################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2025-04-25 14:03:42 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-04-25 14:03:42", "1511410", "lizyf.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 14:03:41", "1511415", "http://88.214.50.3/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS50340,JSC Selectel,odyssey", "0", "antiphishorg" "2025-04-25 13:38:38", "1511419", "31.9.48.183:5555", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots" "2025-04-25 13:34:03", "1511418", "lianxinxiao.com", "domain", "botnet_cc", "js.beavertail", "None", "BeaverTail", "", "50", "", "beavertail,c2", "0", "juroots" "2025-04-25 13:25:31", "1511412", "f48857263991eea1880de0f62b3d1d37101c2e7739dcd8629b24260d08850f9c", "sha256_hash", "payload", "unknown_rat", "None", "Unknown RAT", "", "50", "https://blogs.jpcert.or.jp/en/2025/04/dslogdrat.html", "DslogdRAT", "0", "juroots" "2025-04-25 13:25:31", "1511413", "1dd64c00f061425d484dd67b359ad99df533aa430632c55fa7e7617b55dab6a8", "sha256_hash", "payload", "unknown_rat", "None", "Unknown RAT", "", "50", "https://blogs.jpcert.or.jp/en/2025/04/dslogdrat.html", "DslogdRAT", "0", "juroots" "2025-04-25 13:25:31", "1511414", "b1221000f43734436ec8022caaa34b133f4581ca3ae8eccd8d57ea62573f301d", "sha256_hash", "payload", "unknown_rat", "None", "Unknown RAT", "", "50", "https://blogs.jpcert.or.jp/en/2025/04/dslogdrat.html", "DslogdRAT", "0", "juroots" "2025-04-25 13:25:21", "1511411", "3.112.192.119:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://blogs.jpcert.or.jp/en/2025/04/dslogdrat.html", "c2,DslogdRAT", "0", "juroots" "2025-04-25 13:16:19", "1511409", "files.fnomworldwide.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114398766272509702", "SocGholish", "0", "monitorsg" "2025-04-25 13:09:18", "1511404", "https://security.guarbcfelare.com/B6c4D1a9F8g3H7e5N6b5A9dE4f", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 13:09:17", "1511405", "security.guarbcfelare.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 13:09:17", "1511406", "https://security.guarbcfelare.com/wordpress", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 13:09:16", "1511407", "https://www.coligeme.com/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 13:09:16", "1511408", "www.coligeme.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 13:05:13", "1511256", "muhoj.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 13:05:12", "1511402", "sylaj.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 12:56:41", "1511403", "123.207.79.51:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-25 12:01:52", "1511401", "209.145.56.66:8443", "ip:port", "botnet_cc", "win.crimson", "SEEDOOR,Scarimson", "Crimson RAT", "", "100", "https://search.censys.io/hosts/209.145.56.66", "AS40021,C2,censys,Crimson,NL-811-40021,RAT", "0", "DonPasci" "2025-04-25 12:01:51", "1511400", "93.198.191.241:82", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/93.198.191.241", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci" "2025-04-25 12:01:50", "1511399", "156.208.38.51:4445", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/156.208.38.51", "AS8452,C2,censys,DcRAT,RAT,TE-AS", "0", "DonPasci" "2025-04-25 12:01:46", "1511398", "77.83.198.61:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/77.83.198.61", "AS59711,C2,censys,Havoc,HZ-EU-AS", "0", "DonPasci" "2025-04-25 12:01:41", "1511397", "139.99.25.131:8082", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/139.99.25.131", "AS16276,C2,censys,Hookbot,OVH", "0", "DonPasci" "2025-04-25 12:01:40", "1511395", "ip131.ip-139-99-25.net", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/139.99.25.131+ip131.ip-139-99-25.net", "AS16276,C2,censys,Hookbot,OVH", "0", "DonPasci" "2025-04-25 12:01:40", "1511396", "139.99.25.131:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/139.99.25.131", "AS16276,C2,censys,Hookbot,OVH", "0", "DonPasci" "2025-04-25 12:01:39", "1511394", "144.172.87.71:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/144.172.87.71", "AS14956,C2,censys,Mythic,ROUTERHOSTING", "0", "DonPasci" "2025-04-25 12:01:00", "1511393", "104.37.4.101:6002", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/104.37.4.101", "ACEHOSTONLINE,AS214059,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-25 12:00:44", "1511392", "47.109.177.97:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.109.177.97", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-25 12:00:43", "1511390", "194.102.104.25:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/194.102.104.25", "AS48753,AVAHOHST,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-25 12:00:43", "1511391", "149.104.30.130:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/149.104.30.130", "AS139659,C2,censys,CobaltStrike,cs-watermark-987654321,LUCID-AS-AP", "0", "DonPasci" "2025-04-25 12:00:42", "1511389", "116.198.229.197:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/116.198.229.197", "AS137699,C2,censys,CHINATELECOM-JIANGSU-SUQIAN-IDC,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-25 10:46:37", "1511382", "www.upport-meta2903.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511383", "www.uv3kq5tvbkys.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511384", "www.vertdzb.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511385", "www.winx6.casino", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511386", "www.x39q.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511387", "www.zev.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:37", "1511388", "www.zw5m.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511366", "www.ogparks.club", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511367", "www.omiq.tech", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511368", "www.orchers.world", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511369", "www.orkshopaicollaborationhub.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511370", "www.ovaecho.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511371", "www.palmsrd.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511372", "www.reta99.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511373", "www.rishticodiegfortysix.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511374", "www.ritishpanel.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511375", "www.rostygust.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511376", "www.slarose.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511377", "www.ssiduousate.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511378", "www.tn67n.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511379", "www.uangjiahao.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511380", "www.uper-bowl-kickoff-time.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:36", "1511381", "www.uponbs3.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511351", "www.ires-72090.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511352", "www.ixmy.beauty", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511353", "www.khsim.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511354", "www.ksp679.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511355", "www.lanajoyeria.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511356", "www.layplus77.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511357", "www.levateballoonco.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511358", "www.lobaltravelbookings.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511359", "www.mail-marketing-job-62763.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511360", "www.marcato.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511361", "www.ndimadeahome.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511362", "www.nnotechbs.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511363", "www.odeatoll.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511364", "www.odzat.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:35", "1511365", "www.oftfusion.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511339", "www.atizenairdrop.bet", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511340", "www.audace.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511341", "www.avino.website", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511342", "www.bcw1219.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511343", "www.ellwish.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511344", "www.ethil.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511345", "www.fp8ch.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511346", "www.hieh33.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511347", "www.ideoxxfree.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511348", "www.igaborgz.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511349", "www.ightmareroad.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:34", "1511350", "www.inancialfreedomclub.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511326", "www.4260686.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511327", "www.488ns.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511328", "www.8ekcmt.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511329", "www.8j3tfb2djzoo.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511330", "www.9o8yd.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511331", "www.alisisi.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511332", "www.andygirls.biz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511333", "www.arisasuestalvey.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511334", "www.arka.group", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511335", "www.aser-eye-surgery-3291.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511336", "www.ash-paying-jobs-79621.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511337", "www.asinocruiseclub.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:33", "1511338", "www.astertechhub.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:32", "1511324", "www.1198.pet", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:32", "1511325", "www.4260621.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:22", "1511323", "http://www.zw5m.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511316", "http://www.uponbs3.pro/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511317", "http://www.upport-meta2903.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511318", "http://www.uv3kq5tvbkys.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511319", "http://www.vertdzb.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511320", "http://www.winx6.casino/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511321", "http://www.x39q.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511322", "http://www.zev.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511307", "http://www.reta99.info/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511308", "http://www.rishticodiegfortysix.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511309", "http://www.ritishpanel.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511310", "http://www.rostygust.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511311", "http://www.slarose.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511312", "http://www.ssiduousate.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511313", "http://www.tn67n.cfd/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511314", "http://www.uangjiahao.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511315", "http://www.uper-bowl-kickoff-time.cfd/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511300", "http://www.oftfusion.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511301", "http://www.ogparks.club/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511302", "http://www.omiq.tech/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511303", "http://www.orchers.world/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511304", "http://www.orkshopaicollaborationhub.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511305", "http://www.ovaecho.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511306", "http://www.palmsrd.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511292", "http://www.levateballoonco.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511293", "http://www.lobaltravelbookings.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511294", "http://www.mail-marketing-job-62763.bond/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511295", "http://www.marcato.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511296", "http://www.ndimadeahome.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511297", "http://www.nnotechbs.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511298", "http://www.odeatoll.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511299", "http://www.odzat.info/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511284", "http://www.ightmareroad.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511285", "http://www.inancialfreedomclub.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511286", "http://www.ires-72090.bond/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511287", "http://www.ixmy.beauty/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511288", "http://www.khsim.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511289", "http://www.ksp679.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511290", "http://www.lanajoyeria.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511291", "http://www.layplus77.vip/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511277", "http://www.bcw1219.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511278", "http://www.ellwish.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511279", "http://www.ethil.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511280", "http://www.fp8ch.cfd/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511281", "http://www.hieh33.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511282", "http://www.ideoxxfree.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511283", "http://www.igaborgz.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511271", "http://www.ash-paying-jobs-79621.bond/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511272", "http://www.asinocruiseclub.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511273", "http://www.astertechhub.info/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511274", "http://www.atizenairdrop.bet/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511275", "http://www.audace.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511276", "http://www.avino.website/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511264", "http://www.8j3tfb2djzoo.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511265", "http://www.9o8yd.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511266", "http://www.alisisi.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511267", "http://www.andygirls.biz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511268", "http://www.arisasuestalvey.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511269", "http://www.arka.group/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511270", "http://www.aser-eye-surgery-3291.bond/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:13", "1511259", "http://www.1198.pet/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:13", "1511260", "http://www.4260621.