################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2025-07-24 11:05:12 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-07-24 11:05:12", "1560318", "82.29.54.36:6789", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-07-24 09:44:44", "1560271", "14.225.198.50:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "75", "https://threatquery.com/engines/ip.html?value=14.225.198.50&type=ip", "AS135905,c2,Havoc,threatquery", "0", "threatquery" "2025-07-24 09:44:44", "1560272", "royaltbn.xyz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-24 09:44:43", "1560273", "columnez.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-24 09:44:43", "1560274", "mixp.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-24 09:44:42", "1560275", "woodenso.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-24 09:44:41", "1560276", "foundrr.bet", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-24 09:44:41", "1560277", "nanoceus.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-24 09:20:11", "1560314", "http://ce12403.tw1.ru/b17cb5bf.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-07-24 09:19:07", "1560310", "linejjer.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:07", "1560311", "porzxgnw.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:07", "1560312", "lysandjkd.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:07", "1560313", "bumpegq.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:06", "1560304", "cosopwx.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:06", "1560305", "ellexb.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:06", "1560306", "dogtrgc.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:06", "1560307", "podhxwf.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:06", "1560308", "potppfu.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:06", "1560309", "tranfex.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:05", "1560294", "genuygpa.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:05", "1560295", "idioigsa.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:05", "1560296", "exponxb.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:05", "1560297", "profityd.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:05", "1560298", "tefere.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:05", "1560299", "mesovti.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:05", "1560300", "trainaj.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:05", "1560301", "oesopt.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:05", "1560302", "superuu.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:05", "1560303", "unswqik.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:04", "1560290", "eintek.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:04", "1560291", "raincazn.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:04", "1560292", "hardexbo.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:04", "1560293", "siluriyt.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:03", "1560282", "agrevpud.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:03", "1560283", "carptrvo.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:03", "1560284", "conaarl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:03", "1560285", "religxp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:03", "1560286", "frowjyx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:03", "1560287", "hobbcxez.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:03", "1560288", "grateb.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:03", "1560289", "charuhd.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:02", "1560278", "eliminhd.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:02", "1560279", "sheddeuh.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:02", "1560280", "blegekei.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 09:19:02", "1560281", "newyorwr.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 08:46:41", "1560270", "2.50.53.227:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-07-24 10:46:18", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-07-24 08:40:06", "1560269", "http://196.251.81.176/dF30Hn4m/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "None", "Amadey", "0", "abuse_ch" "2025-07-24 08:01:53", "1560268", "176.46.158.40:1911", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://search.censys.io/hosts/176.46.158.40", "AS-PFCLOUD,AS202685,C2,censys,redline,stealer", "0", "DonPasci" "2025-07-24 08:01:40", "1560267", "111.90.151.59:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:43:27", "100", "https://search.censys.io/hosts/111.90.151.59", "AS45839,C2,censys,Mythic,SHINJIRU-MY-AS-AP", "0", "DonPasci" "2025-07-24 08:01:36", "1560266", "34.219.119.143:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.219.119.143", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2025-07-24 