################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2025-04-04 02:52:48 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-04-04 02:52:48", "1484657", "blck-apt.team", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-04 02:52:43", "1484656", "5za27x0ff58mr.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-04 00:01:51", "1484642", "cpcalendars.gfjd.104-168-101-27.cprapid.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpcalendars.gfjd.104-168-101-27.cprapid.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-04-04 00:01:50", "1484641", "autodiscover.oraonweb.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+autodiscover.oraonweb.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-04-04 00:01:42", "1484640", "cp.devoplx.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/104.21.64.1+cp.devoplx.com", "AS13335,C2,censys,CLOUDFLARENET,panel,Unam", "0", "DonPasci" "2025-04-04 00:01:24", "1484633", "ssl.farmandconstructionequipment.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.199.59+ssl.farmandconstructionequipment.com", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-04-04 00:01:24", "1484634", "outlook-us.farmandconstructionequipment.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.199.59+outlook-us.farmandconstructionequipment.com", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-04-04 00:01:23", "1484631", "79-72-70-85.dynamic.dsl.as9105.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/79.72.70.85+79-72-70-85.dynamic.dsl.as9105.com", "AS31898,C2,censys,Havoc,ORACLE-BMC-31898", "0", "DonPasci" "2025-04-04 00:01:23", "1484632", "live.farmandconstructionequipment.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.199.59+live.farmandconstructionequipment.com", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-04-04 00:01:22", "1484630", "mcasproxy.farmandconstructionequipment.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.199.59+mcasproxy.farmandconstructionequipment.com", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-04-04 00:01:21", "1484629", "notifications.farmandconstructionequipment.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.199.59+notifications.farmandconstructionequipment.com", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-04-03 22:53:43", "1484616", "nolaxcloud.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-03 19:42:34", "1484568", "nexacorenet.com", "domain", "botnet_cc", "win.matanbuchus", "None", "Matanbuchus", "", "100", "", "matanbuchus", "0", "Rony" "2025-04-03 19:14:40", "1484567", "bretux.com", "domain", "botnet_cc", "win.matanbuchus", "None", "Matanbuchus", "", "100", "None", "Matanbuchus", "0", "Rony" "2025-04-03 16:53:39", "1484549", "cs1.bigpineapple.asia", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-03 16:00:31", "1484531", "www.makeyourchoice0808.online", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/176.65.134.7+www.makeyourchoice0808.online", "AS215240,C2,censys,NETRESEARCH,RAT,Remcos", "0", "DonPasci" "2025-04-03 15:59:55", "1484530", "h1.rectalcrumb.shop", "domain", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-04-03 15:32:56", "1484522", "acibbnijcehcmbi.top", "domain", "botnet_cc", "js.mints_loader", "None", "MintsLoader", "", "100", "", "mintsloader,ta582", "0", "Gusty_Dusty" "2025-04-03 15:03:23", "1484398", "covaticonstructioncorp.shop", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114274429114211477", "SmartApeSG", "0", "monitorsg" "2025-04-03 15:03:18", "1484402", "mindsparkdigital.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114274429114211477", "SmartApeSG", "0", "monitorsg" "2025-04-03 15:03:12", "1484396", "tesra.shop", "domain", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "hta,LummaStealer", "0", "threatcat_ch" "2025-04-03 15:03:07", "1484388", "freshyu.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-04-03 15:03:07", "1484389", "ywmedici.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-04-03 12:22:53", "1484374", "webproinc.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114273958273909875", "KongTuke", "0", "monitorsg" "2025-04-03 07:51:32", "1484305", "kakaotalkforwindows.com", "domain", "botnet_cc", "win.doplugs", "None", "DOPLUGS", "", "100", "", "darkpeony,operationcontrolplug", "0", "Rony" "2025-04-03 07:15:34", "1482157", "captcha-cdn.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-03 06:11:44", "1477031", "wafsearch.wiki", "domain", "botnet_cc", "unknown_webinject", "None", "Unknown Webinject", "", "100", "https://blog.sucuri.net/2025/03/cascading-redirects-unmasking-a-multi-site-javascript-malware-campaign.html", "Javascript,Malware", "0", "RacWatchin8872" "2025-04-03 06:11:43", "1477032", "translatebonus.net", "domain", "botnet_cc", "unknown_webinject", "None", "Unknown Webinject", "", "100", "https://blog.sucuri.net/2025/03/cascading-redirects-unmasking-a-multi-site-javascript-malware-campaign.html", "Javascript,Malware", "0", "RacWatchin8872" "2025-04-03 06:11:42", "1477038", "officetoolservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "", "c2,CobaltStrike,cs-watermark-1357776117", "0", "Overkill1984zzz" "2025-04-03 06:11:42", "1477039", "login.officetoolservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "", "c2,CobaltStrike,cs-watermark-1357776117", "0", "Overkill1984zzz" "2025-04-03 06:11:41", "1477037", "sso.misctoolsupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "", "c2,CobaltStrike,cs-watermark-1357776117", "0", "Overkill1984zzz" "2025-04-03 06:11:40", "1477035", "sso.onlinenetworkupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "", "c2,CobaltStrike,cs-watermark-1357776117", "0", "Overkill1984zzz" "2025-04-03 06:11:40", "1477036", "login.misctoolsupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "", "c2,CobaltStrike,cs-watermark-1357776117", "0", "Overkill1984zzz" "2025-04-03 06:11:39", "1477034", "login.onlinenetworkupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "", "c2,CobaltStrike,cs-watermark-1357776117", "0", "Overkill1984zzz" "2025-04-03 06:11:38", "1477040", "sso.officetoolservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "", "c2,CobaltStrike,cs-watermark-1357776117", "0", "Overkill1984zzz" "2025-04-03 06:11:37", "1477041", "login.grouptelecoms.