "DonPasci" "2025-03-23 18:24:18", "1457338", "asasedc0.beget.tech", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://www.virustotal.com/gui/domain/asasedc0.beget.tech", "domain,virustotal", "0", "DonPasci" "2025-03-23 18:24:18", "1457339", "a1106561.xsph.ru", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://www.virustotal.com/gui/domain/a1106561.xsph.ru", "domain,virustotal", "0", "DonPasci" "2025-03-23 18:10:20", "1457334", "wandberup.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-03-23 18:05:01", "1457300", "check.fepub.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-23 18:04:01", "1457330", "atirflee.world", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-03-23 17:24:31", "1457309", "wxayfarer.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-03-23 17:23:34", "1457308", "h2.yyoiy.shop", "domain", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-03-23 17:23:33", "1457307", "boxedtrends.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-03-23 17:18:59", "1457301", "tryekland.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-03-23 17:09:27", "1457298", "check.fidec.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-23 16:57:32", "1457279", "yangling19840508.yangling19840508123.top", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "malware,note,spy", "0", "win32" "2025-03-23 16:57:31", "1457281", "evriuk.work", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "Android,Malware,Spynote", "0", "win32" "2025-03-23 16:57:31", "1457282", "not.aiodd.com", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "acess,android,rat,remote,spynote,tool,toolkit,trojan", "0", "win32" "2025-03-23 16:57:30", "1457283", "corehive.cn", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "android,rat,spynote", "0", "win32" "2025-03-23 16:57:30", "1457284", "ustr.nouz.cn", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "c2,feed,malware,panel,threat,ti", "0", "win32" "2025-03-23 16:57:29", "1457285", "ra.spaceshipnext.xyz", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "c2,malware,spynote", "0", "win32" "2025-03-23 16:57:29", "1457286", "yanjiaoyisianyi.top", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "android,ioc,spynote", "0", "win32" "2025-03-23 16:57:28", "1457287", "frankyue.top", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "android,malware,spynote", "0", "win32" "2025-03-23 16:57:28", "1457288", "5599317.top", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "malware,spynote", "0", "win32" "2025-03-23 16:57:27", "1457289", "la.3699.cc", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "c2,malware,rat", "0", "win32" "2025-03-23 16:57:27", "1457290", "www.uu.neonawall.com", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "c2,dashboard,malware,panel", "0", "win32" "2025-03-23 16:57:25", "1457292", "meimeitk.store", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "rat", "0", "win32" "2025-03-23 16:57:23", "1457294", "two.wangwangwang.store", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "Android,Malware,New,Spyware", "0", "win32" "2025-03-23 16:57:22", "1457297", "trekaolot.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-23 16:57:21", "1457280", "abc.jiachenyu2845.online", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "android,apk,malware,rat,spynote", "0", "win32" "2025-03-23 16:57:20", "1457277", "test.btit2025.top", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "Android,APK,Download,Live,Panel,Spynote,Spyware", "0", "win32" "2025-03-23 16:57:20", "1457278", "hjb.my", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "Android,APK,C2,Dashboard,Malware,Spynote", "0", "win32" "2025-03-23 16:57:19", "1457274", "check.azaler.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-23 16:02:41", "1457273", "cdn.fdwx.net", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/20.224.11.48+cdn.fdwx.net", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-03-23 16:02:39", "1457271", "crushsftp.org", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/31.42.191.74+crushsftp.org", "AS34665,C2,censys,Havoc,PINDC-AS", "0", "DonPasci" "2025-03-23 16:02:29", "1455582", "check.uzuqed.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-23 16:02:29", "1455596", "airlightz.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-03-23 11:35:58", "1455571", "check.ugodat.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-23 10:53:17", "1455569", "check.alosym.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-23 10:32:17", "1455549", "m.knhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:17", "1455550", "wzuhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:16", "1455551", "gmthelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:16", "1455552", "bwg-kundendaten.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:16", "1455553", "www.mr26pan.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:15", "1455554", "www.prmahelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:15", "1455555", "vjhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:15", "1455556", "natbhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:14", "1455557", "www.pthkpan.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:14", "1455558", "web.opnhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:13", "1455559", "onyxwatchdog.de", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:13", "1455560", "m.opnhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:13", "1455562", "m.fphelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:12", "1455561", "qprt6-uy.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:11", "1455563", "m.wpahelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:11", "1455564", "acc.vujhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:10", "1455565", "cs3699log.dlmhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:10", "1455566", "m.lrjhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:09", "1455567", "web.lrjhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:08", "1455547", "www.kahelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:07", "1455545", "emgj3512.zapto.org", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:07", "1455546", "bvft221.ddns.net", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:07", "1455548", "www.okhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:06", "1455541", "nospws.innoxiously.