08:01:27", "1560265", "124.198.132.250:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:43:42", "100", "https://search.censys.io/hosts/124.198.132.250", "AS210558,AsyncRAT,C2,censys,RAT,SERVICES-1337-GMBH", "0", "DonPasci" "2025-07-24 08:01:23", "1560264", "124.198.132.250:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:43:42", "100", "https://search.censys.io/hosts/124.198.132.250", "AS210558,AsyncRAT,C2,censys,RAT,SERVICES-1337-GMBH", "0", "DonPasci" "2025-07-24 08:01:08", "1560263", "47.105.51.165:2000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-07-24 10:47:48", "100", "https://search.censys.io/hosts/47.105.51.165", "ALIBABA-CN-NET,AS37963,C2,censys,Sliver", "0", "DonPasci" "2025-07-24 08:00:42", "1560262", "47.237.86.35:52901", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.237.86.35", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-24 08:00:39", "1560261", "101.200.193.211:8090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.200.193.211", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-07-24 07:40:12", "1560259", "expressapiwizard.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "", "SocGholish", "0", "HuntYethHounds" "2025-07-24 07:35:03", "1560260", "107.158.145.206:5610", "ip:port", "botnet_cc", "jar.strrat", "None", "STRRAT", "", "100", "None", "STRRAT", "0", "abuse_ch" "2025-07-24 07:25:15", "1560258", "wppanel.icu", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "", "fakeupdates", "0", "HuntYethHounds" "2025-07-24 06:43:13", "1560257", "pallvlxl.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-07-24 06:42:52", "1560256", "machine-resume.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-07-24 06:42:28", "1560255", "know-damages.gl.at.ply.gg", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-07-24 06:42:14", "1560254", "77.96.238.78:8686", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "50", "", "c2,orcus", "0", "juroots" "2025-07-24 06:42:01", "1560253", "narrowfemboy.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots" "2025-07-24 06:41:22", "1560252", "167.160.161.43:1888", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-07-24 06:39:16", "1560251", "35.177.208.100:3101", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/35.177.208.100#3101", "c2,netsupport,shodan", "0", "juroots" "2025-07-24 06:38:57", "1560250", "101.200.221.43:3306", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/101.200.221.43#3306", "c2,extreme,shodan", "0", "juroots" "2025-07-24 06:38:42", "1560249", "84.46.243.167:10443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "50", "https://www.shodan.io/host/84.46.243.167#10443", "adaptixc2,c2,shodan", "0", "juroots" "2025-07-24 06:37:44", "1560248", "87.228.114.68:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/87.228.114.68#7443", "c2,mythic,shodan", "0", "juroots" "2025-07-24 06:37:37", "1560243", "b6ee03c1fd8aa335c0b888617594058fa83650a7", "sha1_hash", "payload", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "C2,Lumma Stealer,Malware", "0", "Chamindu_X" "2025-07-24 06:37:36", "1560244", "https://viadeo.best/stream.pdf", "url", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Lumma Stealer,malware", "0", "Chamindu_X" "2025-07-24 06:37:24", "1560247", "198.7.124.59:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/198.7.124.59#31337", "c2,shodan,sliver", "0", "juroots" "2025-07-24 06:37:05", "1560246", "47.242.129.79:9443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.242.129.79#9443", "c2,cobaltstrike,cs-watermark-100000,shodan", "0", "juroots" "2025-07-24 06:37:02", "1560245", "47.110.33.225:4848", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.110.33.225#4848", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-07-24 06:29:24", "1560220", "http://43.160.252.15:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 06:39:49", "100", "None", "AS132203,supershell,Tencent Building Kejizhongyi Avenue", "0", "antiphishorg" "2025-07-24 06:28:53", "1560158", "security.flaversegaurd.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-24 06:28:53", "1560159", "kacivoped.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-24 06:28:51", "1560164", "wndlogon.itemdb.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://bazaar.abuse.ch/browse/tag/WinSilc/", "WinSilc", "0", "aachum" "2025-07-24 06:28:50", "1560163", "wndlogon.hopto.org", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://bazaar.abuse.ch/browse/tag/WinSilc/", "WinSilc", "0", "aachum" "2025-07-24 06:28:49", "1560176", "103.77.241.176:12121", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://www.virustotal.com/gui/file/728c164f79f7ecaba065bf78e4040d195caa416f2c67e9adfca2988528f09f63/behavior", "mirai,morte", "1", "BlinkzSec" "2025-07-24 06:28:48", "1560184", "http://kurama.network/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Nosviak", "1", "BlinkzSec" "2025-07-24 06:28:44", "1559854", "delfxus.