################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2025-07-12 12:25:15 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-07-12 12:25:15", "1556231", "employees-churches.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-07-12 12:25:15", "1556232", "small-bend.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-07-12 12:24:58", "1556230", "indro.top", "domain", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "50", "", "c2,tofsee", "0", "juroots" "2025-07-12 12:24:12", "1556226", "app.youroboter.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-07-12 12:24:12", "1556227", "cloud.youroboter.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-07-12 12:23:45", "1556224", "last.galaxias.cc", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-07-12 12:23:45", "1556225", "net.bolo.gay", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-07-12 12:23:28", "1556223", "piotr2222-40866.portmap.host", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-07-12 12:23:15", "1556222", "alfons.ddns.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots" "2025-07-12 12:02:27", "1556188", "mbc2.no-ip.biz", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250712-m569qazpv5", "C2,domain,njrat,triage", "0", "DonPasci" "2025-07-12 12:02:03", "1556186", "compare-jennifer.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-07-12 12:02:03", "100", "https://tria.ge/250712-g72t5axsft", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-07-12 12:01:02", "1556179", "dariusfanXwomrSkiddedaahh-40602.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250712-mzktjazvct", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-12 08:49:22", "1556176", "iot.stellar-iot.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "stellar,StellarBot", "0", "NDA0E" "2025-07-12 08:49:21", "1556175", "server1.stellar-iot.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-12 08:49:22", "100", "", "stellar,StellarBot", "0", "NDA0E" "2025-07-12 06:01:55", "1556159", "masike4.preech.top", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2025-07-12 06:01:56", "100", "https://tria.ge/250712-egcq7swvcs", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2025-07-12 05:55:09", "1556155", "westcnds.asia", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/610cf008cceddafb1e7786f8bf0fe3d1d8344dd92e0c2b1b2f2f74b1ccd4e629/", "DeerStealer", "0", "abuse_ch" "2025-07-12 05:40:06", "1556046", "linkedservlet.pro", "domain", "botnet_cc", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "50", "https://app.any.run/tasks/237209eb-af1a-47e5-a2d4-76012f2f33f0", "None", "0", "pitachu" "2025-07-12 05:40:03", "1556051", "eyertyn.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/315bc97f-69e0-4346-9f68-973f46961f9c", "None", "0", "pitachu" "2025-07-12 05:40:03", "1556052", "www.jpchacha.com", "domain", "botnet_cc", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "100", "https://app.any.run/tasks/315bc97f-69e0-4346-9f68-973f46961f9c", "None", "0", "pitachu" "2025-07-12 05:40:01", "1556056", "ltdvjvr.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/315bc97f-69e0-4346-9f68-973f46961f9c", "None", "0", "pitachu" "2025-07-12 05:40:00", "1556063", "uponmap.com", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "tanner" "2025-07-12 05:40:00", "1556064", "jojo-ent.com", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "tanner" "2025-07-12 05:39:59", "1556066", "resutato.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "tanner" "2025-07-12 05:39:58", "1556090", "security.flearengauurd.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-12 05:39:56", "1556091", "haciver.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-12 05:39:55", "1556092", "smithenv.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-07-12 04:00:06", "1556108", "ecs-123-60-142-31.compute.hwclouds-dns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/123.60.142.31+ecs-123-60-142-31.compute.hwclouds-dns.com", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-07-11 18:01:13", "1556060", "included-integration.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250711-pl2w1agk4z", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-11 18:01:05", "1556059", "mybabygirlevangilnegoodfirlgirlbabybgirl.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-07-11 18:22:56", "100", "https://tria.ge/250711-q667wsxpw7", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-07-11 18:01:01", "1556058", "location-caring.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250711-v9bydahl5z", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-11 16:02:04", "1555983", "thederekmainblogportal.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:02:04", "1555984", "quikstartmaindiloflare.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:02:03", "1555985", "fadiomasdpir.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:02:03", "1555987", "bagonamaditrohds.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:02:02", "1555986", "geoternalkoddfiso.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:02:02", "1555989", "rolkdsgwasagt.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:02:01", "1555988", "juliavirafoklios.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:02:01", "1555990", "iondrivinos34.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:02:00", "1555991", "tidxuxisudolia.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:02:00", "1555992", "trolsfigabubu.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:02:00", "1555993", "irectashasdri.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:59", "1555994", "barobgpsa.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:59", "1555996", "aliondrifdions.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:58", "1555995", "wasagtrolkdsg.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:58", "1555998", "winfrauikol.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:57", "1555997", "gorahripliys.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:57", "1555999", "hhrrtyusdfar.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:56", "1556000", "wilowiklayd.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:56", "1556001", "klafiokindw.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:56", "1556002", "llojikartid.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:55", "1556003", "larioiokolid.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:55", "1556004", "ttryiptiytre.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:55", "1556005", "titiytreip.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:54", "1556006", "marokolidoss.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:54", "1556007", "titiprostertuk.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:54", "1556008", "lilasdorycomsik.