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "", "c2,CobaltStrike,cs-watermark-1357776117", "0", "Overkill1984zzz" "2025-04-03 06:11:36", "1477042", "sso.grouptelecoms.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "", "c2,CobaltStrike,cs-watermark-1357776117", "0", "Overkill1984zzz" "2025-04-03 06:10:58", "1477150", "ecs-121-37-6-252.compute.hwclouds-dns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/121.37.6.252+ecs-121-37-6-252.compute.hwclouds-dns.com", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-04-03 06:10:56", "1477151", "code.amazehome.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.93.28.103+code.amazehome.xyz", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-04-03 06:10:51", "1477161", "bitcdemo-com.farmandconstructionequipment.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.199.59+bitcdemo-com.farmandconstructionequipment.com", "AS29802,C2,censys,HVC-AS", "0", "dyingbreeds_" "2025-04-03 06:10:05", "1476984", "pqoqllalll.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-03 06:10:05", "1476985", "pptpooalfkakktl.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-03 06:10:05", "1476986", "servverifcloud.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-03 06:10:05", "1476987", "dajajkfifofjfklaiotjapp.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-03 06:10:01", "1476965", "aemrt.live", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "FakeCaptcha,ShadowWhale", "0", "threatcat_ch" "2025-04-03 06:10:01", "1476983", "serviceverifcloudv.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-03 06:10:00", "1476964", "o.coccos.live", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "FakeCaptcha,ShadowWhale", "0", "threatcat_ch" "2025-04-03 06:09:59", "1476963", "000-00-000.pages.dev", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-03 00:01:12", "1477070", "login-us.farmandconstructionequipment.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.199.59+login-us.farmandconstructionequipment.com", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-04-03 00:01:11", "1477069", "job.baiqingee.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/176.65.143.133+job.baiqingee.com", "AS215208,C2,censys,DOLPHINNETWORKS,Havoc", "0", "DonPasci" "2025-04-02 22:54:37", "1477057", "cstest.iqiyic.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-02 22:13:08", "1477043", "fluheror.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "ClearFake", "1", "ttakvam" "2025-04-02 19:08:41", "1476959", "k.veuwb.live", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "FakeCaptcha,ShadowWhale", "0", "threatcat_ch" "2025-04-02 19:08:41", "1476961", "i.jolttapestry.fun", "domain", "payload_delivery", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "PowerShell,Rhadamanthys", "0", "threatcat_ch" "2025-04-02 18:17:46", "1476953", "rlxspoty.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "TRACLabs_" "2025-04-02 18:17:46", "1476954", "jrxsafer.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "TRACLabs_" "2025-04-02 18:17:46", "1476955", "krxspint.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "TRACLabs_" "2025-04-02 18:17:45", "1476956", "rhxhube.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "TRACLabs_" "2025-04-02 18:17:45", "1476957", "grxeasyw.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "TRACLabs_" "2025-04-02 16:53:48", "1476951", "rdmetrics.ru", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-02 16:01:31", "1473646", "sub.item518475621531819.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+sub.item518475621531819.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 16:01:30", "1473642", "item513125621531816.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+item513125621531816.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 16:01:30", "1473643", "acc.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+acc.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 16:01:30", "1473644", "mailbusiness3.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+mailbusiness3.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 16:01:30", "1473645", "gui.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+gui.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 16:01:29", "1473641", "id4.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+id4.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 16:01:13", "1473637", "23-227-202-141.static.hvvc.us", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.202.141+23-227-202-141.static.hvvc.us", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-04-02 14:21:42", "1463263", "bukaman.shop", "domain", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "hta,LummaStealer", "0", "threatcat_ch" "2025-04-02 14:21:41", "1463265", "a.uueui.shop", "domain", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "threatcat_ch" "2025-04-02 14:21:41", "1463267", "b1.uueui.shop", "domain", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "threatcat_ch" "2025-04-02 14:21:40", "1463269", "kestim.shop", "domain", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "threatcat_ch" "2025-04-02 13:24:47", "1463261", "chukwuonye.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-02 13:23:41", "1463246", "dcdh4.shop", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114268531892849663", "SmartApeSG", "0", "monitorsg" "2025-04-02 13:23:38", "1463252", "eiesystems.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114268570745089055", "KongTuke", "0", "monitorsg" "2025-04-02 12:25:06", "1463239", "bridge.tree-sock-rain.today", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-02 12:25:05", "1463238", "xxx-xx-x-xxx.pages.dev", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-02 12:01:43", "1463236", "net-5-88-105-109.cust.vodafonedsl.it", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/5.88.105.109+net-5-88-105-109.cust.vodafonedsl.it", "AS30722,C2,censys,panel,Unam,VODAFONE-IT-ASN", "0", "DonPasci" "2025-04-02 12:01:43", "1463237", "4.