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:13", "1511261", "http://www.4260686.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:13", "1511262", "http://www.488ns.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:13", "1511263", "http://www.8ekcmt.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:45:19", "1511258", "149.210.66.4:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "50", "https://www.shodan.io/host/149.210.66.4#443", "c2,gh0st,shodan", "0", "juroots" "2025-04-25 10:45:17", "1511257", "45.114.60.209:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/45.114.60.209#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-25 09:36:10", "1511255", "https://vlongitudde.digital/wizu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/30810c2fa79e24d7835cb4faac6470885530491cbb2410e938e5a073b3c9baef/", "lumma", "0", "abuse_ch" "2025-04-25 09:17:00", "1511252", "https://core.keloimnau.org/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 09:17:00", "1511253", "core.keloimnau.org", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 09:10:38", "1511254", "196.251.86.114:5050", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/3d1aa1b4d3e7d1f5c333fde0c188bb73ddcb2a6c07b50fce6dd84a735b37063d/", "XWorm", "0", "abuse_ch" "2025-04-25 09:09:24", "1511251", "172.111.163.162:2983", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://bazaar.abuse.ch/sample/b9aa64a363590b45a781f17b09f8ccb75727071281d26b4394d8174df1f87a53/", "AsyncRAT,RAT", "0", "abuse_ch" "2025-04-25 09:09:19", "1511250", "maxbusinessclub.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://bazaar.abuse.ch/sample/b9aa64a363590b45a781f17b09f8ccb75727071281d26b4394d8174df1f87a53/", "AsyncRAT,RAT", "0", "abuse_ch" "2025-04-25 09:05:15", "1511249", "89.185.84.127:443", "ip:port", "botnet_cc", "win.metastealer", "None", "MetaStealer", "", "75", "https://bazaar.abuse.ch/sample/17ad6e2c8fb12b9c3d587cf7a4814bf6e20758589e82517420f196599c75f1ec/", "MetaStealer", "0", "abuse_ch" "2025-04-25 09:01:14", "1511248", "https://qfybiosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/f2793aaf5a9a67e134a2aa9690c463617ddf119a9135b384e5fa6ba397b06018/", "lumma", "0", "abuse_ch" "2025-04-25 09:00:49", "1511247", "https://eclimatologfy.top/kbud", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/f2793aaf5a9a67e134a2aa9690c463617ddf119a9135b384e5fa6ba397b06018/", "lumma", "0", "abuse_ch" "2025-04-25 09:00:25", "1511246", "https://bclimatologfy.top/kbud", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/c433a36183d269a58ebe8c9945e6bf396e14eb5e73aa27e919b8f595cca569e2/", "lumma", "0", "abuse_ch" "2025-04-25 08:56:12", "1511245", "http://79.124.78.173/incongruousness.php", "url", "botnet_cc", "win.koistealer", "None", "Koi Stealer", "", "100", "https://bazaar.abuse.ch/sample/f87cf2f67dbbbe69e14dc40cca510ec19034f1787b6c4167c1fae078f3fe5aed/", "KoiStealer", "0", "abuse_ch" "2025-04-25 08:56:00", "1511244", "https://lbiosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/81af75f048244359a5fc356540fdd2a08f18f71db0996867959f6de4857c035a/", "lumma", "0", "abuse_ch" "2025-04-25 08:55:39", "1511243", "https://ciwoodpeckersd.run/glsk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/81af75f048244359a5fc356540fdd2a08f18f71db0996867959f6de4857c035a/", "lumma", "0", "abuse_ch" "2025-04-25 08:55:25", "1511242", "https://avigorbridgoe.top/banb", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/81af75f048244359a5fc356540fdd2a08f18f71db0996867959f6de4857c035a/", "lumma", "0", "abuse_ch" "2025-04-25 08:44:07", "1511241", "117.24.3.176:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-25 08:43:02", "1511240", "1.161.124.86:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-25 08:40:57", "1511239", "https://ywoodpeckersd.run/glsk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/fe7ac05c15c4cb2f7d2c9091f471b6285bdb24c3196eaa19b14500f7d7a0a21a/", "lumma", "0", "abuse_ch" "2025-04-25 08:40:52", "1511238", "https://ufclimatologfy.top/kbud", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/fe7ac05c15c4cb2f7d2c9091f471b6285bdb24c3196eaa19b14500f7d7a0a21a/", "lumma", "0", "abuse_ch" "2025-04-25 08:40:21", "1511237", "https://3cartograhphy.top/ixau", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/fe7ac05c15c4cb2f7d2c9091f471b6285bdb24c3196eaa19b14500f7d7a0a21a/", "lumma", "0", "abuse_ch" "2025-04-25 08:28:53", "1511234", "cdn.optitc.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "clickfix", "0", "juroots" "2025-04-25 08:28:53", "1511235", "signature908.golf", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "clickfix", "0", "juroots" "2025-04-25 08:28:53", "1511236", "corner427.space", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "clickfix", "0", "juroots" "2025-04-25 08:28:11", "1511233", "aardvarkw.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-04-25 08:27:26", "1511228", "eshopper.top", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "TOAD", "0", "juroots" "2025-04-25 08:27:26", "1511229", "mvhelp.cc", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "TOAD", "0", "juroots" "2025-04-25 08:27:26", "1511230", "helpset123.site", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "TOAD", "0", "juroots" "2025-04-25 08:27:26", "1511231", "300005.ru", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "TOAD", "0", "juroots" "2025-04-25 08:27:26", "1511232", "desktool.buzz", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "TOAD", "0", "juroots" "2025-04-25 08:27:24", "1511227", "154.81.179.131:9645", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "75", "https://bazaar.abuse.ch/sample/a19462aa4e4ef8ac23ee40366abae865b40501536c09c4efbb91c8418df1fd7a/", "Rhadamanthys", "0", "abuse_ch" "2025-04-25 08:24:59", "1511225", "193.161.193.99:29924", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:24:59", "1511226", "147.185.221.27:58573", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:59", "1511222", "zdwdwadzdwa-51598.portmap.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:59", "1511223", "centre-shake.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:59", "1511224", "reo.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:05", "1511219", "https://pastebin.com/raw/4jmDMm15", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:05", "1511220", "https://pastebin.com/raw/rnBKQG1E", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:05", "1511221", "https://pastebin.com/raw/s21LHj8E", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:01", "1511154", "know-knock-who-is-here.pages.dev", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 08:23:01", "1511155", "security-a2k8-go.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 08:23:00", "1511156", "rugyg.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 08:23:00", "1511169", "https://www.keloimnau.org/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 08:22:59", "1511190", "194.87.232.26:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2025-04-25 08:22:28", "1511216", "62.60.226.139:30303", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-25 08:22:28", "1511217", "62.60.226.139:30304", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-25 08:22:28", "1511218", "62.60.226.139:30305", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-25 08:22:09", "1511214", "obinwannedimna.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-25 08:22:09", "1511215", "rem25rem.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-25 08:21:52", "1511213", "80.64.16.35:1912", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "50", "", "c2,redline", "0", "juroots" "2025-04-25 08:21:36", "1511209", "friends-virginia.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-04-25 08:21:36", "1511210", "games-travel.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-04-25 08:21:36", "1511211", "scriptdagoat-42745.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-04-25 08:21:36", "1511212", "tobixhere-32449.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-04-25 08:21:17", "1511208", "147.185.221.27:54782", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "50", "", "c2,orcus", "0", "juroots" "2025-04-25 08:20:49", "1511207", "a-ended.gl.at.ply.gg", "domain", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "50", "", "c2,orcus", "0", "juroots" "2025-04-25 08:20:27", "1511206", "hacking01.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots" "2025-04-25 08:20:12", "1511204", "fiushion.online", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-04-25 08:20:12", "1511205", "huyxingum.mikustore.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-04-25 08:19:14", "1511202", "donaldcity.club", "domain", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "", "c2,glupteba", "0", "juroots" "2025-04-25 08:19:14", "1511203", "nevernews.club", "domain", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "", "c2,glupteba", "0", "juroots" "2025-04-25 08:18:45", "1511201", "114.66.58.133:8995", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-04-25 08:18:07", "1511200", "https://chaintraderx.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/01966c06-7dab-700c-9870-893688401eb4", "fakecaptcha,urlscan", "0", "juroots" "2025-04-25 08:18:06", "1511199", "https://we-will.servegame.com/Verify/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/01966c06-794b-721c-ad45-0d8d5143e733", "fakecaptcha,urlscan", "0", "juroots" "2025-04-25 08:14:53", "1511198", "http://185.147.124.116/M0XmDru/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/01966c03-85c6-73de-bb25-fac224753acc", "amadey,c2,urlscan", "0", "juroots" "2025-04-25 08:14:39", "1511197", "http://147.45.44.116/c60d76a15a1d4de5.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/01966c03-507b-736c-a578-aca2b8ce91d4", "c2,stealc,urlscan", "0", "juroots" "2025-04-25 08:13:07", "1511196", "177.234.144.240:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/177.234.144.240#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2025-04-25 08:12:49", "1511195", "54.70.105.247:11065", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/54.70.105.247#11065", "c2,netbus,shodan", "0", "juroots" "2025-04-25 08:12:34", "1511194", "13.232.77.18:427", "ip:port", "botnet_cc", "win.blackshades", "None", "BlackShades", "", "50", "https://www.shodan.io/host/13.232.77.18#427", "blackshades,c2,shodan", "0", "juroots" "2025-04-25 08:12:18", "1511193", "105.197.154.83:1177", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "https://www.shodan.io/host/105.197.154.83#1177", "c2,njrat,shodan", "0", "juroots" "2025-04-25 08:12:06", "1511192", "196.251.84.27:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "https://www.shodan.io/host/196.251.84.27#443", "c2,nanocore,shodan", "0", "juroots" "2025-04-25 08:11:50", "1511191", "95.182.122.252:80", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "", "50", "https://www.shodan.io/host/95.182.122.252#80", "c2,posh,shodan", "0", "juroots" "2025-04-25 08:11:15", "1511189", "60.17.15.218:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/60.17.15.218#7443", "c2,covenant,shodan", "0", "juroots" "2025-04-25 08:10:43", "1511187", "158.247.247.157:80", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "https://www.shodan.io/host/158.247.247.157#80", "c2,kimsuky,shodan", "0", "juroots" "2025-04-25 08:10:43", "1511188", "158.247.243.223:443", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "https://www.shodan.io/host/158.247.243.223#443", "c2,kimsuky,shodan", "0", "juroots" "2025-04-25 08:10:27", "1511185", "177.136.225.145:9443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://www.shodan.io/host/177.136.225.145#9443", "c2,havoc,shodan", "0", "juroots" "2025-04-25 08:10:27", "1511186", "23.254.215.118:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://www.shodan.io/host/23.254.215.118#443", "c2,havoc,shodan", "0", "juroots" "2025-04-25 08:09:55", "1511184", "3.26.24.29:14082", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/3.26.24.29#14082", "c2,netsupport,shodan", "0", "juroots" "2025-04-25 08:09:54", "1511183", "3.91.49.221:15", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/3.91.49.221#15", "c2,netsupport,shodan", "0", "juroots" "2025-04-25 08:09:37", "1511181", "157.20.182.6:1337", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/157.20.182.6#1337", "asyncrat,c2,shodan", "0", "juroots" "2025-04-25 08:09:37", "1511182", "172.111.139.42:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/172.111.139.42#4444", "asyncrat,c2,shodan", "0", "juroots" "2025-04-25 08:09:13", "1511180", "84.247.148.249:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/84.247.148.249#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-25 08:09:12", "1511178", "43.163.196.208:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/43.163.196.208#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-25 08:09:12", "1511179", "139.84.172.231:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/139.84.172.231#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-25 08:08:54", "1511177", "119.91.49.133:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/119.91.49.133#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-25 08:08:53", "1511176", "119.45.178.251:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/119.45.178.251#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-25 08:08:52", "1511173", "185.243.96.104:5556", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/185.243.96.104#5556", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-25 08:08:52", "1511174", "207.2.122.10:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/207.2.122.10#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-25 08:08:52", "1511175", "18.159.210.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/18.159.210.194#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-25 08:08:28", "1511171", "185.43.4.70:8005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/185.43.4.70#8005", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-04-25 08:08:28", "1511172", "160.19.79.251:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/160.19.79.251#8443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-04-25 08:08:25", "1511170", "u1.pridefulamaretto.