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-24 06:28:43", "1559855", "jambnwz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-24 06:28:43", "1559856", "sparklfm.xyz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-24 06:28:42", "1559846", "app.kefel.tech", "domain", "botnet_cc", "win.spica", "None", "SPICA", "", "50", "https://medium.com/@knownascipher/kefel-io-friends-coldriver-c-c-infrastructure-report-84aa041b141a", "APK,APT,C2,CryptoScam,EXE,FakeCryptoDashboard,Fast-Flux,NodeJS,PQ-Hosting,RussianAPT,SSLReuse", "0", "akaCipher" "2025-07-24 06:28:42", "1559847", "428d09ca103d2593e3555304a2862f873c70ca7d", "domain", "botnet_cc", "win.spica", "None", "SPICA", "", "50", "https://medium.com/@knownascipher/kefel-io-friends-coldriver-c-c-infrastructure-report-84aa041b141a", "APK,APT,C2,CryptoScam,EXE,FakeCryptoDashboard,Fast-Flux,NodeJS,PQ-Hosting,RussianAPT,SSLReuse", "0", "akaCipher" "2025-07-24 06:28:41", "1559844", "s3.kefel.tech", "domain", "botnet_cc", "win.spica", "None", "SPICA", "", "50", "https://medium.com/@knownascipher/kefel-io-friends-coldriver-c-c-infrastructure-report-84aa041b141a", "APK,APT,C2,CryptoScam,EXE,FakeCryptoDashboard,Fast-Flux,NodeJS,PQ-Hosting,RussianAPT,SSLReuse", "0", "akaCipher" "2025-07-24 06:28:41", "1559845", "s4.kefel.tech", "domain", "botnet_cc", "win.spica", "None", "SPICA", "", "50", "https://medium.com/@knownascipher/kefel-io-friends-coldriver-c-c-infrastructure-report-84aa041b141a", "APK,APT,C2,CryptoScam,EXE,FakeCryptoDashboard,Fast-Flux,NodeJS,PQ-Hosting,RussianAPT,SSLReuse", "0", "akaCipher" "2025-07-24 06:28:39", "1559843", "s2.kefel.tech", "domain", "botnet_cc", "win.spica", "None", "SPICA", "", "50", "https://medium.com/@knownascipher/kefel-io-friends-coldriver-c-c-infrastructure-report-84aa041b141a", "APK,APT,C2,CryptoScam,EXE,FakeCryptoDashboard,Fast-Flux,NodeJS,PQ-Hosting,RussianAPT,SSLReuse", "0", "akaCipher" "2025-07-24 06:28:38", "1559842", "s1.kefel.tech", "domain", "botnet_cc", "win.spica", "None", "SPICA", "", "50", "https://medium.com/@knownascipher/kefel-io-friends-coldriver-c-c-infrastructure-report-84aa041b141a", "APK,APT,C2,CryptoScam,EXE,FakeCryptoDashboard,Fast-Flux,NodeJS,PQ-Hosting,RussianAPT,SSLReuse", "0", "akaCipher" "2025-07-24 06:28:37", "1559840", "kefel.tech", "domain", "botnet_cc", "win.spica", "None", "SPICA", "", "50", "https://medium.com/@knownascipher/kefel-io-friends-coldriver-c-c-infrastructure-report-84aa041b141a", "APK,APT,C2,CryptoScam,EXE,FakeCryptoDashboard,Fast-Flux,NodeJS,PQ-Hosting,RussianAPT,SSLReuse", "0", "akaCipher" "2025-07-24 06:28:37", "1559841", "kefel.io", "domain", "botnet_cc", "win.spica", "None", "SPICA", "", "50", "https://medium.com/@knownascipher/kefel-io-friends-coldriver-c-c-infrastructure-report-84aa041b141a", "APK,APT,C2,CryptoScam,EXE,FakeCryptoDashboard,Fast-Flux,NodeJS,PQ-Hosting,RussianAPT,SSLReuse", "0", "akaCipher" "2025-07-24 06:28:36", "1559838", "http://45.131.64.210/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-07-23 21:50:41", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-07-24 06:21:15", "1560242", "49.235.177.231:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-07-24 06:21:12", "1560239", "8.148.31.196:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-24 06:21:12", "1560240", "47.122.51.211:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-24 06:21:12", "1560241", "47.122.63.142:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-24 06:20:21", "1560238", "47.122.121.212:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-24 06:20:18", "1560237", "38.54.30.22:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-24 06:20:17", "1560235", "47.109.88.26:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-07-24 06:20:17", "1560236", "8.148.20.98:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-24 06:20:16", "1560234", "43.143.114.43:8090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890", "0", "abuse_ch" "2025-07-24 06:20:10", "1560233", "8.148.79.177:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-24 06:20:09", "1560231", "47.122.158.70:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-24 06:20:09", "1560232", "113.45.243.41:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike", "0", "abuse_ch" "2025-07-24 06:20:07", "1560230", "185.11.145.125:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-07-24 06:06:51", "1560229", "board-promotes.gl.at.ply.gg", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://tria.ge/250724-b16xlsek4x", "C2,domain,neptunerat,rat,triage", "0", "DonPasci" "2025-07-24 06:06:24", "1560228", "206.238.179.200:31796", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250724-gmk1watxa1", "AS399077,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-07-24 06:05:59", "1560227", "147.45.219.9:5552", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250724-fzlbqsfn2z", "AS33842,C2,njrat,triage", "0", "DonPasci" "2025-07-24 06:05:15", "1560226", "http://wranglerjeans.shop", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250724-apj32atmv8", "C2,stealc,stealer,triage", "0", "DonPasci" "2025-07-24 06:02:23", "1560225", "video-trinity.