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+4.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 12:01:19", "1463206", "ultraddam.co.kr", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/158.247.243.20+ultraddam.co.kr", "AS-VULTR,AS20473,C2,censys,Havoc", "0", "DonPasci" "2025-04-02 10:20:06", "1463178", "check.zaqob.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-02 10:08:18", "1463085", "check.dasoc.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-02 10:08:15", "1463172", "filemanage.micrsofts-file.com", "domain", "botnet_cc", "elf.melofee", "Mélofée", "Melofee", "", "49", "https://blog.xlab.qianxin.com/analysis_of_new_melofee_variant/", "None", "0", "johannes" "2025-04-02 08:36:01", "1463157", "system-update.cloud", "domain", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://tracker.viriback.com/index.php?q=system-update.cloud", "Amadey,ViriBack", "0", "abuse_ch" "2025-04-02 08:01:43", "1463156", "webmail.aaa.104-168-101-27.cprapid.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+webmail.aaa.104-168-101-27.cprapid.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-04-02 08:01:11", "1463110", "havoccc.evilpony.win", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/173.249.45.65+havoccc.evilpony.win", "AS51167,C2,censys,CONTABO,Havoc", "0", "DonPasci" "2025-04-02 08:01:10", "1463109", "23-227-203-148.static.hvvc.us", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.203.148+23-227-203-148.static.hvvc.us", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-04-02 07:57:52", "1463091", "relentless.webredirect.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://bazaar.abuse.ch/sample/52db756a72b71d461eb46a8f40e04c6e594c1f3c5da27901c2a47f890dd279f8/", "RAT,RemcosRAT", "0", "abuse_ch" "2025-04-02 07:57:52", "1463092", "relentlesswicked.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://bazaar.abuse.ch/sample/52db756a72b71d461eb46a8f40e04c6e594c1f3c5da27901c2a47f890dd279f8/", "RAT,RemcosRAT", "0", "abuse_ch" "2025-04-02 07:55:16", "1463087", "vtrow.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "", "RAT,RemcosRAT", "0", "abuse_ch" "2025-04-02 07:40:45", "1463076", "check.kywau.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-02 07:33:36", "1463083", "research.90shipsnormal.site", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Prysmax", "0", "abuse_ch" "2025-04-02 07:27:32", "1463080", "goku92ad.zapto.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/a6d80c48e2d6616f9731dde9b60ece9ebc733e86e0879a6f193b9b63ad4177b8/", "dropped-by-amadey,QusarRAT,RAT", "0", "abuse_ch" "2025-04-02 06:57:39", "1463065", "check.lacoa.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-02 06:30:02", "1462996", "lv426.xenoops.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.156.71.15+lv426.xenoops.net", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Mythic", "0", "dyingbreeds_" "2025-04-02 06:30:01", "1462998", "loader.yougame.biz", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/94.156.189.245+loader.yougame.biz", "AS44901,BELCLOUD,C2,censys", "0", "dyingbreeds_" "2025-04-02 06:29:43", "1462634", "klendoct.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:43", "1462635", "apireco.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:42", "1462636", "pillhube.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:42", "1462637", "trmedicr.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:41", "1462638", "wellmede.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:40", "1462639", "sapmedsw.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:40", "1462640", "elixatei.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:39", "1462641", "medicusi.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:39", "1462643", "newpillr.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:38", "1462642", "gumcarey.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:38", "1462644", "healthzo.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:37", "1462645", "illamedw.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:37", "1462646", "medswayq.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:37", "1462647", "alivpaxy.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:36", "1462648", "ezcureg.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:35", "1462649", "glodbejoy.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:35", "1462650", "lsunarlandsc.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:34", "1462651", "googutnow.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:34", "1462652", "natulreconserve.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:33", "1462653", "metalexj.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:33", "1462654", "globinway.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:32", "1462655", "fitmedse.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:32", "1462656", "fluffypxillow.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:32", "1462657", "tacticalt.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:22", "1462658", "metalrom.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:20", "1462659", "healtxuiry.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:20", "1462660", "achedoce.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:19", "1462661", "alloymou.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:19", "1462662", "flyeworld.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:18", "1462663", "paxthfinder.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:18", "1462664", "delpainq.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:17", "1462665", "localfarmerj.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:17", "1462666", "curamedi.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:16", "1462667", "inlikelen.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:16", "1462668", "astrateg.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:16", "1462669", "raoamspot.