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "100", "", "clearfake", "1", "ttakvam" "2025-04-25 08:01:49", "1511168", "3.96.191.215:2761", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/3.96.191.215", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-25 08:01:48", "1511167", "18.185.33.50:4841", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.185.33.50", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-25 08:01:47", "1511166", "86.54.42.245:591", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/86.54.42.245", "AS42624,C2,censys,DcRAT,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-04-25 08:01:43", "1511165", "45.61.151.127:2096", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/45.61.151.127", "AS14956,C2,censys,Havoc,ROUTERHOSTING", "0", "DonPasci" "2025-04-25 08:01:31", "1511163", "49.113.75.76:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/49.113.75.76", "AS4134,C2,censys,CHINANET-BACKBONE,Supershell", "0", "DonPasci" "2025-04-25 08:01:31", "1511164", "16.162.136.113:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/16.162.136.113", "AMAZON-02,AS16509,C2,censys,Supershell", "0", "DonPasci" "2025-04-25 08:01:06", "1511162", "57.128.219.114:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/57.128.219.114", "AS16276,C2,censys,OVH,Sliver", "0", "DonPasci" "2025-04-25 08:01:03", "1511161", "147.93.146.25:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/147.93.146.25", "AS40021,C2,censys,NL-811-40021,RAT,Remcos", "0", "DonPasci" "2025-04-25 08:01:01", "1511160", "104.37.4.100:6001", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/104.37.4.100", "ACEHOSTONLINE,AS214059,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-25 08:00:44", "1511159", "47.109.82.220:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.109.82.220", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-04-25 08:00:42", "1511158", "194.36.171.78:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/194.36.171.78", "AS56971,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-25 08:00:41", "1511157", "49.232.56.252:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/49.232.56.252", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-04-25 06:14:46", "1511151", "74ee8681dae4256ddc98a24f8fcf781312498958e8c46f5beab5f81105eb518e", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250425-grc6tszyez/behavioral1", "miner", "0", "UNP4CK" "2025-04-25 06:14:46", "1511152", "https://core.keloimnau.info/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 06:14:45", "1511153", "core.keloimnau.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 06:00:56", "1511149", "https://xclarmodq.top/qoxo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/65a435a3b0ace3d07135bc53e436171dfaaea4004227b28a04906d44c3024f8c/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:56", "1511150", "https://ybiosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2a1bf01043733257d98ee794940936d2376ccb62a2c487d200dbe11042ef3447/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:45", "1511148", "https://slatitudert.live/teui", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/44131bee0c57b89ebd063b5d588bd59855d6dbdad0330072c54747b3632d87a3/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:39", "1511147", "https://nequatorf.run/reiq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/44131bee0c57b89ebd063b5d588bd59855d6dbdad0330072c54747b3632d87a3/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:35", "1511146", "https://hnwoodpeckersd.run/glsk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/65a435a3b0ace3d07135bc53e436171dfaaea4004227b28a04906d44c3024f8c/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:16", "1511145", "https://ahemispherexz.top/xapp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2a1bf01043733257d98ee794940936d2376ccb62a2c487d200dbe11042ef3447/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:15", "1511144", "https://8biosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/09dda49859ea290ea2116c64a4bc04daac8855fa11c791f66e1d7866e20dc700/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:13", "1511143", "https://0topographky.top/xlak", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/87922c7e74f51e7d7d965c5ea64d881bdad501b05794376155db64a1c555aec8/", "lumma", "0", "abuse_ch" "2025-04-25 05:55:32", "1511142", "https://rlatitudert.live/teui", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/e4016d038412ccf966bbac6b07615124b005603e70b100684f59077d91ba1849/", "lumma", "0", "abuse_ch" "2025-04-25 05:55:29", "1511141", "https://mclimatologfy.top/kbud", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/a8a03108c09e3887d03b3c3609567625b904b63564d7097160726c3adb2616ac/", "lumma", "0", "abuse_ch" "2025-04-25 05:55:26", "1511140", "https://fclarmodq.top/qoxo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/a8a03108c09e3887d03b3c3609567625b904b63564d7097160726c3adb2616ac/", "lumma", "0", "abuse_ch" "2025-04-25 05:55:25", "1511139", "https://digilayerx.digital/hmand", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/e4016d038412ccf966bbac6b07615124b005603e70b100684f59077d91ba1849/", "lumma", "0", "abuse_ch" "2025-04-25 05:35:43", "1511136", "http://beemorning.icu/apr.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-25 05:35:43", "1511137", "http://beemorning.icu/apri.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-25 05:35:43", "1511138", "http://birthteeth.xyz/oil.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-25 05:34:04", "1511135", "https://fleshplants.xyz/art.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-25 05:29:05", "1511134", "kuqob.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-25 05:27:07", "1511133", "1.94.255.158:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-04-25 05:27:06", "1511132", "121.40.154.130:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-04-25 05:27:05", "1511129", "43.137.42.33:1234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890", "0", "abuse_ch" "2025-04-25 05:27:05", "1511130", "47.121.222.227:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-04-25 05:27:05", "1511131", "160.202.227.54:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-04-25 05:26:48", "1511128", "47.111.125.229:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-04-25 05:26:46", "1511127", "139.159.212.103:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666", "0", "abuse_ch" "2025-04-25 05:24:32", "1511012", "tafoz.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 05:24:31", "1511013", "microsoftftp.serveftp.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2025-04-25 05:24:31", "1511014", "5105e61845ae0f024981b0eecee299c235768a6df15a9af1a1b0761bdd92e3b7", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250424-x1h2fasxg1/behavioral1", "backdoor,discovery,trojan", "0", "UNP4CK" "2025-04-25 05:24:30", "1511015", "8b6d4834df5a195ee0b81ae1e0d7b4ee93d0d6b9f83bc175e2d2bf151ab9ca8c", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "https://tria.ge/250424-x2t54asyby/behavioral1", "aspackv2,defense_evasion,discovery,persistence", "0", "UNP4CK" "2025-04-25 05:24:30", "1511016", "vogos.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 05:24:30", "1511043", "https://analytiwave.com/api/getUrl", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:29", "1511044", "https://goclouder.org/6a1F2b3C4d5E6f7A8b9C0d1E2f3A4b5/", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:28", "1511045", "https://security.cludfgard.com/B6c4D1a9F8g3H7e5N6b5A9dE4f", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:28", "1511046", "https://security.cludfgard.com/wordpress", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:27", "1511047", "https://www.nemzieo.info/cloudflare.msi", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:27", "1511048", "www.nemzieo.info", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:27", "1511051", "https://undo.sg/file.exe", "url", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8dbab5db9d1c394a9a46efd3d7619dcebcdb2131edef1f2db9f6d11d6df48f1b/", "Lumma", "1", "user35335" "2025-04-25 05:24:26", "1511052", "undo.sg", "domain", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8dbab5db9d1c394a9a46efd3d7619dcebcdb2131edef1f2db9f6d11d6df48f1b/", "Lumma", "1", "user35335" "2025-04-25 05:24:26", "1511061", "napiv.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-25 05:24:25", "1511075", "goclouder.org", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:24", "1511076", "https://security.flaearegyaard.com/B6c4D1a9F8g3H7e5N6b5A9dE4f", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:24", "1511077", "security.flaearegyaard.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:23", "1511078", "https://security.flaearegyaard.com/wordpress", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:22", "1511079", "https://keloimnau.com/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:22", "1511080", "keloimnau.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:21", "1511082", "https://www.keloimnau.com/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:21", "1511083", "https://keloimnau.info/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:21", "1511084", "keloimnau.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:14", "1511085", "https://grrlspace.com/4d2a.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114396169605841949", "KongTuke", "0", "monitorsg" "2025-04-25 05:24:14", "1511087", "https://core.keloimnau.com/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:13", "1511086", "https://grrlspace.com/js.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114396169605841949", "KongTuke", "0", "monitorsg" "2025-04-25 05:24:12", "1511088", "core.keloimnau.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:11", "1511089", "194.36.171.78:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/194.36.171.78", "AS56971,C2,censys", "0", "dyingbreeds_" "2025-04-25 05:24:11", "1511090", "113.45.10.142:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/113.45.10.142", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-04-25 05:24:10", "1511091", "111.173.104.176:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/111.173.104.176", "AS148981,C2,censys", "0", "dyingbreeds_" "2025-04-25 05:24:09", "1511092", "176.65.142.74:3371", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.65.142.74", "AS215240,C2,censys,NETRESEARCH,RAT", "0", "dyingbreeds_" "2025-04-25 05:24:09", "1511093", "128.90.106.101:4000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/128.90.106.101", "AS40861,C2,censys,PARAD-40-ASN,RAT", "0", "dyingbreeds_" "2025-04-25 05:24:08", "1511096", "192.24.224.215:8880", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/192.24.224.215", "AS6181,C2,censys,FUSE-NET,Mythic", "0", "dyingbreeds_" "2025-04-25 05:24:07", "1511095", "192.24.224.215:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/192.24.224.215", "AS6181,C2,censys,FUSE-NET,Mythic", "0", "dyingbreeds_" "2025-04-25 05:24:06", "1511094", "128.90.106.101:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/128.90.106.101", "AS40861,C2,censys,PARAD-40-ASN,RAT", "0", "dyingbreeds_" "2025-04-25 05:24:06", "1511097", "194.164.93.107:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/194.164.93.107", "AS8560,C2,censys", "0", "dyingbreeds_" "2025-04-25 05:24:05", "1511098", "192.153.57.116:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/192.153.57.116", "AS399629,BLNWX,C2,censys", "0", "dyingbreeds_" "2025-04-25 05:24:05", "1511103", "181.32.34.147:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/181.32.34.147", "AS3816,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:24:04", "1511099", "86.54.42.245:4444", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/86.54.42.245", "AS42624,C2,censys,RAT,SWISSNETWORK02", "0", "dyingbreeds_" "2025-04-25 05:24:04", "1511102", "80.98.145.41:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/80.98.145.41", "AS21334,ASN-VODAFONE-,C2,censys,Covenant", "0", "dyingbreeds_" "2025-04-25 05:24:03", "1511104", "51.68.26.225:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/51.68.26.225", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-04-25 05:24:03", "1511105", "157.10.73.118:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/157.10.73.118", "AS152301,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:24:03", "1511106", "217.125.90.31:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/217.125.90.31", "AS3352,censys,GoPhish,Phishing,TELEFONICA_DE_ESPANA", "0", "dyingbreeds_" "2025-04-25 05:23:52", "1511107", "13.127.79.254:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.127.79.254", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:51", "1511108", "3.126.234.72:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.126.234.72", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:51", "1511109", "128.85.35.85:38935", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/128.85.35.85", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:50", "1511110", "13.49.223.229:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.49.223.229", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:50", "1511111", "188.213.174.59:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/188.213.174.59", "ARUBA-ASN,AS31034,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:49", "1511114", "35.202.11.12:10443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/35.202.11.12", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:48", "1511112", "3.82.48.232:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.82.48.232", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:48", "1511113", "41.78.75.244:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/41.78.75.244", "AS37371,censys,GoPhish,HORMUUD,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:48", "1511115", "3.228.32.116:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.228.32.116", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:47", "1511116", "188.166.208.112:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/188.166.208.112", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:46", "1511119", "https://www.keloimnau.info/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:23:45", "1511120", "d7ad18e63064ef80cc6b98db54516f6f", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/VanHelsing%20Ransomware", "ransomware,vanhelsing", "0", "TheRavenFile" "2025-04-25 05:23:45", "1511121", "97150d47ea7779101be6582fc329c2cd", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/VanHelsing%20Ransomware", "ransomware,vanhelsing", "0", "TheRavenFile" "2025-04-25 05:23:45", "1511122", "084deb26cd9d8eff3f972e8e0c4adfe6", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/VanHelsing%20Ransomware", "ransomware,vanhelsing", "0", "TheRavenFile" "2025-04-25 05:23:45", "1511123", "6dc5021a0cbdbe6dea26d78afb43ebb3", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/VanHelsing%20Ransomware", "ransomware,vanhelsing", "0", "TheRavenFile" "2025-04-25 05:23:44", "1511125", "https://keloimnau.org/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:23:43", "1511126", "keloimnau.org", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 04:48:10", "1511124", "xuvyc.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-25 04:01:57", "1511118", "124.71.199.135:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/124.71.199.135", "AS55990,c2,c2-redirector,censys,HWCSNET,RedGuard", "0", "DonPasci" "2025-04-25 04:01:43", "1511117", "167.86.174.240:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/167.86.174.240", "AS25019,C2,censys,Netsupport,RAT,SAUDINETSTC-AS", "0", "DonPasci" "2025-04-25 04:01:00", "1511101", "140.228.29.33:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/140.228.29.33", "AS396073,C2,censys,MAJESTIC-HOSTING-01,RAT,Remcos", "0", "DonPasci" "2025-04-25 04:00:59", "1511100", "94.26.90.48:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/94.26.90.48", "AS214943,C2,censys,RAILNET,RAT,Remcos", "0", "DonPasci" "2025-04-25 00:40:08", "1511081", "http://139.5.1.172:43399/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf" "2025-04-25 00:01:46", "1511074", "13.246.39.244:6005", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/13.246.39.244", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-25 00:01:42", "1511073", "96-126-124-158.ip.linodeusercontent.