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250724-b556waek6y", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-07-24 06:01:56", "1560224", "88.247.16.132:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250724-fmw8gafl8y", "AS9121,asyncrat,C2,rat,triage", "0", "DonPasci" "2025-07-24 06:01:50", "1560223", "ansy2307.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250724-c78v8atrt9", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-24 06:01:13", "1560222", "l-integrate.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250724-d8a61ser5w", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-24 06:01:06", "1560221", "92.222.100.197:7777", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250724-f3znjavmy8", "AS16276,C2,triage,xworm", "0", "DonPasci" "2025-07-24 05:50:11", "1560219", "206.238.179.200:31795", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-07-24 04:14:25", "1560218", "107.150.0.62:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-07-24 04:04:10", "1560217", "47.254.85.24:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.254.85.24", "AS45102,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:09", "1560215", "51.20.113.187:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/51.20.113.187", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:09", "1560216", "35.180.25.119:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/35.180.25.119", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:08", "1560212", "185.47.174.137:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.47.174.137", "AS204548,censys,CLOUDWEBMANAGE-IL-FR,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:08", "1560213", "98.70.42.229:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/98.70.42.229", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:08", "1560214", "183.82.122.12:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/183.82.122.12", "AS18209,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:07", "1560211", "3.89.93.231:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.89.93.231", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:06", "1560210", "159.65.128.224:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/159.65.128.224", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:05", "1560207", "129.211.211.145:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/129.211.211.145", "AS45090,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:05", "1560208", "4.198.121.42:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/4.198.121.42", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:05", "1560209", "185.209.162.101:445", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.209.162.101", "AS14576,censys,GoPhish,HOSTING-SOLUTIONS,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:04", "1560204", "167.234.226.89:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/167.234.226.89", "AS31898,censys,GoPhish,ORACLE-BMC-31898,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:04", "1560205", "103.235.75.107:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.235.75.107", "AS135444,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:04", "1560206", "31.97.248.145:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/31.97.248.145", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:03", "1560202", "46.101.208.87:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/46.101.208.87", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:03", "1560203", "18.142.9.64:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.142.9.64", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-24 04:04:02", "1560201", "89.221.214.18:51115", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/89.221.214.18", "AS197019,censys,GoPhish,Phishing,WEDOS", "0", "dyingbreeds_" "2025-07-24 04:03:57", "1560200", "47.96.40.33:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.96.40.33", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-07-24 04:03:00", "1560199", "ec2-34-219-119-143.us-west-2.compute.amazonaws.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.219.119.143+ec2-34-219-119-143.us-west-2.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "dyingbreeds_" "2025-07-24 04:02:27", "1560198", "103.253.27.116:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "https://search.censys.io/hosts/103.253.27.116", "AS133210,C2,censys,ENTECHNOLOGIES-AS-AP,RAT", "0", "DonPasci" "2025-07-24 04:02:22", "1560197", "60.204.208.172:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/60.204.208.172", "AS55990,C2,censys,CobaltStrike,HWCSNET,open-dir", "0", "DonPasci" "2025-07-24 04:02:01", "1560196", "45.192.209.54:8888", "ip:port", "botnet_cc", "elf.kaiji", "None", "Kaiji", "2025-07-24 04:03:51", "100", "https://search.censys.io/hosts/45.192.209.54", "ANTBOX1-AS-AP,AS138995,C2,censys", "0", "DonPasci" "2025-07-24 04:01:58", "1560195", "45.192.209.47:8888", "ip:port", "botnet_cc", "elf.kaiji", "None", "Kaiji", "2025-07-24 04:03:51", "100", "https://search.censys.io/hosts/45.192.209.47", "ANTBOX1-AS-AP,AS138995,C2,censys", "0", "DonPasci" "2025-07-24 