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:06", "1455542", "mzwuzd.screenvconnects.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:06", "1455543", "ibhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:06", "1455544", "jacksgg.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:05", "1455539", "iu-pks.screensconnectpro.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:05", "1455540", "spockosw.innoxiously.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:04", "1455538", "zantmi.innoxiously.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:03", "1455537", "olarori.yzihelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://x.com/s1dhy/status/1900298352664678907", "connectwise,Molatori,screenconnect,UNC5952", "0", "s1dhy" "2025-03-23 10:32:02", "1455535", "interstp.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-03-23 10:32:02", "1455536", "check.equcym.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-23 10:07:08", "1455397", "check.ohuxah.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-23 09:23:34", "1455394", "check.ugarob.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-23 09:17:17", "1454092", "p16.pknisha.cloud", "domain", "payload_delivery", "apk.spybanker", "None", "SpyBanker", "", "50", "", "None", "0", "itsmeRiF_K" "2025-03-23 09:04:53", "1454185", "ipadtiktok3333.hadzabe.top", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "SpyNote", "0", "win32" "2025-03-23 09:04:52", "1454186", "bird.infistar.tech", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "None", "0", "win32" "2025-03-23 09:04:52", "1454187", "mm.grace90.online", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "spynote", "0", "win32" "2025-03-23 09:04:35", "1455298", "associates-studio.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-03-23 09:04:34", "1455319", "spaceqri.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-03-23 09:04:34", "1455320", "octopuzx.netlify.app", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "", "Oct", "0", "win32" "2025-03-23 09:04:33", "1455321", "d1ie3z.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "", "Data,Stealer", "0", "win32" "2025-03-23 09:04:33", "1455322", "stealer.phtm.pw", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "", "BOT,C2,Malware,Phantom,Stealer", "0", "win32" "2025-03-23 09:04:32", "1455323", "tt2.sorahub.xyz", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "C2,Dashboard,Malware,Panel,Spynote", "0", "win32" "2025-03-23 09:04:32", "1455327", "ancn.top", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "android,apk,spynote", "0", "win32" "2025-03-23 09:04:31", "1455324", "acmetx.boydream.work", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "android,apk,c2,dashboard,login-page,malware,note,open-dir,spy", "0", "win32" "2025-03-23 09:04:31", "1455325", "zhengwenxuan.sbs", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "Android,Malware,Spynote", "0", "win32" "2025-03-23 09:04:30", "1455328", "laicai.ddns-ip.net", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "Android,Malware,Spyware", "0", "win32" "2025-03-23 09:04:29", "1455329", "afeng.abcd381105.top", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "acess,android,apk,dashboard,downloader,malware,panel,remote,spynote,trojan", "0", "win32" "2025-03-23 09:04:28", "1455326", "beautyvs.us", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "android,c2,dashboard,login-page,malware,opendir,spynote", "0", "win32" "2025-03-23 09:04:27", "1455330", "facai16.liucaiyun88.top", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "apk,downloader,malware,note,phishing,spy", "0", "win32" "2025-03-23 09:04:24", "1455348", "admin.yiqing99.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.99.169.201+admin.yiqing99.cn", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-03-23 09:04:24", "1455349", "nwoool10000.69wan.com.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/121.37.6.252+nwoool10000.69wan.com.cn", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-03-23 09:04:23", "1455351", "ec2-18-142-232-246.ap-southeast-1.compute.amazonaws.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/18.142.232.246+ec2-18-142-232-246.ap-southeast-1.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys,Hookbot", "0", "dyingbreeds_" "2025-03-23 09:04:11", "1454091", "anyone-center.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-03-23 09:04:08", "1454068", "advath.webaudiomessages.xyz", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "TRACLabs_" "2025-03-23 09:04:06", "1454067", "many-atlantic.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-03-23 09:04:02", "1453985", "check.ysozim.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-23 08:00:20", "1455383", "star-considerable.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-23 08:00:20", "1455384", "vanechkin-51361.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-23 07:59:16", "1455380", "hokagehuyaki.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "50", "", "c2,vidar", "0", "juroots" "2025-03-23 07:58:03", "1455378", "mralaa1.myq-see.com", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "50", "", "c2,revengerat", "0", "juroots" "2025-03-23 07:57:40", "1455376", "chaarlie-44115.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-03-23 07:57:40", "1455377", "senoc43726-29929.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-03-23 07:56:47", "1455374", "microsoft-help.myvnc.com", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots" "2025-03-23 07:56:00", "1455373", "valerianobritoieufsasd.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-03-23 04:02:55", "1455343", "mail.continueoraweb.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+mail.continueoraweb.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-23 04:02:55", "1455344", "cpcalendars.gestisciweb.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpcalendars.gestisciweb.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" # Number of entries: 564