################################################################
# ThreatFox IOCs: recent domains - CSV format                  #
# Last updated: 2025-08-05 06:04:08 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2025-08-05 06:04:08", "1564427", "prince123.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "https://tria.ge/250805-dtkf5sdq9s", "C2,cybergate,domain,rat,triage", "0", "DonPasci"
"2025-08-05 06:03:10", "1564424", "job3.yjctllgcq.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250805-f6fpts1py5", "C2,domain,rat,triage,valleyrat", "0", "DonPasci"
"2025-08-05 06:01:20", "1564423", "shellexperiencehost.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250805-bweybszkv3", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-08-05 06:01:08", "1564422", "dooijeweerd.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250805-d2216aej4w", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-08-05 06:00:58", "1564420", "activities-essays.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250805-alxvqaypv6", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-05 06:00:56", "1564418", "he-purchased.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250805-f2tqws1pt8", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-05 00:01:49", "1564368", "royalmail.com.rx.ns2.name", "domain", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/185.62.56.181+royalmail.com.rx.ns2.name", "AS62370,C2,censys,hacktool,Mimikatz,open-dir,SNEL", "0", "DonPasci"
"2025-08-04 20:04:37", "1564343", "santoos-63758.portmap.host", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-08-04 20:01:38", "1564334", "net-37-119-171-146.cust.vodafonedsl.it", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-05 04:01:02", "100", "https://search.censys.io/hosts/37.119.171.146+net-37-119-171-146.cust.vodafonedsl.it", "AS30722,C2,censys,panel,Unam,VODAFONE-IT-ASN", "0", "DonPasci"
"2025-08-04 18:03:06", "1564278", "uzamaki.duckdns.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "https://tria.ge/250804-rvpddaer6t", "C2,domain,nanocore,rat,triage", "0", "DonPasci"
"2025-08-04 18:01:46", "1564276", "quite-cs.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250804-n39gqsztey", "C2,domain,njrat,triage", "0", "DonPasci"
"2025-08-04 18:01:17", "1564274", "teen-undo.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250804-vvq4ras1ft", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-08-04 18:01:10", "1564273", "vaulted-47334.portmap.host", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-04 18:01:10", "100", "https://tria.ge/250804-qet39atjw2", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-08-04 18:01:09", "1564272", "sell-underlying.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250804-ts598agl3s", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-08-04 18:01:02", "1564270", "windeckoloko.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250804-s7s3rsfq91", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-08-04 18:01:02", "1564271", "gigle.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250804-qg1c2s1sgt", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-08-04 18:00:55", "1564268", "ync9i5fv1.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-pajw2scl6t", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 18:00:54", "1564265", "gnggyurfucked-32857.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-q53s3stmx8", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 18:00:54", "1564266", "categories-figure.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-qtzx2stls9", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 18:00:54", "1564267", "releases-nitrogen.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-pcm2gszway", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 18:00:53", "1564261", "thought-geology.gl.joinmc.link", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-vld3tss1ax", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 18:00:53", "1564262", "cross-editor.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-s224gsfq4v", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 18:00:53", "1564263", "assistance-commissions.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-s1mbmsswcz", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 18:00:53", "1564264", "format-joining.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-rwbhxaer7x", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 18:00:52", "1564260", "hardware-planned.gl.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-vld3tss1ax", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 18:00:51", "1564259", "dead-weblogs.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-08-04 18:00:52", "100", "https://tria.ge/250804-v2vqhsvry4", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 15:35:05", "1564244", "wakilamakila.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://bazaar.abuse.ch/sample/7b609924bfb9edfbc69cd7394ce44d944c75ed62ad72465b2710bd4dc59aabc1/", "ConnectWise,ScreenConnect", "0", "abuse_ch"
"2025-08-04 14:19:53", "1564234", "docs.nynovation.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2025-08-04 17:10:06", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz"
"2025-08-04 14:19:52", "1564236", "sdkfsf.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake,ClickFix", "0", "threatcat_ch"
"2025-08-04 14:19:52", "1564237", "jdaklsjdklajsldkjd.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake,ClickFix", "0", "threatcat_ch"
"2025-08-04 14:19:51", "1564238", "daskldalkdalskdktktk.cloud", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake,ClickFix", "0", "threatcat_ch"
"2025-08-04 14:19:51", "1564239", "zincheckyou.cloud", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake,ClickFix", "0", "threatcat_ch"
"2025-08-04 13:10:28", "1564232", "rx.softlinko.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 17:10:29", "75", "None", "5%563,Vidar", "0", "abuse_ch"
"2025-08-04 12:50:05", "1564227", "dsswew.website", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:50:33", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-04 12:49:56", "1564226", "api.teemaaby.dpdns.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:50:25", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-04 12:02:35", "1564223", "going-documents.gl.at.ply.gg", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://tria.ge/250804-mdqsnaywbt", "C2,domain,neptunerat,rat,triage", "0", "DonPasci"