04:01:49", "1560194", "130.164.181.230:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:43:55", "100", "https://search.censys.io/hosts/130.164.181.230", "AS25019,C2,censys,Netsupport,RAT,SAUDINETSTC-AS", "0", "DonPasci" "2025-07-24 04:01:41", "1560193", "85.208.84.56:45051", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-07-24 10:48:59", "100", "https://search.censys.io/hosts/85.208.84.56", "AS211659,C2,censys,Hookbot,STIMUL-AS", "0", "DonPasci" "2025-07-24 04:01:34", "1560192", "185.93.89.55:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/185.93.89.55", "AS213790,C2,censys,LIMITEDNETWORK-AS,RAT,Sectop", "0", "DonPasci" "2025-07-24 04:01:17", "1560191", "185.174.135.71:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://search.censys.io/hosts/185.174.135.71", "AS59711,C2,censys,HZ-EU-AS,RAT,SpiceRAT", "0", "DonPasci" "2025-07-24 04:01:13", "1560190", "fast.mirzazizo.https443.net", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://search.censys.io/hosts/85.239.55.40+fast.mirzazizo.https443.net", "AS62005,BV-EU-AS,C2,censys,RAT,SpiceRAT", "0", "DonPasci" "2025-07-24 04:01:08", "1560189", "104.243.254.98:4862", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-07-24 10:43:15", "100", "https://search.censys.io/hosts/104.243.254.98", "AS7040,C2,censys,NETMINDERS,RAT,Remcos", "0", "DonPasci" "2025-07-24 04:00:43", "1560188", "65.99.193.152:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:10", "100", "https://search.censys.io/hosts/65.99.193.152", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-07-24 04:00:37", "1560187", "47.110.229.125:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:00:49", "100", "https://search.censys.io/hosts/47.110.229.125", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-07-24 04:00:11", "1560186", "113.45.134.83:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:21:14", "100", "https://search.censys.io/hosts/113.45.134.83", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-07-24 02:48:49", "1560185", "bxmv1taxbxr8p.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:49:26", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-24 01:10:29", "1560182", "https://main.db.review.digital", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-24 10:10:41", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-07-24 01:10:29", "1560183", "main.db.review.digital", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-24 10:10:42", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-07-24 01:10:28", "1560181", "https://195.201.251.183", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-24 10:10:41", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-07-24 00:45:47", "1560180", "https://t.me/dz25gz", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "https://bazaar.abuse.ch/sample/f8e72c4db348eb70ec22401abfc618e8a58f115c41be7acb36fd6732f367c37c/", "vidar", "0", "abuse_ch" "2025-07-24 00:45:43", "1560179", "https://steamcommunity.com/profiles/76561199880530249", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "https://bazaar.abuse.ch/sample/f8e72c4db348eb70ec22401abfc618e8a58f115c41be7acb36fd6732f367c37c/", "vidar", "0", "abuse_ch" "2025-07-24 00:45:42", "1560178", "https://sparklfm.xyz/xoit", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/f8e72c4db348eb70ec22401abfc618e8a58f115c41be7acb36fd6732f367c37c/", "lumma", "0", "abuse_ch" "2025-07-24 00:45:31", "1560177", "https://jambnwz.top/gakh", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/f8e72c4db348eb70ec22401abfc618e8a58f115c41be7acb36fd6732f367c37c/", "lumma", "0", "abuse_ch" "2025-07-24 00:03:15", "1560175", "91.92.120.113:62520", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-07-24 00:02:29", "1560174", "52.205.143.192:443", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/52.205.143.192", "AMAZON-AES,AS14618,C2,censys,PowershellEmpire", "0", "DonPasci" "2025-07-24 00:02:27", "1560173", "207.180.246.14:80", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/207.180.246.14", "AS51167,C2,censys,CONTABO,PowershellEmpire", "0", "DonPasci" "2025-07-24 00:02:25", "1560172", "34.229.188.97:80", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/34.229.188.97", "AMAZON-AES,AS14618,C2,censys,PowershellEmpire", "0", "DonPasci" "2025-07-24 00:01:53", "1560171", "13.232.71.100:5222", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:43:51", "100", "https://search.censys.io/hosts/13.232.71.100", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-24 00:01:47", "1560170", "54.242.171.49:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-24 10:48:16", "100", "https://search.censys.io/hosts/54.242.171.49", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci" "2025-07-24 00:01:42", "1560169", "accounts.secure-verifications.es", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-24 04:03:24", "100", "https://search.censys.io/hosts/172.86.84.43+accounts.secure-verifications.es", "AS14956,C2,censys,Havoc,ROUTERHOSTING", "0", "DonPasci" "2025-07-24 00:01:32", "1560168", "45.32.187.145:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/45.32.187.145", "AS-VULTR,AS20473,C2,censys,RAT,Sectop", "0", "DonPasci" "2025-07-24 