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/96.126.124.158+96-126-124-158.ip.linodeusercontent.com", "AKAMAI-LINODE-AP,AS63949,C2,censys,Havoc", "0", "DonPasci" "2025-04-25 00:01:36", "1511071", "104.248.194.142:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/104.248.194.142", "AS14061,C2,censys,DIGITALOCEAN-ASN,Hookbot", "0", "DonPasci" "2025-04-25 00:01:36", "1511072", "ec2-13-250-199-140.ap-southeast-1.compute.amazonaws.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/13.250.199.140+ec2-13-250-199-140.ap-southeast-1.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys,Hookbot", "0", "DonPasci" "2025-04-25 00:01:35", "1511070", "176.57.188.16:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/176.57.188.16", "AS51167,C2,censys,CONTABO,Hookbot", "0", "DonPasci" "2025-04-25 00:01:28", "1511069", "45.10.154.125:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/45.10.154.125", "AS51167,AsyncRAT,C2,censys,CONTABO,RAT", "0", "DonPasci" "2025-04-25 00:01:27", "1511068", "161.129.65.68:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.129.65.68", "AS19318,C2,censys,IS-AS-1,Supershell", "0", "DonPasci" "2025-04-25 00:01:02", "1511067", "15.235.37.196:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/15.235.37.196", "AS16276,C2,censys,OVH,Sliver", "0", "DonPasci" "2025-04-25 00:00:59", "1511066", "194.102.105.105:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/194.102.105.105", "ALEXHOST,AS200019,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-25 00:00:58", "1511064", "85.9.204.228:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/85.9.204.228", "AS202053,C2,censys,RAT,Remcos,UPCLOUD", "0", "DonPasci" "2025-04-25 00:00:58", "1511065", "51.89.177.234:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/51.89.177.234", "AS16276,C2,censys,OVH,RAT,Remcos", "0", "DonPasci" "2025-04-25 00:00:41", "1511063", "47.115.139.118:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.115.139.118", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2025-04-25 00:00:40", "1511062", "43.250.174.95:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.250.174.95", "AS62468,C2,censys,CobaltStrike,cs-watermark-987654321,HKCLOUDX", "0", "DonPasci" "2025-04-24 22:59:10", "1511060", "23.146.40.13:2082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 22:56:21", "1511059", "harmonyos.life", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 22:50:39", "1511058", "https://netscoute.digital/quwe", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dac4d9e2a57318f5f4bbb16315fef0af2a36918e51975d36a47ed49e06249688/", "lumma", "0", "abuse_ch" "2025-04-24 22:50:29", "1511057", "https://4climatologfy.top/kbud", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dac4d9e2a57318f5f4bbb16315fef0af2a36918e51975d36a47ed49e06249688/", "lumma", "0", "abuse_ch" "2025-04-24 22:35:35", "1511056", "https://slliftally.top/xasj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/32d070308a2abb8b0da1bdfa84a908fcd8d060e932d18627a0c1baeb5f4d7f17/", "lumma", "0", "abuse_ch" "2025-04-24 22:35:34", "1511055", "https://rusconfi.run/pokd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/32d070308a2abb8b0da1bdfa84a908fcd8d060e932d18627a0c1baeb5f4d7f17/", "lumma", "0", "abuse_ch" "2025-04-24 22:35:24", "1511054", "https://4quilltayle.live/gksi", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/32d070308a2abb8b0da1bdfa84a908fcd8d060e932d18627a0c1baeb5f4d7f17/", "lumma", "0", "abuse_ch" "2025-04-24 22:30:29", "1511053", "https://astarofliught.top/wozd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8123270ff6b69a2aa78ef85eed7b4bf1f9ecd5038e6548dbaeed4695cb1f0cfd/", "lumma", "0", "abuse_ch" "2025-04-24 21:43:11", "1511050", "u1.spottyscary.top", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "100", "", "clearfake", "1", "ttakvam" "2025-04-24 21:30:58", "1511049", "https://yvigorbridgoe.top/banb", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8dbab5db9d1c394a9a46efd3d7619dcebcdb2131edef1f2db9f6d11d6df48f1b/", "lumma", "0", "abuse_ch" "2025-04-24 20:57:26", "1511042", "185.237.206.213:8443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-04-24 20:54:15", "1511041", "88.237.133.108:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-24 20:52:50", "1511040", "52.237.80.94:40000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-04-24 20:52:46", "1511039", "51.84.110.214:47223", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "75", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2025-04-24 20:51:55", "1511038", "45.197.150.76:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-04-24 20:49:47", "1511037", "2.88.143.171:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-24 20:48:17", "1511036", "38.60.203.20:8088", "ip:port", "botnet_cc", "win.doplugs", "None", "DOPLUGS", "", "100", "None", "DarkPeony,Operation ControlPlug", "0", "Rony" "2025-04-24 20:45:12", "1511035", "141.95.33.218:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-24 20:43:58", "1511034", "111.229.202.115:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-04-24 20:24:03", "1511033", "45.207.210.146:55667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/bee3cac78cd7537a3ab177f68496c1005d1d5c2b69abaac3a57f32874f578e58/", "Unknown", "0", "NDA0E" "2025-04-24 20:23:33", "1511032", "ssh.setuap1.sbs", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/bee3cac78cd7537a3ab177f68496c1005d1d5c2b69abaac3a57f32874f578e58/", "Unknown", "0", "NDA0E" "2025-04-24 20:02:09", "1511031", "95.216.184.3:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "", "100", "https://search.censys.io/hosts/95.216.184.3", "AS24940,censys,Chaos,HETZNER-AS,panel", "0", "DonPasci" "2025-04-24 20:02:07", "1511030", "45.11.229.230:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://search.censys.io/hosts/45.11.229.230", "AS58087,C2,censys,FLORIANKOLB,moobot", "0", "DonPasci" "2025-04-24 20:01:55", "1511029", "86.54.42.245:8080", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/86.54.42.245", "AS42624,C2,censys,DcRAT,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-04-24 20:01:53", "1511028", "179.43.186.237:8081", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/179.43.186.237", "AS51852,C2,censys,PLI-AS,RAT,Venom", "0", "DonPasci" "2025-04-24 20:01:52", "1511027", "8.134.82.30:8888", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/8.134.82.30", "ALIBABA-CN-NET,AS37963,C2,censys,RAT,Venom", "0", "DonPasci" "2025-04-24 20:01:42", "1511026", "13.229.27.66:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/13.229.27.66", "AMAZON-02,AS16509,C2,censys,Hookbot", "0", "DonPasci" "2025-04-24 20:01:41", "1511025", "102.117.170.93:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/102.117.170.93", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-04-24 20:01:35", "1511023", "108.181.218.70:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/108.181.218.70", "AS40676,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-04-24 20:01:35", "1511024", "176.65.134.81:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.65.134.81", "-Reserved,AS215240,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-04-24 20:01:10", "1511022", "152.42.172.255:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/152.42.172.255", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-04-24 20:01:00", "1511019", "179.61.237.133:9090", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/179.61.237.133", "AS30823,AUROLOGIC,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 20:01:00", "1511020", "85.158.108.187:40106", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/85.158.108.187", "AS59711,C2,censys,HZ-EU-AS,RAT,Remcos", "0", "DonPasci" "2025-04-24 20:01:00", "1511021", "82.24.182.111:9090", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/82.24.182.111", "AS212238,C2,CDNEXT,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 20:00:39", "1511017", "120.46.217.53:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/120.46.217.53", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-04-24 20:00:39", "1511018", "38.207.176.43:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/38.207.176.43", "AS139659,C2,censys,CobaltStrike,cs-watermark-987654321,LUCID-AS-AP", "0", "DonPasci" "2025-04-24 18:47:00", "1511011", "rcraftstipaddrsrv17.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250424-wxrnqsvns5", "c2,domain,xworm", "0", "DonPasci" "2025-04-24 18:43:34", "1511003", "https://jsmakert.shop/nlm/sll.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-24 18:43:34", "1511004", "https://jsmakert.shop/nlm/flex.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-24 18:43:33", "1511001", "jsmakert.shop", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-24 18:43:32", "1511002", "https://jsmakert.shop/nlm/index.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-24 18:43:31", "1510994", "vezof.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 18:43:30", "1511005", "https://umpmfss.top/files/files/AutoLaunch.zip", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-24 18:43:30", "1511009", "badnesspandemic.shop", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "", "ACRStealer", "0", "threatcat_ch" "2025-04-24 18:43:30", "1511010", "http://badnesspandemic.shop/Up/b", "url", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "", "ACRStealer", "0", "threatcat_ch" "2025-04-24 18:27:20", "1511008", "43.248.78.215:51200", "ip:port", "botnet_cc", "ios.lightspy", "None", "lightSpy", "", "100", "", "AS23650,c2,censys,CHINANET-JIANGSU-PROVINCE-IDC,LightSpy", "0", "DonPasci" "2025-04-24 18:21:08", "1511006", "www.ambiopharmconsultingltd.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250424-mbs51awxhx", "c2,domain,rat,remcos", "0", "DonPasci" "2025-04-24 18:21:08", "1511007", "www.ugconsultanceltd.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250424-mbs51awxhx", "c2,domain,rat,remcos", "0", "DonPasci" "2025-04-24 16:56:52", "1511000", "ns.aqjcjss.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 16:56:22", "1510996", "212.34.130.72:15072", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "", "T1 Relay", "0", "Cryptolaemus1" "2025-04-24 16:56:22", "1510997", "77.238.237.190:15072", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "", "T1 Relay", "0", "Cryptolaemus1" "2025-04-24 16:56:22", "1510998", "185.245.106.67:15072", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "", "T1 Relay", "0", "Cryptolaemus1" "2025-04-24 16:52:30", "1510995", "193.187.172.163:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "", "T1C2", "0", "Cryptolaemus1" "2025-04-24 16:14:34", "1510993", "62.60.154.3:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "FAKEUPDATES,SocGholish", "0", "pancak3lullz" "2025-04-24 16:14:33", "1510992", "cogov.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 16:01:47", "1510991", "111.67.206.166:808", "ip:port", "botnet_cc", "elf.kaiji", "None", "Kaiji", "", "100", "https://search.censys.io/hosts/111.67.206.166", "AS4808,C2,censys,CHINA169-BJ", "0", "DonPasci" "2025-04-24 16:01:41", "1510989", "18.144.20.237:54443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.144.20.237", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 16:01:41", "1510990", "18.185.239.0:27236", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.185.239.0", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 16:01:38", "1510987", "115.74.25.138:5000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/115.74.25.138", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci" "2025-04-24 16:01:38", "1510988", "115.74.25.138:5002", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/115.74.25.138", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci" "2025-04-24 16:01:30", "1510986", "49.12.197.66:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/49.12.197.66", "AS24940,C2,censys,HETZNER-AS,Mythic", "0", "DonPasci" "2025-04-24 16:01:26", "1510985", "80.209.243.125:15747", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/80.209.243.125", "AS395839,C2,censys,HOSTKEY-USA,RAT,Sectop", "0", "DonPasci" "2025-04-24 16:01:24", "1510984", "66.55.77.28:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/66.55.77.28", "AS36007,AsyncRAT,C2,censys,KAMATERA,RAT", "0", "DonPasci" "2025-04-24 16:01:00", "1510983", "34.102.113.135:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/34.102.113.135", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Sliver", "0", "DonPasci" "2025-04-24 16:00:56", "1510981", "18.222.49.62:3755", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/18.222.49.62", "AMAZON-02,AS16509,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 16:00:56", "1510982", "154.26.154.57:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/154.26.154.57", "AS141995,C2,CAPL-AS-AP,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 16:00:41", "1510980", "1.94.233.201:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/1.94.233.201", "AS55990,C2,censys,CobaltStrike,cs-watermark-666666666,HWCSNET", "0", "DonPasci" "2025-04-24 15:49:46", "1510978", "bobab.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 15:49:45", "1510979", "penev.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 15:14:24", "1510969", "hikig.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 14:40:15", "1510977", "http://93.190.143.101:667/IE9CompatViewList.xml", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/4545af0a8eb4fd527810e8edd444bc18f256a98ea90a9e4c0940c06fece8ac58/", "cobaltstrike", "0", "abuse_ch" "2025-04-24 14:35:19", "1510976", "https://yequatorf.run/reiq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d5c541a2d1300b9b890659310fed17bc2139df0a13f4af7d39a61046c08bb6b7/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:17", "1510975", "https://tropiscbs.live/iuwxx", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/15f8d9d3ca97ead6a579614b4953cb52046dab2895b2c4c4e0a29cbead111a79/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:14", "1510974", "https://igeographys.run/eirq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/15f8d9d3ca97ead6a579614b4953cb52046dab2895b2c4c4e0a29cbead111a79/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:12", "1510973", "https://edumakerb.digital/gffh", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4546832db0fb5702317a88bf50c96794a10b75cd73855d3c24904e03ee9fdc88/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:09", "1510971", "https://3biosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/15f8d9d3ca97ead6a579614b4953cb52046dab2895b2c4c4e0a29cbead111a79/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:09", "1510972", "https://biosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4546832db0fb5702317a88bf50c96794a10b75cd73855d3c24904e03ee9fdc88/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:08", "1510970", "https://2hemispherexz.top/xapp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/15f8d9d3ca97ead6a579614b4953cb52046dab2895b2c4c4e0a29cbead111a79/", "lumma", "0", "abuse_ch" "2025-04-24 13:57:14", "1510966", "https://promo.kimmwhite.com/profileLayout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-04-24 13:57:14", "1510967", "166.88.164.240:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-04-24 13:57:14", "1510968", "qegyx.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 13:26:43", "1510965", "byqaj.press", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 13:19:57", "1510964", "promo.kimmwhite.