"2025-08-04 12:01:37", "1564214", "dazzling-elbakyan.192-227-134-76.plesk.page", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/192.227.134.76+dazzling-elbakyan.192-227-134-76.plesk.page", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci"
"2025-08-04 12:01:09", "1564210", "obyonlinez.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-04 12:01:09", "100", "https://tria.ge/250804-h2ecbaymy5", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-08-04 12:00:54", "1564204", "yoriabd.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250804-hg7hcsyks9", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-08-04 12:00:45", "1564202", "xwormv7.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-klaejaxwfs", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 11:10:32", "1564192", "mx.softlinko.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 12:11:05", "75", "None", "5%563,Vidar", "0", "abuse_ch"
"2025-08-04 08:19:58", "1564163", "hypnos-api.kapakhost.my.id", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots"
"2025-08-04 08:19:47", "1564162", "www.yperswapai.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564146", "www.oyukj.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564147", "www.pace-capsule-house.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564148", "www.qpi.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564149", "www.r-ing.tech", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564150", "www.raftdistillery.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564151", "www.remium5.tokyo", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564152", "www.sotonic.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564153", "www.sy739.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564154", "www.sy907.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564155", "www.tokia.cloud", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564156", "www.umss.qpon", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564157", "www.uputamadre.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564158", "www.us82.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564159", "www.utfinpost.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564160", "www.wdiks.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:46", "1564161", "www.yhyqoeziut.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564125", "www.eshai.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564126", "www.etlemonlightsite.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564127", "www.etr3water.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564128", "www.g51-lzal1646.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564129", "www.gdyej.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564130", "www.gmqs5.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564131", "www.h123.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564132", "www.heryl866.forum", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564133", "www.i1.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564134", "www.ic-staking.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564135", "www.ightspotin.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564136", "www.ijnbedrijfskleding.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564137", "www.irstcarepartners.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564138", "www.lujjq.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564139", "www.lvfun.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564140", "www.m155.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564141", "www.nayasa.tech", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564142", "www.odesigngurulabs.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564143", "www.ompira.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564144", "www.orven.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:45", "1564145", "www.ow50p.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564106", "www.ataract-surgery-15490.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564107", "www.atinca.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564108", "www.avannah.ventures", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564109", "www.aximocastillo.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564110", "www.azeti.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564111", "www.btreiu.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564112", "www.c1365.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564113", "www.c4829.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564114", "www.c5217.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564115", "www.dazi.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564116", "www.dton.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564117", "www.dvansebuisness.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564118", "www.eabook.mobi", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564119", "www.ecruittalentteam.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564120", "www.eebot.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564121", "www.eet-new-people-69853.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564122", "www.ellowapp.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564123", "www.encilzanybetazoom.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:44", "1564124", "www.ental-implants-22908.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:43", "1564098", "www.0sao.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:43", "1564099", "www.3779.page", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:43", "1564100", "www.6064.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:43", "1564101", "www.9xtver7.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:43", "1564102", "www.aapcommerce.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:43", "1564103", "www.aluechaser.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:43", "1564104", "www.aluxuryrealestate.homes", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:19:43", "1564105", "www.anzocommunityhub.services", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots"