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:53", "1556009", "dosyposycom.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:53", "1556010", "visafropik.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:53", "1556011", "valifoprofsto.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:51", "1556012", "higtwebgenis.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:51", "1556013", "domtrst455.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:50", "1556014", "daringdesigners.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:50", "1556015", "lofiramegi.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:50", "1556016", "rofleratom.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:49", "1556017", "topguningit.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 16:01:38", "1556037", "node-leexsirzz.safepanel.my.id", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-12 04:00:31", "100", "https://search.censys.io/hosts/157.230.34.254+node-leexsirzz.safepanel.my.id", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-07-11 15:57:33", "1555982", "ireblogthedomsiki.com", "domain", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "latrodectus", "1", "_ik_" "2025-07-11 15:57:25", "1555976", "buyedmeds.top", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 15:57:24", "1555979", "accountsitte.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 13:22:01", "1555969", "josyfs.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-11 17:33:03", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-11 13:22:00", "1555971", "ai-dev.overscaleconsulting.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-07-11 12:51:50", "1555967", "3wz63jwcct4de.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-12 11:48:55", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-11 12:01:22", "1555954", "usr-smithsonian.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250711-lmm8fstvcs", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-07-11 12:01:05", "1555951", "freemadness.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250711-h7tdesgr7v", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-07-11 12:01:05", "1555952", "johngavins12311860.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250711-h3rc9sgr3w", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-07-11 12:01:05", "1555953", "johngavins2311860.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250711-h3rc9sgr3w", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-07-11 09:53:14", "1555949", "atlantqlpt.bet", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-11 09:50:08", "1555948", "armorratdns.ddns.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-07-11 09:49:52", "1555946", "cameldomain1.n-e.kr", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-07-11 09:49:52", "1555947", "cdn.valgap.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-07-11 09:49:51", "1555944", "1.izumisv1.cc", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-07-11 09:49:51", "1555945", "abc.izumisv1.cc", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-07-11 09:49:11", "1555943", "7kmynviev.localto.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots" "2025-07-11 09:48:56", "1555941", "chat.kongfupro.shop", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "", "c2,cobaltstrike", "0", "juroots" "2025-07-11 09:48:56", "1555942", "dogcsdogcs.js", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "", "c2,cobaltstrike", "0", "juroots" "2025-07-11 09:48:35", "1555940", "subasyncratlog.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-07-11 08:41:04", "1555909", "correctwion.click", "domain", "payload_delivery", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "100", "https://bazaar.abuse.ch/sample/eec9b4769ab34844f5f6caa304bad459780fe72e337eb8d686f01fcfd3833ac0/", "CHE,ClickFix,geo,HijackLoader", "0", "abuse_ch" "2025-07-11 08:41:04", "1555910", "helpfullyk.click", "domain", "payload_delivery", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "100", "https://bazaar.abuse.ch/sample/eec9b4769ab34844f5f6caa304bad459780fe72e337eb8d686f01fcfd3833ac0/", "CHE,ClickFix,geo,HijackLoader", "0", "abuse_ch" "2025-07-11 06:33:39", "1555811", "discoveronline.top", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 06:33:37", "1555807", "altopew.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-11 06:33:37", "1555808", "getin.top", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 06:33:36", "1555806", "security.fbaregwaurd.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-11 06:33:29", "1555739", "images.mildecommercialrealestate.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-07-11 06:01:30", "1555895", "blue.o7lab.me", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250711-cvndraem4w", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-11 06:01:03", "1555894", "brimaganla.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250711-d8dxxa1wa1", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-07-11 02:49:16", "1555855", "www.cloudpacket.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-12 11:49:17", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-11 02:49:12", "1555854", "pe40.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-12 11:49:12", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-11 02:48:57", "1555853", "armando.ns.cloudflare.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-12 11:48:58", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-10 23:19:41", "1555832", "a26.nbdsnb2.top", "domain", "botnet_cc", "win.fatal_rat", "Sainbox RAT", "FatalRat", "", "100", "https://tria.ge/250710-krypbasvaw", "C2,domain,fatalrat,rat,triage", "0", "DonPasci" "2025-07-10 23:19:41", "1555833", "a19.nbdsnb2.top", "domain", "botnet_cc", "win.fatal_rat", "Sainbox RAT", "FatalRat", "", "100", "https://tria.ge/250710-njjrzafl8s", "C2,domain,fatalrat,rat,triage", "0", "DonPasci" "2025-07-10 23:18:09", "1555827", "about-source.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250710-27d4aaztfy", "C2,domain,njrat,triage", "0", "DonPasci" "2025-07-10 23:17:44", "1555824", "hallo2222-49080.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250710-ypgjxahr4z", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-07-10 23:17:40", "1555823", "2305133156.a1.luyouxia.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-10 23:17:40", "100", "https://tria.ge/250710-xqvmgswjw9", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-10 23:17:34", "1555819", "bestpeoplesaroundtheworldwithbeautifullt.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250710-2mr5eazsex", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-07-10 18:03:04", "1555772", "daliascon.ddnsfree.