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114393091512011049", "SocGholish", "0", "monitorsg" "2025-04-24 13:19:56", "1510963", "pybal.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 13:02:49", "1510962", "121.43.63.183:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 13:02:02", "1510961", "112.196.222.13:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 13:00:59", "1510960", "101.132.91.240:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 13:00:36", "1510959", "usd1g6.cyou", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 13:00:34", "1510958", "ui.chnaiuincom.cfd", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 12:55:25", "1510957", "https://woodpeckersd.run/glsk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:23", "1510956", "https://vigorbridgoe.top/banb", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:21", "1510955", "https://topographky.top/xlak", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:20", "1510954", "https://rbiosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:19", "1510953", "https://ltropiscbs.live/iuwxx", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:18", "1510952", "https://geographys.run/eirq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:16", "1510951", "https://cartograhphy.top/ixau", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:45:24", "1510949", "u1.putdownpopcorn.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 12:45:17", "1510950", "vekeq.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 12:30:32", "1510923", "pypim.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 12:30:09", "1510937", "9f098920613bd0390d6485936256a67ae310b633124cfbf503936904e69a81bf", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:09", "1510938", "e547306d6dee4b5b2b6ce3e989b9713a5c21ebe3fefa0f5c1a1ea37cec37e20f", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:09", "1510939", "b910e77ee686d7d6769fab8cb8f9b17a4609c4e164bb4ed80d9717d9ddad364f", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:09", "1510940", "44a526f20c592fd95b4f7d61974c6f87701e33776b68a5d0b44ccd2fa3f48c5d", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:09", "1510941", "efb0153047b08aa1876e1e4e97a082f6cb05af75479e1e9069b77d98473a11f4", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:09", "1510942", "9a9b5bdeb1f23736ceffba623c8950d627a791a0b40c4d44ae2f80e02a43955d", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:09", "1510943", "5dc90cbb0f69f283ccf52a2a79b3dfe94ee8b3474cf6474cfcbe9f66f245a55d", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:09", "1510944", "b68e2d852ad157fc01da34e11aa24a5ab30845b706d7827b8119a3e648ce2cf1", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:09", "1510945", "9e660ce74e1bdb0a75293758200b03efd5f807e7896665addb684e0ffb53afd2", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:09", "1510946", "ec9e77f1185f644462305184cf8afcf5d12c7eb524a2d3f4090a658a198c20ce", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:09", "1510947", "114b460012412411363c9a3ab0246e48a584ce86fc6c0b7855495ec531dd05a1", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:09", "1510948", "1697fd5230f7f09a7b43fee1a1693013ed98beeb7a182cd3f0393d93dd1b7576", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:08", "1510928", "76a487a46cfeb94eb5a6290ceffabb923c35befe71a1a3b7b7d67341a40bc454", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:08", "1510929", "75d031e8faaf3aa0e9cafd5ef0fd7de1a2a80aaa245a9e92bae6433a17f48385", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:08", "1510930", "fbdd5cba193a5e097cd12694efe14a15eb0fc059623f82da6c0bf99cbcfa22f8", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:08", "1510931", "0dde88e9e5a0670e19c3b3e864de1b6319aaf92989739602e55b494b09873fbe", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:08", "1510932", "15c9d7a63fa419305d7f2710b63f71cc38178973c0ccf6d437ce8b6feeca4ee1", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:08", "1510933", "427399864232c6c099f183704b23bff241c7e0de642e9eec66cc56890e8a6304", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:08", "1510934", "4f0ba25183ecb79a0721037a0ff9452fa8c19448f82943deca01b36555f2cc99", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:08", "1510935", "c0abb19b3a72bd2785e8b567e82300423da672a463eefdeda6dd60872ff0e072", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:30:08", "1510936", "dae8dae748be54ba0d5785ab27b1fdf42b7e66c48ab19177d4981bcc032cfb1c", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:28:11", "1510924", "dvrhelper.anondns.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:28:11", "1510925", "techsupport.anondns.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:28:11", "1510926", "rustbot.anondns.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:28:11", "1510927", "miraisucks.anondns.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers", "Mirai,RustoBot", "0", "abuse_ch" "2025-04-24 12:02:16", "1510922", "120.27.10.43:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/120.27.10.43", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,open-dir", "0", "DonPasci" "2025-04-24 12:02:15", "1510921", "104.233.210.195:8000", "ip:port", "botnet_cc", "win.xmrig", "None", "xmrig", "", "100", "https://search.censys.io/hosts/104.233.210.195", "AS54600,C2,censys,open-dir,PEG-SV,Xmrig", "0", "DonPasci" "2025-04-24 12:02:11", "1510920", "37.143.15.110:8888", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/37.143.15.110", "AS210079,C2,censys,EUROBYTE,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-04-24 12:02:08", "1510904", "lupuj.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 12:01:56", "1510919", "79.133.51.132:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/79.133.51.132", "AS44066,censys,DE-FIRSTCOLO,EvilGoPhish,panel,Phishing", "0", "DonPasci" "2025-04-24 12:01:43", "1510918", "18.185.239.0:2086", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.185.239.0", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 12:01:42", "1510917", "86.54.42.245:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/86.54.42.245", "AS42624,C2,censys,DcRAT,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-04-24 12:01:41", "1510915", "154.197.69.143:7000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/154.197.69.143", "AS147176,C2,censys,DcRAT,NNECL-AS-AP,RAT", "0", "DonPasci" "2025-04-24 12:01:41", "1510916", "185.208.159.120:4444", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/185.208.159.120", "AS42624,C2,censys,DcRAT,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-04-24 12:01:37", "1510914", "107.172.230.178:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/107.172.230.178", "AS-COLOCROSSING,AS36352,C2,censys,Havoc", "0", "DonPasci" "2025-04-24 12:01:31", "1510913", "103.74.100.219:8082", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/103.74.100.219", "AS135918,C2,censys,DVS-AS-VN,Hookbot", "0", "DonPasci" "2025-04-24 12:01:24", "1510910", "66.55.77.28:8080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/66.55.77.28", "AS36007,AsyncRAT,C2,censys,KAMATERA,RAT", "0", "DonPasci" "2025-04-24 12:01:24", "1510911", "176.65.144.162:5222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.65.144.162", "AS215240,AsyncRAT,C2,censys,NETRESEARCH,RAT", "0", "DonPasci" "2025-04-24 12:01:24", "1510912", "188.218.81.203:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/188.218.81.203", "AS30722,AsyncRAT,C2,censys,RAT,VODAFONE-IT-ASN", "0", "DonPasci" "2025-04-24 12:00:38", "1510907", "66.103.199.102:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/66.103.199.102", "AS35916,C2,censys,CobaltStrike,cs-watermark-987654321,MULTA-ASN1", "0", "DonPasci" "2025-04-24 12:00:38", "1510908", "8.130.111.109:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.130.111.109", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-24 12:00:38", "1510909", "101.35.228.105:3333", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.35.228.105", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-04-24 12:00:37", "1510905", "43.134.117.243:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.134.117.243", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-04-24 12:00:37", "1510906", "45.136.125.85:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/45.136.125.85", "AS-GEOHOSTING,AS41111,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-24 11:21:25", "1510874", "tazaz.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 11:21:25", "1510875", "http://94.158.247.5:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS39798,MivoCloud SRL,supershell", "0", "antiphishorg" "2025-04-24 11:21:24", "1510895", "woodpeckersd.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 11:21:23", "1510896", "wolverineas.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 11:21:22", "1510897", "http://152.36.128.18/cgi-bin/p.cgi?r=72&i=13I915O3FG6I2H12", "url", "botnet_cc", "elf.prometei", "None", "Prometei", "", "100", "", "None", "0", "UNP4CK" "2025-04-24 11:21:22", "1510898", "http://152.36.128.18/cgi-bin/p.cgi?add=aW5mbyB7DQp2NC4wMlZfVW5peDY0DQp1YnVudHUyMjA0LWFtZDY0LTIwMjUwMzA3LWVuLTANCg0KMXggQU1EIEVQWUMgUHJvY2Vzc29yDQoyMDExMDcyIGtCDQpRRU1VDQpTdGFuZGFyZCBQQyBfaTQ0MEZYICsgUElJWCwgMTk5Nl8NCg0KDQpVYnVudHUgMjIuMDQuNCBMVFMgJiAyMi4wNC40IExUUyAoSmFtbXkgSmVsbHlmaXNoKSAgJiBib29rd29ybS9zaWQgJiANCg0KL3Vzci9zYmluLw0KIDIwOjI2OjMwIHVwIDIgbWluLCAgMSB1c2VyLCAgbG9hZCBhdmVyYWdlOiAwLjE0LCAwLjA4LCAwLjAzfDE3NDU0Mzk5OTANCkxpbnV4IHVidW50dTIyMDQtYW1kNjQtMjAyNTAzMDctZW4tMCA1LjE1LjAtMTA1LWdlbmVyaWMgIzExNS1VYnVudHUgU01QIE1vbiBBcHIgMTUgMDk6NTI6MDQgVVRDIDIwMjQgeDg2XzY0IHg4Nl82NCB4ODZfNjQgR05VL0xpbnV4DQp9DQo_&i=13I915O3FG6I2H12&h=ubuntu2204-amd64-20250307-en-0&enckey=9LMgclPdcSWKXflCpEd0BzKyR8Cwp2XU6xUe4v4LacK3WFGaJ2IEuZ+lzzu/J4rlz1EhGA0HlARqACLMYsGCwFsDUQJsetapPuVJIy1S8RQAmZ/Waa6ak81fi4PV2Rsc6Tqesyz/bC1tvvBc7tjl/pmR7Jmy4WiZa0MlaosJv2M=", "url", "botnet_cc", "elf.prometei", "None", "Prometei", "", "100", "", "None", "0", "UNP4CK" "2025-04-24 11:21:20", "1510902", "https://qwlpert.com/srv/log", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114392379753765453", "KongTuke", "0", "monitorsg" "2025-04-24 11:21:19", "1510900", "timov.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 11:21:18", "1510901", "https://vickmarine.com/js.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114392379753765453", "KongTuke", "0", "monitorsg" "2025-04-24 11:21:18", "1510903", "qwlpert.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114392379753765453", "KongTuke", "0", "monitorsg" "2025-04-24 09:46:34", "1510899", "fyquc.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 08:52:39", "1510894", "51.89.54.13:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-04-24 08:47:00", "1510893", "173.207.107.203:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-24 08:44:42", "1510892", "13.248.204.3:10004", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-24 08:01:49", "1510891", "51.68.128.171:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://search.censys.io/hosts/51.68.128.171", "AS16276,C2,censys,moobot,OVH", "0", "DonPasci" "2025-04-24 08:01:39", "1510889", "54.180.250.167:10001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/54.180.250.167", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 08:01:39", "1510890", "54.180.250.167:27651", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/54.180.250.167", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 08:01:38", "1510888", "13.208.169.228:10260", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/13.208.169.228", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 08:01:37", "1510887", "111.92.242.209:5671", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/111.92.242.209", "AS142032,C2,censys,DcRAT,HFTCL-AS-AP,RAT", "0", "DonPasci" "2025-04-24 08:01:29", "1510886", "47.17.64.199:5555", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/47.17.64.199", "AS6128,C2,CABLE-NET-1,censys,Quasar,RAT", "0", "DonPasci" "2025-04-24 08:01:28", "1510885", "nationwidedirectlender.org", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/172.67.215.41+nationwidedirectlender.org", "AS13335,C2,censys,CLOUDFLARENET,Hookbot", "0", "DonPasci" "2025-04-24 08:01:26", "1510884", "18.169.110.44:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.169.110.44", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2025-04-24 08:01:21", "1510882", "191.93.113.197:9000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/191.93.113.197", "AS27831,AsyncRAT,C2,censys,Colombia,RAT", "0", "DonPasci" "2025-04-24 08:01:21", "1510883", "82.223.48.201:1433", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/82.223.48.201", "AS8560,AsyncRAT,C2,censys,IONOS-AS,RAT", "0", "DonPasci" "2025-04-24 08:00:55", "1510881", "20.89.67.216:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/20.89.67.216", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Sliver", "0", "DonPasci" "2025-04-24 08:00:52", "1510880", "185-38-142-128.cprapid.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/185.38.142.128+185-38-142-128.cprapid.com", "AS47674,C2,censys,NETSOLUTIONS,RAT,Remcos", "0", "DonPasci" "2025-04-24 08:00:40", "1510879", "154.219.104.89:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/154.219.104.89", "AS137899,C2,censys,CobaltStrike,cs-watermark-1234567890,ILAYERLIMITED-AS-AP", "0", "DonPasci" "2025-04-24 08:00:37", "1510878", "47.122.55.128:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.122.55.128", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-04-24 08:00:36", "1510876", "107.173.191.16:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/107.173.191.16", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-24 08:00:36", "1510877", "43.138.81.232:50051", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.138.81.232", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-04-24 07:29:27", "1510869", "https://renkpin.net/ZDBlMTc4YzkwODk2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-04-24 07:29:27", "1510872", "https://santorinotornado5.com/ZDBlMTc4YzkwODk2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-04-24 07:29:26", "1510868", "9a7c0adedc4c68760e49274700218507", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Gunra%20Ransomware", "gunra,ransomware", "0", "TheRavenFile" "2025-04-24 07:29:25", "1510867", "gyner.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 07:29:24", "1510870", "https://lospallos25.com/ZDBlMTc4YzkwODk2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-04-24 07:29:23", "1510871", "https://sinagogdahaham1453.com/ZDBlMTc4YzkwODk2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-04-24 07:29:23", "1510873", "https://hahohahohoahoa.com/ZDBlMTc4YzkwODk2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-04-24 06:07:57", "1510866", "5c039bb6b4a517caf6d518138c23749b97504b89bb1afc1235237a105491ccd9", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250424-gtqvps1tcs/behavioral1", "banker,discovery,trojan", "0", "UNP4CK" "2025-04-24 06:05:12", "1510864", "http://38.60.199.31:5000/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS138915,Kaopu Cloud HK Limited,supershell", "0", "antiphishorg" "2025-04-24 05:58:20", "1510768", "193.56.135.115:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.56.135.115", "AS215311,Botnet,byob,C2,censys,REGXA-CLOUD", "0", "dyingbreeds_" "2025-04-24 05:58:20", "1510769", "172.105.213.140:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.105.213.140", "AS63949,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:20", "1510770", "172.105.213.140:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.105.213.140", "AS63949,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:19", "1510771", "45.33.7.49:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.33.7.49", "AS63949,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:19", "1510773", "154.44.10.33:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.44.10.33", "AS979,censys,NETLAB-SDN,Viper", "0", "dyingbreeds_" "2025-04-24 05:58:18", "1510772", "fallenminer.