################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2025-04-25 14:03:42 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-04-25 14:03:42", "1511410", "lizyf.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 13:34:03", "1511418", "lianxinxiao.com", "domain", "botnet_cc", "js.beavertail", "None", "BeaverTail", "", "50", "", "beavertail,c2", "0", "juroots" "2025-04-25 13:16:19", "1511409", "files.fnomworldwide.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114398766272509702", "SocGholish", "0", "monitorsg" "2025-04-25 13:09:17", "1511405", "security.guarbcfelare.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 13:09:16", "1511408", "www.coligeme.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 13:05:13", "1511256", "muhoj.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 13:05:12", "1511402", "sylaj.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 12:01:40", "1511395", "ip131.ip-139-99-25.net", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/139.99.25.131+ip131.ip-139-99-25.net", "AS16276,C2,censys,Hookbot,OVH", "0", "DonPasci" "2025-04-25 10:46:37", "1511382", "www.upport-meta2903.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511383", "www.uv3kq5tvbkys.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511384", "www.vertdzb.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511385", "www.winx6.casino", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511386", "www.x39q.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511387", "www.zev.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511388", "www.zw5m.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511366", "www.ogparks.club", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511367", "www.omiq.tech", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511368", "www.orchers.world", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511369", "www.orkshopaicollaborationhub.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511370", "www.ovaecho.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511371", "www.palmsrd.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511372", "www.reta99.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511373", "www.rishticodiegfortysix.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511374", "www.ritishpanel.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511375", "www.rostygust.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511376", "www.slarose.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511377", "www.ssiduousate.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511378", "www.tn67n.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511379", "www.uangjiahao.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511380", "www.uper-bowl-kickoff-time.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511381", "www.uponbs3.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511351", "www.ires-72090.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511352", "www.ixmy.beauty", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511353", "www.khsim.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511354", "www.ksp679.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511355", "www.lanajoyeria.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511356", "www.layplus77.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511357", "www.levateballoonco.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511358", "www.lobaltravelbookings.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511359", "www.mail-marketing-job-62763.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511360", "www.marcato.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511361", "www.ndimadeahome.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511362", "www.nnotechbs.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511363", "www.odeatoll.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511364", "www.odzat.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511365", "www.oftfusion.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511339", "www.atizenairdrop.bet", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511340", "www.audace.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511341", "www.avino.website", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511342", "www.bcw1219.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511343", "www.ellwish.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511344", "www.ethil.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511345", "www.fp8ch.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511346", "www.hieh33.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511347", "www.ideoxxfree.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511348", "www.igaborgz.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511349", "www.ightmareroad.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511350", "www.inancialfreedomclub.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511326", "www.4260686.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511327", "www.488ns.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511328", "www.8ekcmt.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511329", "www.8j3tfb2djzoo.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511330", "www.9o8yd.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511331", "www.alisisi.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511332", "www.andygirls.biz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511333", "www.arisasuestalvey.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511334", "www.arka.group", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511335", "www.aser-eye-surgery-3291.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511336", "www.ash-paying-jobs-79621.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511337", "www.asinocruiseclub.