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:15", "1462670", "physicszofne.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:15", "1462671", "tamedicq.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:14", "1462672", "remediay.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:14", "1462673", "spaxicox.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:13", "1462674", "frequeposs.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:13", "1462675", "pqillowsoft.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:12", "1462676", "alloylyu.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:12", "1462677", "biosdening.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:12", "1462678", "fragwrantfields.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:11", "1462679", "workmedy.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:10", "1462680", "pillowrzelax.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:10", "1462681", "moldprow.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:08", "1462682", "globetprip.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:08", "1462683", "roafmland.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:08", "1462684", "bedrestw.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:07", "1462685", "trzipwise.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:05", "1462686", "adhventur.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:05", "1462687", "biopaint.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:05", "1462689", "solsoftt.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:04", "1462688", "bootedfared.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:03", "1462690", "traveliln.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:03", "1462693", "oreplusm.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:02", "1462691", "robotigsearch.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:02", "1462692", "mobviewd.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:01", "1462694", "spydentn.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:01", "1462695", "dreamyunature.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:00", "1462696", "steelmor.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:00", "1462697", "ingotlyh.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:29:00", "1462698", "ammoadven.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:59", "1462699", "wchiskers.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:58", "1462700", "arcmeltq.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:58", "1462701", "nebulard.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:57", "1462702", "oreformr.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:55", "1462703", "nomadwajy.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:55", "1462704", "metalfyz.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:55", "1462705", "milkywaydr.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:55", "1462706", "globfetix.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:54", "1462707", "wanderyly.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:54", "1462708", "goabroafd.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:53", "1462709", "ecofhculture.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:53", "1462710", "metalupy.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:53", "1462711", "spaceaet.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:52", "1462712", "shootingst.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:52", "1462713", "skywavej.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:52", "1462714", "roamrline.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:51", "1462715", "localadve.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:51", "1462716", "astrowev.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:50", "1462717", "trsekzone.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:49", "1462718", "travmelux.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:48", "1462719", "alloyexk.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:48", "1462721", "riflesrev.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:47", "1462720", "pillowdregams.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:46", "1462722", "citycultu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:46", "1462723", "rodgearm.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:45", "1462724", "cosmozar.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:45", "1462725", "anvilcov.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:44", "1462726", "gunpowderg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:43", "1462727", "astrosyi.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:43", "1462728", "tqravelsy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:16", "1462729", "vaecation.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:16", "1462730", "techinhions.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:16", "1462731", "explorejz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:15", "1462732", "swnugpillow.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:15", "1462734", "astrioni.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:13", "1462733", "forgeixv.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:13", "1462735", "galaxyv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:12", "1462736", "lunapixu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:12", "1462737", "combatchron.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:11", "1462738", "starbigq.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:11", "1462740", "steelbev.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:10", "1462739", "starolyf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:10", "1462741", "tacticaltr.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:09", "1462742", "sustainharvests.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:09", "1462743", "cosmozya.