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.251.164.121+fallenminer.com", "AS60404,C2,censys,LITESERVER,Unam", "0", "dyingbreeds_" "2025-04-24 05:58:18", "1510775", "login.zalopay.site", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.233.76.207+login.zalopay.site", "AS141995,censys,EvilGinx,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:17", "1510776", "account.zalopay.site", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.233.76.207+account.zalopay.site", "AS141995,censys,EvilGinx,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:17", "1510777", "54.37.136.114:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.37.136.114", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:17", "1510779", "34.211.59.218:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.211.59.218", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:16", "1510778", "172.210.176.139:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.210.176.139", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:16", "1510780", "82.112.244.87:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/82.112.244.87", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:15", "1510781", "121.40.87.143:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/121.40.87.143", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:15", "1510782", "18.211.221.99:2083", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.211.221.99", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:14", "1510783", "3.126.234.72:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.126.234.72", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:14", "1510784", "128.199.172.144:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/128.199.172.144", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:13", "1510785", "120.26.234.98:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/120.26.234.98", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:13", "1510786", "161.97.108.198:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.97.108.198", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:13", "1510787", "13.49.225.120:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.49.225.120", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:12", "1510788", "34.16.115.86:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.16.115.86", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:12", "1510789", "103.196.155.17:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.196.155.17", "AS133800,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:11", "1510790", "43.203.56.212:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/43.203.56.212", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:11", "1510791", "103.180.165.159:3399", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.180.165.159", "AS138131,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:10", "1510794", "64.227.181.100:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/64.227.181.100", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:09", "1510766", "193.56.135.115:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.56.135.115", "AS215311,Botnet,byob,C2,censys,REGXA-CLOUD", "0", "dyingbreeds_" "2025-04-24 05:58:08", "1510763", "95.129.234.5:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/95.129.234.5", "AS57724,C2,censys,DDOS-GUARD,RAT", "0", "dyingbreeds_" "2025-04-24 05:58:08", "1510767", "193.56.135.115:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.56.135.115", "AS215311,Botnet,byob,C2,censys,REGXA-CLOUD", "0", "dyingbreeds_" "2025-04-24 05:58:07", "1510760", "101.132.91.240:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.132.91.240", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:07", "1510761", "51.89.54.13:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "90", "https://search.censys.io/hosts/51.89.54.13", "AS16276,C2,censys,OVH", "0", "dyingbreeds_" "2025-04-24 05:58:07", "1510762", "38.60.199.31:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/38.60.199.31", "AS138915,C2,censys,Supershell", "0", "dyingbreeds_" "2025-04-24 05:58:06", "1510758", "23.146.40.13:2086", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/23.146.40.13", "1GSERVERS,AS14315,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:06", "1510759", "111.124.203.18:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/111.124.203.18", "AS139203,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:05", "1510756", "ecs-116-205-242-143.compute.hwclouds-dns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/116.205.242.143+ecs-116-205-242-143.compute.hwclouds-dns.com", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:05", "1510757", "60.205.183.232:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/60.205.183.232", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:02", "1510792", "194.87.190.73:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.87.190.73", "AS9123,censys,GoPhish,Phishing,TIMEWEB-AS", "0", "dyingbreeds_" "2025-04-24 05:58:02", "1510793", "146.190.236.178:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/146.190.236.178", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:01", "1510795", "38.47.255.181:9999", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/38.47.255.181", "AS8796,censys,FD-298-8796,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:00", "1510796", "18.222.246.200:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.222.246.200", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:00", "1510797", "193.57.27.25:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.57.27.25", "AS196819,censys,GoPhish,Phishing,TWK-KL-AS", "0", "dyingbreeds_" "2025-04-24 05:58:00", "1510799", "52.33.244.242:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.33.244.242", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:57:59", "1510800", "47.86.224.163:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.86.224.163", "AS45102,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:56:05", "1510806", "gutenortherad.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:56:05", "1510807", "cdn-app-server.vewojo9572.workers.dev", "domain", "botnet_cc", "win.smokedham", "None", "SMOKEDHAM", "", "100", "None", "c2,SMOKEDHAM", "0", "pancak3lullz" "2025-04-24 05:56:04", "1510805", "koonenmagaziner.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:56:03", "1510804", "flamencobeents.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:51", "1510641", "1478f3c7bd18975c28b416594ebf0d0f512664cbdd36fa3e6a5a0e52efc06d49", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-y8839sy1gy/behavioral1", "discovery,trojan", "0", "UNP4CK" "2025-04-24 05:55:49", "1510636", "07394ab960ab570348b01cd338fab5c62e19bb3e7b1c7e1fc8d54b4980ad4196", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-yzmhxayyct/behavioral1", "discovery,trojan", "0", "UNP4CK" "2025-04-24 05:55:49", "1510637", "https://3piratetwrath.run/ytus", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://tria.ge/250423-y1yybstkx9/behavioral1", "discovery,spyware,stealer", "0", "UNP4CK" "2025-04-24 05:55:48", "1510633", "afa620a74f7689af08e95b979f763260d327e8dd99822e983169d2ce7358e9ae", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-yt9q9atjt6/behavioral1", "defense_evasion,discovery,execution,persistence,privilege_escalation,trojan", "0", "UNP4CK" "2025-04-24 05:55:48", "1510634", "7ad9ed23a91643b517e82ad5740d24eca16bcae21cfe1c0da78ee80e0d1d3f02", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-ywkj5syxey/behavioral1", "defense_evasion,discovery,evasion,execution,impact,ransomware,spyware,stealer", "0", "UNP4CK" "2025-04-24 05:55:48", "1510635", "93d38e4cadaba09d904c7aae90763e8ae3ae76a10a81ee331a365d78b7b123bf", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-yxx7mayxgw/behavioral1", "discovery,persistence", "0", "UNP4CK" "2025-04-24 05:55:47", "1510631", "http://twizt.net", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://tria.ge/250423-yq8psaywcy/behavioral1", "discovery,loader,trojan,worm", "0", "UNP4CK" "2025-04-24 05:55:47", "1510632", "2f16aaee07be96aadaad389ef9fd1f7c3b41352ddafc3ddd4396b1a065e6e5c7", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://tria.ge/250423-yq8psaywcy/behavioral1", "discovery,loader,trojan,worm", "0", "UNP4CK" "2025-04-24 05:55:46", "1510638", "26419c804866d6dc84519a441cf24d6e6aec0873baded47b53435c23b3988a8c", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://tria.ge/250423-y1yybstkx9/behavioral1", "discovery,spyware,stealer", "0", "UNP4CK" "2025-04-24 05:55:45", "1510639", "580e5ed7a6adb244400c5e103ec30808845b08fac5390f1306aace0505c1d56b", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-y4v1vatlt8/behavioral1", "discovery,trojan", "0", "UNP4CK" "2025-04-24 05:55:45", "1510640", "c3ace44f55bc551c095b0a87b7fd6f36b879c7d1b4884a27dfd742e3246710e8", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "25", "https://tria.ge/250423-y7yaday1e1/behavioral1", "botnet,discovery,miner,persistence,privilege_escalation,upx", "0", "UNP4CK" "2025-04-24 05:55:44", "1510642", "9f853270989312dc74fd62d9dbfe7a443d8c2204753bf9133b08c1df88db0844", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "https://tria.ge/250423-zaemfazsbt/behavioral1", "discovery,persistence", "0", "UNP4CK" "2025-04-24 05:55:43", "1510643", "ba41d3e87ee762faabcb29295688b73b3c4b600e4b8f58f2b5c65f3870a82d2d", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-zbs68azsdy/behavioral1", "discovery,persistence", "0", "UNP4CK" "2025-04-24 05:55:43", "1510644", "3a22118865632de462bb62ae039f12e731cb4994ad73a2d7cb183c91c41e5f99", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-zdlvxsztay/behavioral1", "defense_evasion,discovery,execution,persistence,privilege_escalation,trojan", "0", "UNP4CK" "2025-04-24 05:55:41", "1510676", "http://grodis.cc/init1234", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "None", "0", "parsingstuff" "2025-04-24 05:55:40", "1510673", "vigorbridgoe.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:40", "1510675", "http://gluerrs.com/init1234", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "None", "0", "parsingstuff" "2025-04-24 05:55:40", "1510677", "http://kloders.com/init1234", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "None", "0", "parsingstuff" "2025-04-24 05:55:39", "1510670", "cartograhphy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:39", "1510671", "biosphxere.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:39", "1510672", "topographky.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:38", "1510668", "geographys.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:38", "1510669", "tropiscbs.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-04-24 05:55:37", "1510647", "EICp.ByxWGIMPbwiSkniw.info", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2025-04-24 05:55:36", "1510645", "lorda.hopto.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2025-04-24 05:55:35", "1510646", "194.110.247.90:15390", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2025-04-24 05:55:32", "1510845", "hylur.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:55:29", "1510802", "ndgadfqwywqe.pages.dev", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:55:29", "1510803", "jjiiiiiiiiijjjj.pages.dev", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:55:26", "1510604", "https://www.wearerescue.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.wearerescue.com%2Fwp-content%2Fplugins%2Fresads%2Fmfls.php%3Fid%3DqwSPUwLH23Twhnr6FMpI&bp-auth=1&action=bpnoaccess", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-04-24 05:55:26", "1510605", "https://setecores.com.br/wp-content/plugins/resads/mfls.php?id=z8GvGX523Ii0Amyem9qW", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-04-24 05:55:25", "1510602", "https://crushingthehairbiz.com/wp-content/plugins/wp-automatic/dwyrnb.php?dpf=1kw5q", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-04-24 05:55:25", "1510603", "https://emblemat.com/moszna/wp-content/plugins/resads/mfls.php?id=Z3m8aDdGyDQo8TnqIyri", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-04-24 05:55:24", "1510601", "https://atrandu.lt/wp-content/plugins/wp-automatic/pwlbdv.php?gdqg=q32e", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-04-24 05:55:23", "1510591", "dealmakerwealthsociety.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "90", "None", "FAKEUPDATES,landupdate808", "0", "pancak3lullz" "2025-04-24 05:55:19", "1510594", "id.webaudiomessages.xyz", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:19", "1510595", "mansionsnowy.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:17", "1510596", "outlook.webaudiomessages.xyz", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:17", "1510599", "react.webaudiomessages.xyz", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:16", "1510597", "airbluefootgear.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "90", "None", "FAKEUPDATES,landupdate808", "0", "pancak3lullz" "2025-04-24 05:55:15", "1510598", "fastylamberta.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:14", "1510600", "walkinsonbeer.click", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "None", "loader,Maison Worm,maisonworm", "0", "pancak3lullz" "2025-04-24 05:55:10", "1510584", "tc1.easingaffix.site", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:55:09", "1510578", "c49757ac008b2f3e58b76da2a1812e26ef601a809c2622efb353c4fc92e39449", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-wv93aszms8/behavioral1", "backdoor,discovery,trojan,upx", "0", "UNP4CK" "2025-04-24 05:55:09", "1510579", "c5f79bf3a4d68a78dba47934ca6ba12d646d3aa2f45699e3ccd6525726b5803a", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-wxswssvzgv/behavioral1", "defense_evasion,discovery,execution,persistence,trojan", "0", "UNP4CK" "2025-04-24 05:55:08", "1510580", "https://bpchangeaie.top/geps", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://tria.ge/250423-w1bfxszm13/behavioral1", "discovery,spyware,stealer", "0", "UNP4CK" "2025-04-24 05:55:08", "1510581", "f97280d7fd9ad4077469d8ea85c389af3f57bd79a1c4a6f8cdb4b16bbbc0b270", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://tria.ge/250423-w1bfxszm13/behavioral1", "discovery,spyware,stealer", "0", "UNP4CK" "2025-04-24 05:55:07", "1510582", "vickmarine.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-24 05:55:07", "1510583", "https://vickmarine.com/3w1s.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-24 05:55:07", "1510585", "mrdltd.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-24 05:55:06", "1510586", "https://mrdltd.com/5q2g.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-24 05:55:06", "1510587", "193.161.193.99:56152", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-04-24 05:55:05", "1510588", "iguanadx.