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511338", "www.astertechhub.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:32", "1511324", "www.1198.pet", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:32", "1511325", "www.4260621.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 09:17:00", "1511253", "core.keloimnau.org", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 09:09:19", "1511250", "maxbusinessclub.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://bazaar.abuse.ch/sample/b9aa64a363590b45a781f17b09f8ccb75727071281d26b4394d8174df1f87a53/", "AsyncRAT,RAT", "0", "abuse_ch" "2025-04-25 08:28:53", "1511234", "cdn.optitc.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "clickfix", "0", "juroots" "2025-04-25 08:28:53", "1511235", "signature908.golf", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "clickfix", "0", "juroots" "2025-04-25 08:28:53", "1511236", "corner427.space", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "clickfix", "0", "juroots" "2025-04-25 08:28:11", "1511233", "aardvarkw.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-04-25 08:27:26", "1511228", "eshopper.top", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "TOAD", "0", "juroots" "2025-04-25 08:27:26", "1511229", "mvhelp.cc", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "TOAD", "0", "juroots" "2025-04-25 08:27:26", "1511230", "helpset123.site", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "TOAD", "0", "juroots" "2025-04-25 08:27:26", "1511231", "300005.ru", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "TOAD", "0", "juroots" "2025-04-25 08:27:26", "1511232", "desktool.buzz", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "TOAD", "0", "juroots" "2025-04-25 08:23:59", "1511222", "zdwdwadzdwa-51598.portmap.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:59", "1511223", "centre-shake.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:59", "1511224", "reo.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:01", "1511154", "know-knock-who-is-here.pages.dev", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 08:23:01", "1511155", "security-a2k8-go.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 08:23:00", "1511156", "rugyg.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 08:22:09", "1511214", "obinwannedimna.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-25 08:22:09", "1511215", "rem25rem.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-25 08:21:36", "1511209", "friends-virginia.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-04-25 08:21:36", "1511210", "games-travel.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-04-25 08:21:36", "1511211", "scriptdagoat-42745.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-04-25 08:21:36", "1511212", "tobixhere-32449.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-04-25 08:20:49", "1511207", "a-ended.gl.at.ply.gg", "domain", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "50", "", "c2,orcus", "0", "juroots" "2025-04-25 08:20:27", "1511206", "hacking01.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots" "2025-04-25 08:20:12", "1511204", "fiushion.online", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-04-25 08:20:12", "1511205", "huyxingum.mikustore.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-04-25 08:19:14", "1511202", "donaldcity.club", "domain", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "", "c2,glupteba", "0", "juroots" "2025-04-25 08:19:14", "1511203", "nevernews.club", "domain", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "", "c2,glupteba", "0", "juroots" "2025-04-25 08:08:25", "1511170", "u1.pridefulamaretto.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "100", "", "clearfake", "1", "ttakvam" "2025-04-25 06:14:45", "1511153", "core.keloimnau.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:29:05", "1511134", "kuqob.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-25 05:24:32", "1511012", "tafoz.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 05:24:31", "1511013", "microsoftftp.serveftp.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2025-04-25 05:24:30", "1511016", "vogos.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 05:24:27", "1511048", "www.nemzieo.info", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:26", "1511052", "undo.sg", "domain", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8dbab5db9d1c394a9a46efd3d7619dcebcdb2131edef1f2db9f6d11d6df48f1b/", "Lumma", "1", "user35335" "2025-04-25 05:24:26", "1511061", "napiv.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 05:24:25", "1511075", "goclouder.org", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:24", "1511077", "security.flaearegyaard.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:22", "1511080", "keloimnau.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:21", "1511084", "keloimnau.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:12", "1511088", "core.keloimnau.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:23:43", "1511126", "keloimnau.org", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 04:48:10", "1511124", "xuvyc.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-25 00:01:42", "1511073", "96-126-124-158.ip.linodeusercontent.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/96.126.124.158+96-126-124-158.ip.linodeusercontent.com", "AKAMAI-LINODE-AP,AS63949,C2,censys,Havoc", "0", "DonPasci" "2025-04-25 00:01:36", "1511072", "ec2-13-250-199-140.ap-southeast-1.compute.amazonaws.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/13.250.199.140+ec2-13-250-199-140.ap-southeast-1.