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:08", "1462744", "happyresgt.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:08", "1462745", "melteryb.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:08", "1462747", "fixcturefacto.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:07", "1462746", "steelitk.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:07", "1462748", "astroset.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:05", "1462749", "staroney.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:04", "1462750", "riflesf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:04", "1462751", "roadtripde.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:04", "1462752", "cosmicrealms.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:03", "1462753", "roamers.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:03", "1462754", "starlabh.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:02", "1462755", "skyhighj.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:02", "1462756", "moonsatm.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:01", "1462757", "quaserxr.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:01", "1462758", "pillowthefrapy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:01", "1462759", "fwurryfriends.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:00", "1462760", "worldtxix.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:00", "1462761", "jsoftnest.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:28:00", "1462762", "fusrryfrenzy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:27:59", "1462763", "holvidayo.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:27:59", "1462764", "natureinspired.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:27:59", "1462765", "traveluxk.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:27:58", "1462766", "trainywholed.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:27:58", "1462767", "circuitzstream.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:27:57", "1462768", "trekfgory.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:27:57", "1462769", "innovahtescience.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:27:56", "1462770", "dividentesnub.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:27:55", "1462771", "windsqweptland.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-04-02 06:27:55", "1462772", "kap.magicitbd.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,FakeCaptcha", "0", "RacWatchin8872" "2025-04-02 06:27:55", "1462773", "roomsattende99918.world", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,FakeCaptcha", "0", "RacWatchin8872" "2025-04-02 06:27:54", "1462774", "legderlive-desktop.org", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,FakeCaptcha", "0", "RacWatchin8872" "2025-04-02 06:27:54", "1462775", "gate-io-desktop.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,FakeCaptcha", "0", "RacWatchin8872" "2025-04-02 06:27:48", "1462785", "cbot.galaxias.cc", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2025-04-02 06:27:33", "1462604", "check.dobai.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-02 05:45:44", "1463062", "ww.ap.4t.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-04-02 04:01:34", "1463032", "login4.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+login4.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 04:01:34", "1463033", "mailbusiness.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+mailbusiness.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 04:01:34", "1463035", "sentry.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+sentry.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 04:01:33", "1463026", "sso.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+sso.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 04:01:33", "1463027", "z1.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+z1.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 04:01:33", "1463028", "id.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+id.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 04:01:33", "1463029", "var.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+var.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 04:01:33", "1463030", "ce1.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+ce1.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 04:01:33", "1463031", "login2.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+login2.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 04:01:32", "1463023", "frontend-service.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+frontend-service.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 04:01:32", "1463024", "okta.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+okta.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 04:01:32", "1463025", "id3.fbads.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.143.90+id3.fbads.store", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-02 03:50:07", "1462984", "ailmentr.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-04-02 03:50:07", "1462985", "deflamep.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-04-02 03:50:07", "1462986", "ferrofyg.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-04-02 03:50:07", "1462987", "weldarob.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-04-02 03:48:49", "1462982", "slavisa-36618.portmap.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-02 03:48:02", "1462979", "chys0m.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-02 03:47:29", "1462976", "benefits-convention.gl.at.ply.gg", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-04-02 03:47:14", "1462971", "dar21.duckdns.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots" "2025-04-02 03:47:14", "1462972", "owtky3dxj.localto.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots" "2025-04-02 03:46:54", "1462967", "jspassport.ssl.qhimg.com.cdn.dnsv1.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "", "c2,cobaltstrike", "0", "juroots" # Number of entries: 262