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/f65514bc-deb0-40d3-8589-bbbeb76432b7", "None", "0", "pitachu" "2025-04-24 05:55:05", "1510589", "tycok.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:55:04", "1510590", "088cf60b3630da9d0b4fa437bfa7b8c6f589262ccfd025dc229be818709dfada", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-ynfafssqt9/behavioral1", "discovery,trojan", "0", "UNP4CK" "2025-04-24 05:55:02", "1510576", "d4b09937bd7dbbd61dc84051a9b96f2c3e3bc10a711473fabc04d460a6f1e5b7", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "25", "https://tria.ge/250423-wtrjkavzbt/behavioral1", "None", "0", "UNP4CK" "2025-04-24 05:55:02", "1510577", "7fd4dfb52087b38b35b9728714d903c23e7645737607dd6a4ba44bab99aabb9e", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-wtvwzszly2/behavioral1", "defense_evasion,discovery,execution,persistence,trojan", "0", "UNP4CK" "2025-04-24 05:55:01", "1510572", "e7444b62dcb531132353d3d769f2963e70d146583a3ec94765fee140a4bc11a9", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-wm2e7avxdy/behavioral1", "discovery,persistence", "0", "UNP4CK" "2025-04-24 05:55:01", "1510573", "37402bbc031a233108bd09776b6143bc3476805557560bb0a61bac966d4b4118", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://tria.ge/250423-wpj9pavyaz/behavioral1", "botnet:vĂ­tima,discovery,persistence,stealer,trojan,upx", "0", "UNP4CK" "2025-04-24 05:55:01", "1510574", "24be50c52e97d3a197f9215f390160f3be24cb6325c4f3dd3aed28e93181fc52", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "https://tria.ge/250423-wrpl7azkz5/behavioral1", "defense_evasion,discovery", "0", "UNP4CK" "2025-04-24 05:55:00", "1510575", "vyzap.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-24 05:45:59", "1510861", "166.88.14.137:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-04-24 05:45:59", "1510862", "107.172.146.104:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-04-24 05:45:59", "1510863", "103.117.120.98:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-04-24 05:45:39", "1510859", "31.58.169.193:8041", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,screenconnect", "0", "juroots" "2025-04-24 05:45:39", "1510860", "31.58.169.193:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,screenconnect", "0", "juroots" "2025-04-24 05:45:00", "1510858", "windows.ddnsguru.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,screenconnect", "0", "juroots" "2025-04-24 05:40:46", "1510857", "sewektrip.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-04-24 05:39:12", "1510856", "37.1.207.4:1415", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-24 05:38:58", "1510855", "hamditebz-51107.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-04-24 05:38:37", "1510854", "https://v98acd.ssafileaccess.ru/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196664e-1abe-76be-bfb5-4c09551552f7", "screenconnect,urlscan", "0", "juroots" "2025-04-24 05:37:38", "1510853", "38.60.199.31:5000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/38.60.199.31#5000", "c2,shodan,supershell", "0", "juroots" "2025-04-24 05:37:20", "1510852", "13.208.161.251:2181", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/13.208.161.251#2181", "c2,netsupport,shodan", "0", "juroots" "2025-04-24 05:37:04", "1510851", "196.119.210.163:54984", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "https://www.shodan.io/host/196.119.210.163#54984", "c2,nanocore,shodan", "0", "juroots" "2025-04-24 05:36:49", "1510850", "111.229.202.115:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/111.229.202.115#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-24 05:36:34", "1510848", "44.242.215.251:9999", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/44.242.215.251#9999", "c2,netbus,shodan", "0", "juroots" "2025-04-24 05:36:34", "1510849", "44.242.215.251:5249", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/44.242.215.251#5249", "c2,netbus,shodan", "0", "juroots" "2025-04-24 05:36:33", "1510847", "3.83.247.253:444", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/3.83.247.253#444", "c2,netbus,shodan", "0", "juroots" "2025-04-24 05:36:30", "1510846", "121.43.63.183:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/121.43.63.183#80", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-04-24 04:27:17", "1510844", "hobir.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 04:02:03", "1510801", "175.41.179.174:80", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/175.41.179.174", "AMAZON-02,AS16509,C2,censys,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-04-24 04:01:36", "1510798", "3.69.54.234:5985", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/3.69.54.234", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 04:01:17", "1510774", "45.76.251.42:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/45.76.251.42", "AS-VULTR,AS20473,C2,censys,payload,Sliver", "0", "DonPasci" "2025-04-24 04:00:53", "1510765", "107.175.32.185:2405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/107.175.32.185", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 04:00:52", "1510764", "107.175.32.184:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/107.175.32.184", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 03:56:35", "1510755", "piver.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 03:36:08", "1510754", "cuxer.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 03:15:41", "1510753", "gutom.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 02:59:38", "1510752", "81.71.248.248:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 02:57:52", "1510750", "185.196.11.181:1433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 02:57:52", "1510751", "185.196.11.181:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 02:56:11", "1510749", "106.55.69.180:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 02:55:18", "1510748", "cdn-credit-d814.101archstreet.workers.dev", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 02:34:41", "1510747", "jahoc.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 02:03:59", "1510746", "gubuj.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 01:23:04", "1510745", "rocyg.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 00:57:31", "1510744", "ginoz.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 00:26:50", "1510743", "pepuq.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-24 00:02:21", "1510742", "23.136.44.116:3000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/23.136.44.116", "AS395881,C2,censys,Nosviak,Panel,SKYLINKHOSTINGLLC", "0", "DonPasci" "2025-04-24 00:01:59", "1510740", "sso.zalopay.site", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.233.76.207+sso.zalopay.site", "AS141995,CAPL-AS-AP,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-24 00:01:59", "1510741", "portal.zalopay.site", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.233.76.207+portal.zalopay.site", "AS141995,CAPL-AS-AP,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-24 00:01:48", "1510738", "18.224.153.152:9999", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.224.153.152", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 00:01:48", "1510739", "3.25.188.83:30228", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/3.25.188.83", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 00:01:35", "1510737", "154.12.16.122:19999", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/154.12.16.122", "AS142032,C2,censys,HFTCL-AS-AP,RAT,Venom", "0", "DonPasci" "2025-04-24 00:01:27", "1510736", "164.90.172.49:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/164.90.172.49", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-04-24 00:01:22", "1510734", "186.169.81.137:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/186.169.81.137", "AS3816,AsyncRAT,C2,censys,COLOMBIA,RAT", "0", "DonPasci" "2025-04-24 00:01:22", "1510735", "157.66.26.148:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/157.66.26.148", "AS149107,AsyncRAT,C2,censys,RAT,TRUMVPS-VN", "0", "DonPasci" "2025-04-24 00:01:20", "1510733", "154.12.40.188:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.12.40.188", "ANTI-DDOS,AS35251,C2,censys,Supershell", "0", "DonPasci" "2025-04-24 00:00:54", "1510731", "192.3.118.5:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/192.3.118.5", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 00:00:54", "1510732", "186.169.81.137:8888", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/186.169.81.137", "AS3816,C2,censys,COLOMBIA,RAT,Remcos", "0", "DonPasci" "2025-04-23 23:45:54", "1510685", "wunep.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-04-23 22:58:18", "1510684", "219.144.88.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:58:12", "1510683", "202.144.192.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:57:41", "1510682", "157.148.125.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:56:58", "1510681", "122.246.30.27:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:56:48", "1510680", "120.232.158.114:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:56:47", "1510679", "119.8.108.74:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:56:34", "1510678", "116.162.153.163:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 21:08:38", "1510674", "195.2.75.24:33334", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://www.virustotal.com/gui/file/b804ab085f7cf9ee546d586b36ebbeb73f874205b8fae048760dee78375ddf40/behavior", "None", "0", "Rony" "2025-04-23 21:00:59", "1510667", "8.211.157.140:2002", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-04-23 20:54:35", "1510666", "75.2.11.125:8128", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-23 20:54:26", "1510665", "69.157.7.189:2078", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-23 20:51:16", "1510664", "24.62.238.14:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-23 20:49:21", "1510663", "194.163.188.142:9191", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-04-23 20:49:16", "1510662", "dum555.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-23 20:48:54", "1510661", "191.112.31.229:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-23 20:48:53", "1510660", "190.145.78.30:444", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-23 20:48:14", "1510659", "https://cloudflare.eclassexperts.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/01966468-86f1-7178-8180-2a51c4ea1006", "fakecaptcha,urlscan", "0", "juroots" "2025-04-23 20:47:43", "1510657", "52.33.227.95:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/52.33.227.95#80", "c2,gophish,phishing,shodan", "0", "juroots" "2025-04-23 20:47:43", "1510658", "91.107.227.174:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/91.107.227.174#443", "c2,gophish,phishing,shodan", "0", "juroots" "2025-04-23 20:47:27", "1510656", "5.183.95.24:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/5.183.95.24#80", "c2,shodan,spicerat", "0", "juroots" "2025-04-23 20:46:59", "1510655", "169.55.107.211:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-23 20:46:56", "1510653", "62.171.170.49:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/62.171.170.49#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-23 20:46:56", "1510654", "47.120.46.210:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/47.120.46.210#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-23 20:46:55", "1510652", "93.113.25.219:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/93.113.25.219#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-23 20:46:36", "1510651", "47.238.140.204:5544", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.238.140.204#5544", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-23 20:46:34", "1510650", "107.189.25.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/107.189.25.246#443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-04-23 20:45:03", "1510649", "140.245.122.39:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-23 20:43:14", "1510648", "102.159.226.238:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-23 20:01:57", "1510630", "194.233.76.207:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.233.76.207", "AS141995,CAPL-AS-AP,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-23 20:01:56", "1510629", "191.96.235.70:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://search.censys.io/hosts/191.96.235.70", "AS212238,C2,CDNEXT,censys,moobot", "0", "DonPasci" "2025-04-23 20:01:47", "1510628", "52.69.244.101:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "100", "https://search.censys.io/hosts/52.69.244.101", "AMAZON-02,AS16509,BRC4,C2,censys", "0", "DonPasci" "2025-04-23 20:01:46", "1510627", "54.250.0.227:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "100", "https://search.censys.io/hosts/54.250.0.227", "AMAZON-02,AS16509,BRC4,C2,censys", "0", "DonPasci" "2025-04-23 20:01:45", "1510626", "18.199.99.219:42969", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.199.99.219", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-23 20:01:33", "1510625", "relyheins.org", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/104.21.19.221+relyheins.org", "AS13335,C2,censys,CLOUDFLARENET,Hookbot", "0", "DonPasci" "2025-04-23 20:01:32", "1510623", "65.38.121.128:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/65.38.121.128", "AS399629,BLNWX,C2,censys,Mythic", "0", "DonPasci" "2025-04-23 20:01:32", "1510624", "164.92.184.73:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/164.92.184.73", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-04-23 20:01:31", "1510621", "164.90.180.58:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/164.90.180.58", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-04-23 20:01:31", "1510622", "143.110.213.30:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.110.213.30", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-04-23 20:01:25", "1510620", "51.175.8.79:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/51.175.8.79", "ALTIBOX_AS,AS29695,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-04-23 20:01:24", "1510619", "154.37.213.163:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.37.213.163", "AS979,C2,censys,NETLAB-SDN,Supershell", "0", "DonPasci" "2025-04-23 20:00:56", "1510617", "172.245.25.184:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/172.245.25.184", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-23 20:00:56", "1510618", "173.214.166.105:4352", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/173.214.166.105", "AS19318,C2,censys,IS-AS-1,RAT,Remcos", "0", "DonPasci" "2025-04-23 20:00:55", "1510614", "107.175.32.184:2405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/107.175.32.184", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-23 20:00:55", "1510615", "107.174.65.156:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/107.174.65.156", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-23 20:00:55", "1510616", "192.142.0.149:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/192.142.0.149", "AS214036,C2,censys,RAT,Remcos,ULTAHOST-AS", "0", "DonPasci" "2025-04-23 20:00:39", "1510613", "175.27.137.222:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/175.27.137.222", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-04-23 20:00:38", "1510612", "119.8.108.74:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/119.8.108.74", "AS136907,C2,censys,CobaltStrike,cs-watermark-666666666,HWCLOUDS-AS-AP", "0", "DonPasci" "2025-04-23 20:00:36", "1510610", "124.71.139.142:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/124.71.139.142", "AS55990,C2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2025-04-23 20:00:36", "1510611", "120.46.16.37:1144", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/120.46.16.37", "AS55990,C2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2025-04-23 20:00:34", "1510608", "31.58.136.13:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/31.58.136.13", "AS396356,C2,censys,CobaltStrike,cs-watermark-987654321,LATITUDE-SH", "0", "DonPasci" "2025-04-23 20:00:34", "1510609", "121.37.217.210:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/121.37.217.210", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-04-23 20:00:33", "1510606", "77.110.116.47:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/77.110.116.47", "AEZA-AS,AS210644,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-23 20:00:33", "1510607", "77.110.116.47:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/77.110.116.47", "AEZA-AS,AS210644,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-23 18:02:45", "1510569", "83201235a6e7e38ce418f0b29aae080965371c562b28ddfadf1696b9fc9d141c", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-wj1dqayrw9/behavioral1", "discovery", "0", "UNP4CK" "2025-04-23 18:02:45", "1510571", "d481bf5c7614fb84c2ece90f6fcb3b7d3d5265814e2375efa8fe5343e8d1fd16", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "25", "https://tria.ge/250423-wla7lsyr18/behavioral1", "discovery", "0", "UNP4CK" "2025-04-23 18:00:35", "1510570", "https://gstarofliught.top/wozd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d6b23cf9b54604654590dd75326ac07da052dd6cf23e1242b5f4014bf906aae0/", "lumma", "0", "abuse_ch" "2025-04-23 17:56:03", "1510561", "jellyfisnbnh.