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys,Hookbot", "0", "DonPasci" "2025-04-24 22:56:21", "1511059", "harmonyos.life", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 21:43:11", "1511050", "u1.spottyscary.top", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "100", "", "clearfake", "1", "ttakvam" "2025-04-24 20:23:33", "1511032", "ssh.setuap1.sbs", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/bee3cac78cd7537a3ab177f68496c1005d1d5c2b69abaac3a57f32874f578e58/", "Unknown", "0", "NDA0E" "2025-04-24 18:47:00", "1511011", "rcraftstipaddrsrv17.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250424-wxrnqsvns5", "c2,domain,xworm", "0", "DonPasci" "2025-04-24 18:43:33", "1511001", "jsmakert.shop", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-24 18:43:31", "1510994", "vezof.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 18:43:30", "1511009", "badnesspandemic.shop", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "", "ACRStealer", "0", "threatcat_ch" "2025-04-24 18:21:08", "1511006", "www.ambiopharmconsultingltd.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250424-mbs51awxhx", "c2,domain,rat,remcos", "0", "DonPasci" "2025-04-24 18:21:08", "1511007", "www.ugconsultanceltd.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250424-mbs51awxhx", "c2,domain,rat,remcos", "0", "DonPasci" "2025-04-24 16:56:52", "1511000", "ns.aqjcjss.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 16:14:33", "1510992", "cogov.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 15:49:46", "1510978", "bobab.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 15:49:45", "1510979", "penev.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 15:14:24", "1510969", "hikig.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 13:57:14", "1510968", "qegyx.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 13:26:43", "1510965", "byqaj.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 13:19:57", "1510964", "promo.kimmwhite.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114393091512011049", "SocGholish", "0", "monitorsg" "2025-04-24 13:19:56", "1510963", "pybal.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 13:00:36", "1510959", "usd1g6.cyou", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 13:00:34", "1510958", "ui.chnaiuincom.cfd", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 12:45:24", "1510949", "u1.putdownpopcorn.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 12:45:17", "1510950", "vekeq.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 12:30:32", "1510923", "pypim.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 12:28:11", "1510924", "dvrhelper.anondns.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:28:11", "1510925", "techsupport.anondns.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:28:11", "1510926", "rustbot.anondns.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:28:11", "1510927", "miraisucks.anondns.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:02:08", "1510904", "lupuj.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 11:21:25", "1510874", "tazaz.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 11:21:24", "1510895", "woodpeckersd.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 11:21:23", "1510896", "wolverineas.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 11:21:19", "1510900", "timov.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 11:21:18", "1510903", "qwlpert.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114392379753765453", "KongTuke", "0", "monitorsg" "2025-04-24 09:46:34", "1510899", "fyquc.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 08:01:28", "1510885", "nationwidedirectlender.org", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/172.67.215.41+nationwidedirectlender.org", "AS13335,C2,censys,CLOUDFLARENET,Hookbot", "0", "DonPasci" "2025-04-24 08:00:52", "1510880", "185-38-142-128.cprapid.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/185.38.142.128+185-38-142-128.cprapid.com", "AS47674,C2,censys,NETSOLUTIONS,RAT,Remcos", "0", "DonPasci" "2025-04-24 07:29:25", "1510867", "gyner.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:58:18", "1510772", "fallenminer.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.251.164.121+fallenminer.com", "AS60404,C2,censys,LITESERVER,Unam", "0", "dyingbreeds_" "2025-04-24 05:58:18", "1510775", "login.zalopay.site", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.233.76.207+login.zalopay.site", "AS141995,censys,EvilGinx,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:17", "1510776", "account.zalopay.site", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.233.76.207+account.zalopay.site", "AS141995,censys,EvilGinx,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:05", "1510756", "ecs-116-205-242-143.compute.hwclouds-dns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/116.205.242.143+ecs-116-205-242-143.compute.hwclouds-dns.com", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:56:05", "1510806", "gutenortherad.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:56:05", "1510807", "cdn-app-server.vewojo9572.workers.dev", "domain", "botnet_cc", "win.smokedham", "None", "SMOKEDHAM", "", "100", "None", "c2,SMOKEDHAM", "0", "pancak3lullz" "2025-04-24 05:56:04", "1510805", "koonenmagaziner.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:56:03", "1510804", "flamencobeents.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:40", "1510673", "vigorbridgoe.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:39", "1510670", "cartograhphy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:39", "1510671", "biosphxere.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:39", "1510672", "topographky.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:38", "1510668", "geographys.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:38", "1510669", "tropiscbs.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:37", "1510647", "EICp.ByxWGIMPbwiSkniw.info", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2025-04-24 05:55:36", "1510645", "lorda.hopto.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2025-04-24 05:55:32", "1510845", "hylur.