"2025-08-04 08:01:28", "1563924", "edge-chat.allianz-courtage.co", "domain", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "100", "https://search.censys.io/hosts/196.251.116.39+edge-chat.allianz-courtage.co", "AS401116,C2,censys,Ermac,NYBULA,panel", "0", "DonPasci"
"2025-08-04 07:35:32", "1563910", "hawkeye.v6.navy", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/39c325f57379efa8f382ccb552ae22d759ab6115d4ce5e359c631a286cf395da/", "quasar", "0", "abuse_ch"
"2025-08-04 06:00:43", "1563895", "flipbaker-35783.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-ejk6cscl7s", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 06:00:43", "1563896", "similar-meta.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-bqds3s11fw", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 06:00:42", "1563893", "wealthyblessed.minhaempresa.tv", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-gcg68sej9y", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 06:00:42", "1563894", "union-victor.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-esxwhscn4s", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-04 05:50:30", "1563864", "ec2-47-129-44-166.ap-southeast-1.compute.amazonaws.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.129.44.166+ec2-47-129-44-166.ap-southeast-1.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys", "0", "dyingbreeds_"
"2025-08-04 05:50:27", "1563870", "ec2-54-244-199-31.us-west-2.compute.amazonaws.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.244.199.31+ec2-54-244-199-31.us-west-2.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "dyingbreeds_"
"2025-08-04 05:50:14", "1563820", "security.flhurgyard.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds"
"2025-08-04 05:50:13", "1563821", "nenziop.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds"
"2025-08-04 00:10:58", "1563854", "ty.softlinko.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-05 06:10:41", "75", "None", "5%563,Vidar", "0", "abuse_ch"
"2025-08-03 20:01:33", "1563818", "vpn294647220.softether.net", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/192.227.134.76+vpn294647220.softether.net", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci"
"2025-08-03 18:03:55", "1563794", "ayoub111.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "https://tria.ge/250803-tm529saq8v", "C2,cybergate,domain,rat,triage", "0", "DonPasci"
"2025-08-03 18:03:55", "1563795", "hackcoder.no-ip.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "https://tria.ge/250803-rrwchstsey", "C2,cybergate,domain,rat,triage", "0", "DonPasci"
"2025-08-03 18:00:45", "1563791", "thing-ob.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-03 18:00:46", "100", "https://tria.ge/250803-tbsykaan6w", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-08-03 18:00:40", "1563790", "versionestablefinal.kozow.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250803-sbtz7axjs6", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2025-08-03 18:00:36", "1563789", "follow-absent.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250803-v85t3ack4s", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-03 16:56:28", "1563783", "fillettx.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/8041ad17-7ad9-4741-bfd9-87059d0af671", "None", "0", "pitachu"
"2025-08-03 12:04:57", "1563762", "version-affected.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "https://tria.ge/250803-hbzwbshn5t", "android,C2,domain,spynote,triage", "0", "DonPasci"
"2025-08-03 12:02:58", "1563761", "technology-rome.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250803-k6yb4asjy6", "C2,domain,njrat,triage", "0", "DonPasci"
"2025-08-03 12:01:16", "1563759", "m.allianz-courtage.co", "domain", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "100", "https://search.censys.io/hosts/196.251.116.39+m.allianz-courtage.co", "AS401116,C2,censys,Ermac,NYBULA,panel", "0", "DonPasci"
"2025-08-03 12:01:10", "1563757", "office304.duckdns.org", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-04 04:00:39", "100", "https://search.censys.io/hosts/5.161.144.140+office304.duckdns.org", "AS213230,C2,censys,Havoc,HETZNER-CLOUD2-AS", "0", "DonPasci"
"2025-08-03 12:00:43", "1563746", "bbvlljwwd.localto.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250803-j6l4dsyybw", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-08-03 12:00:33", "1563745", "monstr.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250803-lpmppsck6w", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-08-03 11:10:29", "1563743", "ww.softlinko.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 07:35:41", "75", "None", "5%563,Vidar", "0", "abuse_ch"
"2025-08-03 08:00:57", "1563718", "fc.verifiedaccesssecure.icu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-04 04:00:30", "100", "https://search.censys.io/hosts/196.251.115.244+fc.verifiedaccesssecure.icu", "AS401116,AsyncRAT,C2,censys,NYBULA,RAT", "0", "DonPasci"
"2025-08-03 07:28:21", "1563713", "Ezlolsrealisgood-64048.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots"
"2025-08-03 07:28:21", "1563714", "xfini900.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots"
"2025-08-03 06:51:08", "1563611", "ecs-120-46-72-74.compute.hwclouds-dns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/120.46.72.74+ecs-120-46-72-74.compute.hwclouds-dns.com", "AS55990,C2,censys", "0", "dyingbreeds_"
"2025-08-03 06:51:08", "1563612", "camp.updays.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.43.139.175+camp.updays.top", "AS45090,C2,censys", "0", "dyingbreeds_"
"2025-08-03 06:51:07", "1563610", "camptesting.updays.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.43.139.175+camptesting.updays.top", "AS45090,C2,censys", "0", "dyingbreeds_"
"2025-08-03 06:51:01", "1563570", "security.flerfgurda.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds"
"2025-08-03 06:51:01", "1563571", "venciols.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds"
# Number of entries: 140