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/92251411-f31b-4576-9de2-ad755e0eac3e", "None", "0", "pitachu" "2025-04-23 17:56:03", "1510562", "h1.glucoseranger.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/92251411-f31b-4576-9de2-ad755e0eac3e", "None", "0", "pitachu" "2025-04-23 17:56:01", "1510563", "db1fec34718760b8378bdfb1767a20606dcfdb016cd4569f17f43c1a173edb56", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-wev87svvfv/behavioral1", "backdoor,discovery,macro", "0", "UNP4CK" "2025-04-23 17:54:13", "1510567", "factisland.icu", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-23 17:54:13", "1510568", "decisioniron.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-23 17:53:52", "1510565", "http://factisland.icu/apr.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-23 17:53:52", "1510566", "http://factisland.icu/apri.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-23 17:53:51", "1510564", "https://guitarcars.icu/art.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-23 17:50:32", "1510556", "7214788f224a5a3d28dad41ac8a3459463bb99deeb0f27ccb102e7e52dffb3e9", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-v9nl6synv6/behavioral1", "discovery,trojan", "0", "UNP4CK" "2025-04-23 17:50:32", "1510557", "c0706de8a1342f8a1e3832c66dd1c1eaba8396a5cbaa1ba47d2caa180d274db8", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-waz2lavsgz/behavioral1", "defense_evasion,discovery,execution,persistence,trojan", "0", "UNP4CK" "2025-04-23 17:50:31", "1510559", "28dd67b5397684e59eb37047ef61e20b01178f314b9073946355e8fcc312acd5", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-wcavgsvtcv/behavioral1", "discovery,persistence", "0", "UNP4CK" "2025-04-23 17:50:31", "1510560", "871c82dfad063dc69336f053d528604a110fd46809f27851abf23fe1f96058d3", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-wdl9xavvaz/behavioral1", "discovery,worm", "0", "UNP4CK" "2025-04-23 17:47:40", "1510558", "pejnguin.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-04-23 17:42:21", "1510554", "176.65.134.100:31679", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-v5brtaylz8/behavioral1", "discovery", "0", "UNP4CK" "2025-04-23 17:42:21", "1510555", "f1bc762a4fe42958cdd16248e28e4b709a4fec3cb6c525449c288254f58ce088", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-v5brtaylz8/behavioral1", "discovery", "0", "UNP4CK" "2025-04-23 17:33:08", "1510546", "7bff1241ddba7252cc2c7357b606cd3ec43b7e163a503c299e4817b16a2246c2", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vxkdzsyj14/behavioral1", "defense_evasion,discovery,execution,persistence,privilege_escalation,trojan", "0", "UNP4CK" "2025-04-23 17:33:08", "1510547", "mtowner.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-23 17:33:07", "1510548", "df606f6074f38a8a1709f9114ca01644fd753dbb831bb11559655f57514bf3ce", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vyrjpatyft/behavioral1", "defense_evasion,discovery,execution,persistence,privilege_escalation,trojan", "0", "UNP4CK" "2025-04-23 17:33:06", "1510549", "https://mtowner.com/5t4r.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-23 17:33:06", "1510551", "https://mtowner.com/4e3r.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-23 17:33:05", "1510550", "259b6cb483006335ef9bf5c15632d5e0ba70cb44131ed632d3229bd2f9ad03fc", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vz3ncatzav/behavioral1", "backdoor,defense_evasion,discovery,persistence,rat,upx", "0", "UNP4CK" "2025-04-23 17:33:05", "1510552", "https://mtowner.com/js.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-23 17:33:04", "1510553", "kasej.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-23 17:23:19", "1510539", "soficave.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:19", "1510541", "https://soficave.com/nlm/sss.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:18", "1510544", "bd154de4db9a219b756eddfb0eddea6ec10b1e0be6ebc08708eb919fa725de8d", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vtfxdstxey/behavioral1", "discovery,persistence,rat,trojan", "0", "UNP4CK" "2025-04-23 17:23:17", "1510543", "7b3ee6a79bd16371dacd622c02e3c8c865954f35a1c0dff40abb7e0647f191c4", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vr5sqsxry7/behavioral1", "discovery,trojan", "0", "UNP4CK" "2025-04-23 17:23:17", "1510545", "4188f89602c036c38fe155ad68a1dc5c0b6bb7cec17e8cdb80be4e7c357f729e", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vv8zkayjw8/behavioral1", "defense_evasion,discovery,execution,persistence,trojan", "0", "UNP4CK" "2025-04-23 17:23:16", "1510542", "3424b126a66f15984149eb747f0dce0c0fa2ce55c48412872b882a8431fb0175", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vqx2haxrw6/behavioral1", "discovery,trojan,upx", "0", "UNP4CK" "2025-04-23 17:23:15", "1510540", "https://soficave.com/nlm/loop.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:14", "1510537", "8f9173f2fd2297bbd569d57845aef3f3f15b89b8b70fe1124b5c3e6876f69512", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vm262sxqx3/behavioral1", "defense_evasion,discovery,execution,persistence,privilege_escalation,trojan", "0", "UNP4CK" "2025-04-23 17:23:14", "1510538", "528e0d168d97d3b64700337727d303c417b7a765e94a189b754453f7d38fde48", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "https://tria.ge/250423-vpdapsxq13/behavioral1", "discovery,persistence,rat,spyware", "0", "UNP4CK" "2025-04-23 17:23:13", "1510535", "c34e2cb80c9634fb0a93d36c1e5eee342f2ae3df3aad66e23122074783d1c8ce", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vkemzaxp17/behavioral1", "backdoor,discovery,trojan,upx", "0", "UNP4CK" "2025-04-23 17:23:13", "1510536", "eadacc96ceb24880d14b5a458c094daab81093d5ccf5e26f5a24971b4e18e8cb", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vlq3dstvgv/behavioral1", "discovery,persistence", "0", "UNP4CK" "2025-04-23 17:23:12", "1510530", "https://ayzyw.top/nlm/loop.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:11", "1510534", "https://ayzyw.top/nlm/sss.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:10", "1510529", "ayzyw.top", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:10", "1510531", "9206ac7204fc6fde14170f4f0822b9abc9cbee6dd82e016cbc9b6da8bf94db88", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vga6dattdt/behavioral1", "discovery,persistence,rat", "0", "UNP4CK" "2025-04-23 17:23:10", "1510533", "https://ayzyw.top/nlm/index.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:09", "1510526", "89ce70ccdfe8bb5080e69ca1acc0e58738f3144d5687b898994ad26e88c39c6d", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-t9sqfsxlw7/behavioral1", "discovery,rat", "0", "UNP4CK" "2025-04-23 17:23:08", "1510527", "9f112964675cd66cd8122eb346d7f03a94ce3697a4c96de6deb14f4507d14868", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-vbss8sxmt6/behavioral1", "defense_evasion,discovery,persistence", "0", "UNP4CK" "2025-04-23 17:23:08", "1510528", "9a02d81aa8b75ad8cc58b4baace4b39b0e0aded9d584feea7f50857b9b644e3b", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "25", "https://tria.ge/250423-veze7atsgx/behavioral1", "discovery", "0", "UNP4CK" "2025-04-23 17:23:07", "1510525", "b7f01198732955d7261150fa1d841349aba6a3cc536c7e692a540096cd0e0537", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-t71chsxkz3/behavioral1", "discovery,persistence", "0", "UNP4CK" "2025-04-23 17:23:06", "1510523", "efaf4b2360c2b943bb51cde01836e0745a3ed38d94e84de924c2f74076fbd4ea", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-t5h1fssyg1/behavioral1", "discovery", "0", "UNP4CK" "2025-04-23 17:23:06", "1510524", "351db80d86453028f1a1bde8d16136f4b925cc55c0a954b1d1f9067de62e598e", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "25", "https://tria.ge/250423-t6pjmaxks9/behavioral1", "defense_evasion,discovery", "0", "UNP4CK" "2025-04-23 17:23:05", "1510522", "d266e4ae9e46504def36744d170d95d87665d6f5af8099151d70e241f417877a", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-t37wsssycz/behavioral1", "defense_evasion,discovery,persistence", "0", "UNP4CK" "2025-04-23 17:23:04", "1510520", "8d15df9b107c2c98ca561a2bea9f1387c3687e9f23e3c25e9776f261b63ff22e", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-tz2wdasxdy/behavioral1", "defense_evasion,discovery,persistence,upx", "0", "UNP4CK" "2025-04-23 17:23:04", "1510521", "05608a7f1f6c6ab7f1e054053af1e5c4176d1f44dc8b131bf241c5dd5294c342", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-t2w3xasyav/behavioral1", "discovery,spyware,stealer", "0", "UNP4CK" "2025-04-23 17:23:03", "1510516", "147.185.221.27:52684", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-04-23 17:23:03", "1510517", "recommended-collins.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-04-23 17:23:02", "1510514", "147.185.221.27:57016", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-04-23 17:23:02", "1510515", "panel-thrown.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-04-23 17:23:01", "1510490", "solidewi.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114387677538882474", "KongTuke", "0", "monitorsg" "2025-04-23 17:23:01", "1510503", "junyk.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-23 17:23:00", "1510488", "https://www.ishimotors.com/profileLayout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-04-23 17:23:00", "1510489", "23.146.184.28:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-04-23 17:22:59", "1510486", "www.ishimotors.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114387436954751925", "SocGholish", "0", "monitorsg" "2025-04-23 17:22:59", "1510487", "dafeq.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-04-23 16:59:00", "1510532", "154.44.10.82:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 16:30:52", "1510519", "http://207.244.199.46/", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://urlquery.net/report/ed239e54-dfe0-4018-a13d-5b96cdee587b", "c2,gremlin,urlquery", "0", "juroots" "2025-04-23 16:02:07", "1510518", "35.205.244.23:80", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/35.205.244.23", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-04-23 16:01:48", "1510513", "incog.live", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/104.21.42.252+incog.live", "AS13335,C2,censys,CLOUDFLARENET,panel,Unam", "0", "DonPasci" "2025-04-23 16:01:35", "1510512", "114.132.94.52:5050", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/114.132.94.52", "AS45090,C2,censys,RAT,TENCENT-NET-AP,Venom", "0", "DonPasci" "2025-04-23 16:01:32", "1510511", "158.180.231.221:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/158.180.231.221", "AS31898,C2,censys,Havoc,ORACLE-BMC-31898", "0", "DonPasci" "2025-04-23 16:01:27", "1510510", "213.209.150.170:9841", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/213.209.150.170", "AS214943,C2,censys,Quasar,RAILNET,RAT", "0", "DonPasci" "2025-04-23 16:01:26", "1510509", "akkiosk.org", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/104.21.59.216+akkiosk.org", "AS13335,C2,censys,CLOUDFLARENET,Hookbot", "0", "DonPasci" "2025-04-23 16:01:25", "1510508", "102.117.171.208:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/102.117.171.208", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-04-23 16:01:19", "1510506", "128.90.113.170:4000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/128.90.113.170", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-04-23 16:01:19", "1510507", "23.95.106.22:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/23.95.106.22", "AS-COLOCROSSING,AS36352,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-04-23 16:01:18", "1510505", "142.202.242.184:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/142.202.242.184", "1GSERVERS,AS14315,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-04-23 15:48:06", "1510502", "46.8.69.46:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "None", "c2,tier-1", "0", "Rony" "2025-04-23 15:45:06", "1510501", "196.251.115.101:5892", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-23 15:44:52", "1510500", "https://pastebin.com/raw/kXhNTSzW", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-23 15:44:35", "1510498", "popbaggy.ignorelist.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-23 15:44:35", "1510499", "zainezw.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-23 15:44:09", "1510497", "https://api.telegram.org/bot7309095694:AAEXFDt7C83fFTVGyimcrdZyYXx9OkR4Q6g/", "url", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "50", "", "agenttesla,c2", "0", "juroots" "2025-04-23 15:40:42", "1510496", "218.104.52.188:9205", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/218.104.52.188#9205", "c2,gophish,phishing,shodan", "0", "juroots" "2025-04-23 15:40:23", "1510495", "31.172.74.201:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/31.172.74.201#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-23 15:40:09", "1510493", "95.131.202.38:9443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/95.131.202.38#9443", "bruteratel,c2,shodan", "0", "juroots" "2025-04-23 15:40:09", "1510494", "212.69.167.73:9443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/212.69.167.73#9443", "bruteratel,c2,shodan", "0", "juroots" "2025-04-23 15:40:06", "1510491", "159.203.2.140:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/159.203.2.140#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-23 15:40:06", "1510492", "39.100.84.28:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/39.100.84.28#443", "c2,cobaltstrike,shodan", "0", "juroots" # Number of entries: 846