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "https://tria.ge/250710-q5b1csek8t", "C2,domain,nanocore,rat,triage", "0", "DonPasci" "2025-07-10 18:01:07", "1555770", "filter-load.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250710-rwycnsem8t", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-07-10 18:00:55", "1555769", "chiwalk79.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250710-vhd9escj9z", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-07-10 18:00:51", "1555768", "hi-auto.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250710-v6ej4axtgw", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-10 12:51:13", "1555730", "least-crack.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:13", "1555731", "unit-reproductive.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:13", "1555732", "bikkiayan-31518.portmap.io", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:13", "1555733", "show-copy.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:13", "1555734", "clothing-wooden.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:12", "1555724", "connect.jssaytcp.lat", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:12", "1555725", "pma.jarry.online", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:12", "1555726", "scan.rainb0w69.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:12", "1555727", "scan.darkiot.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:12", "1555728", "seven.nadns.info", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:12", "1555729", "cnc.botbuji.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:11", "1555714", "scan.ccie.cash", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:11", "1555715", "waitwhatisthis.societynetwork.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:11", "1555716", "keke.stolevpn.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:11", "1555717", "casino1929299910.o-r.kr", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:11", "1555718", "scan.atomdata.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:11", "1555719", "scan.stolevpn.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:11", "1555720", "p.x86thx.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:11", "1555721", "c.overflow.ltd", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:11", "1555722", "bot.vac.lol", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:11", "1555723", "cnc.301.church", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:10", "1555705", "majnon-hack.no-ip.org", "domain", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:10", "1555706", "miz.lspmodz.ml", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:10", "1555707", "s.overflow.ltd", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:10", "1555708", "cnc.rainb0w69.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:10", "1555709", "bot.skylablool.live", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:10", "1555710", "cnc.404verified.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:10", "1555711", "narco.thotiana.live", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:10", "1555712", "cnc.ccie.cash", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:10", "1555713", "random.societynetwork.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:09", "1555703", "winmonitor97435hr463n.hopto.org", "domain", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:09", "1555704", "doufou.no-ip.org", "domain", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:08", "1555695", "phunktech.no-ip.info", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:08", "1555696", "olol.ddns.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:08", "1555697", "ayyashio.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:08", "1555698", "emek.sytes.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555683", "codeeatsass.zapto.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555684", "radhan.no-ip.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555685", "bahoi.zapto.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555686", "tri5.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555687", "foihacked.no-ip.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555688", "ufuq51.serveftp.com", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555689", "hhost5.zapto.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555690", "skywebhost.zapto.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555691", "zerefy99.noip.me", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555692", "goulis.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555693", "beao.zapto.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:07", "1555694", "radhan.no-ip.info", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:05", "1555676", "ftd69ud5g.top", "domain", "botnet_cc", "win.gozi", "CRM,Gozi CRM,Papras,Snifula,Ursnif", "Gozi", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:05", "1555677", "bbrendanbl42.xyz", "domain", "botnet_cc", "win.gozi", "CRM,Gozi CRM,Papras,Snifula,Ursnif", "Gozi", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:05", "1555678", "sjk2048emma.xyz", "domain", "botnet_cc", "win.gozi", "CRM,Gozi CRM,Papras,Snifula,Ursnif", "Gozi", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:04", "1555675", "fomatic.ddns.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:02", "1555672", "windns.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:59", "1555671", "photocharges.ddnsgeek.com", "domain", "botnet_cc", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:54", "1555667", "doc.office365update.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-11 11:49:10", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-10 12:50:53", "1555664", "workingmiracles.3utilities.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:53", "1555665", "ctdt.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:53", "1555666", "educational-scores.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:51", "1555662", "cieloo2.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:50", "1555658", "ronymahmoud.camdvr.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:50", "1555659", "envio01.ddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:50", "1555660", "sdashboard.ddns-ip.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:50", "1555661", "news-previous.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:49", "1555654", "loudpub.ru", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:49", "1555655", "filelist.zapto.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:49", "1555656", "multi-laid.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:49", "1555657", "goatdjdj-59021.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" # Number of entries: 175