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:55:29", "1510802", "ndgadfqwywqe.pages.dev", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:55:29", "1510803", "jjiiiiiiiiijjjj.pages.dev", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:55:23", "1510591", "dealmakerwealthsociety.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "90", "None", "FAKEUPDATES,landupdate808", "0", "pancak3lullz" "2025-04-24 05:55:19", "1510594", "id.webaudiomessages.xyz", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:19", "1510595", "mansionsnowy.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:17", "1510596", "outlook.webaudiomessages.xyz", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:17", "1510599", "react.webaudiomessages.xyz", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:16", "1510597", "airbluefootgear.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "90", "None", "FAKEUPDATES,landupdate808", "0", "pancak3lullz" "2025-04-24 05:55:15", "1510598", "fastylamberta.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:14", "1510600", "walkinsonbeer.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:10", "1510584", "tc1.easingaffix.site", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:55:07", "1510582", "vickmarine.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-24 05:55:07", "1510585", "mrdltd.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-24 05:55:05", "1510588", "iguanadx.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/f65514bc-deb0-40d3-8589-bbbeb76432b7", "None", "0", "pitachu" "2025-04-24 05:55:05", "1510589", "tycok.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:55:00", "1510575", "vyzap.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:45:00", "1510858", "windows.ddnsguru.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,screenconnect", "0", "juroots" "2025-04-24 05:40:46", "1510857", "sewektrip.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-04-24 05:38:58", "1510855", "hamditebz-51107.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-04-24 04:27:17", "1510844", "hobir.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 03:56:35", "1510755", "piver.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 03:36:08", "1510754", "cuxer.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 03:15:41", "1510753", "gutom.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 02:55:18", "1510748", "cdn-credit-d814.101archstreet.workers.dev", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 02:34:41", "1510747", "jahoc.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 02:03:59", "1510746", "gubuj.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 01:23:04", "1510745", "rocyg.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 00:57:31", "1510744", "ginoz.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 00:26:50", "1510743", "pepuq.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 00:01:59", "1510740", "sso.zalopay.site", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.233.76.207+sso.zalopay.site", "AS141995,CAPL-AS-AP,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-24 00:01:59", "1510741", "portal.zalopay.site", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.233.76.207+portal.zalopay.site", "AS141995,CAPL-AS-AP,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-23 23:45:54", "1510685", "wunep.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-23 20:49:16", "1510662", "dum555.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-23 20:01:33", "1510625", "relyheins.org", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/104.21.19.221+relyheins.org", "AS13335,C2,censys,CLOUDFLARENET,Hookbot", "0", "DonPasci" "2025-04-23 17:56:03", "1510561", "jellyfisnbnh.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/92251411-f31b-4576-9de2-ad755e0eac3e", "None", "0", "pitachu" "2025-04-23 17:56:03", "1510562", "h1.glucoseranger.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/92251411-f31b-4576-9de2-ad755e0eac3e", "None", "0", "pitachu" "2025-04-23 17:54:13", "1510567", "factisland.icu", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-23 17:54:13", "1510568", "decisioniron.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-23 17:47:40", "1510558", "pejnguin.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-04-23 17:33:08", "1510547", "mtowner.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-23 17:33:04", "1510553", "kasej.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-23 17:23:19", "1510539", "soficave.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:10", "1510529", "ayzyw.top", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:03", "1510517", "recommended-collins.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-04-23 17:23:02", "1510515", "panel-thrown.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-04-23 17:23:01", "1510490", "solidewi.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114387677538882474", "KongTuke", "0", "monitorsg" "2025-04-23 17:23:01", "1510503", "junyk.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-23 17:22:59", "1510486", "www.ishimotors.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114387436954751925", "SocGholish", "0", "monitorsg" "2025-04-23 17:22:59", "1510487", "dafeq.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-23 16:01:48", "1510513", "incog.live", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/104.21.42.252+incog.live", "AS13335,C2,censys,CLOUDFLARENET,panel,Unam", "0", "DonPasci" "2025-04-23 16:01:26", "1510509", "akkiosk.org", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/104.21.59.216+akkiosk.org", "AS13335,C2,censys,CLOUDFLARENET,Hookbot", "0", "DonPasci" "2025-04-23 15:44:35", "1510498", "popbaggy.ignorelist.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-23 15:44:35", "1510499", "zainezw.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" # Number of entries: 227