00:01:27", "1560167", "85.102.13.26:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:48:58", "100", "https://search.censys.io/hosts/85.102.13.26", "AS9121,AsyncRAT,C2,censys,RAT,TTNET", "0", "DonPasci" "2025-07-24 00:00:53", "1560166", "43.138.22.149:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:01:40", "100", "https://search.censys.io/hosts/43.138.22.149", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-07-24 00:00:40", "1560165", "43.138.22.149:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:01:46", "100", "https://search.censys.io/hosts/43.138.22.149", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-07-23 23:10:16", "1560162", "37.120.208.40:57625", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-07-23 22:50:54", "1560160", "72.10.160.165:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-07-24 10:52:04", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-07-23 22:50:54", "1560161", "72.10.160.166:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-07-24 10:52:04", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-07-23 20:47:53", "1560157", "45.9.2.12:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-07-24 10:47:43", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-23 20:45:50", "1560156", "188.4.60.216:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-07-24 10:45:43", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-07-23 20:45:26", "1560155", "18.253.92.151:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-07-24 10:45:21", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-23 20:44:38", "1560153", "16.64.38.46:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-07-24 10:44:34", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-23 20:44:38", "1560154", "16.64.41.204:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-07-24 10:44:35", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-23 20:43:55", "1560152", "13.248.147.218:6443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-07-24 10:43:52", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-23 20:02:53", "1560151", "62.60.226.235:8888", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/62.60.226.235", "AS214351,C2,censys,cert,FEMOIT,rhadamanthys,stealer", "0", "DonPasci" "2025-07-23 20:02:50", "1560150", "5.79.96.117:8081", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-07-24 10:48:00", "100", "https://search.censys.io/hosts/5.79.96.117", "AS60781,BianLian,C2,censys,LEASEWEB-NL-AMS-01", "0", "DonPasci" "2025-07-23 20:02:49", "1560149", "216.105.169.10:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "https://search.censys.io/hosts/216.105.169.10", "AS63018,C2,censys,DEDICATED,RAT", "0", "DonPasci" "2025-07-23 20:02:47", "1560148", "8.211.5.170:443", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/8.211.5.170", "ALIBABA-CN-NET,AS45102,C2,censys,PowershellEmpire", "0", "DonPasci" "2025-07-23 20:02:27", "1560147", "207.180.246.14:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-07-24 10:46:24", "100", "https://search.censys.io/hosts/207.180.246.14", "AS51167,censys,Chaos,CONTABO,panel", "0", "DonPasci" "2025-07-23 20:02:16", "1560145", "155.94.155.251:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-07-23 20:02:16", "1560146", "107.150.0.84:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-07-23 20:02:13", "1560144", "102.100.73.246:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:43:06", "100", "https://search.censys.io/hosts/102.100.73.246", "AS36925,ASMedi,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-23 20:02:07", "1560143", "181.174.164.139:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-24 10:45:24", "100", "https://search.censys.io/hosts/181.174.164.139", "AS52469,C2,censys,Havoc,Offshore", "0", "DonPasci" "2025-07-23 20:02:04", "1560142", "23-92-20-65.ip.linodeusercontent.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-24 04:03:27", "100", "https://search.censys.io/hosts/23.92.20.65+23-92-20-65.ip.linodeusercontent.com", "AKAMAI-LINODE-AP,AS63949,C2,censys,Havoc", "0", "DonPasci" "2025-07-23 20:02:00", "1560141", "92.249.61.30:3000", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-07-24 04:03:20", "100", "https://search.censys.io/hosts/92.249.61.30", "AS212219,C2,censys,HOSTINGDUNYAM,Quasar,RAT", "0", "DonPasci" "2025-07-23 20:01:58", "1560140", "177.103.18.77:5000", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-07-24 04:03:18", "100", "https://search.censys.io/hosts/177.103.18.77", "AS27699,C2,censys,Quasar,RAT,TELEFONICA", "0", "DonPasci" "2025-07-23 20:01:55", "1560139", "102.117.165.12:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:43:06", "100", "https://search.censys.io/hosts/102.117.165.12", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-07-23 20:01:48", "1560138", "94.156.177.121:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:49:16", "100", "https://search.censys.io/hosts/94.156.177.121", "AS214943,AsyncRAT,C2,censys,RAILNET,RAT", "0", "DonPasci" "2025-07-23 20:01:46", "1560137", "85.102.13.26:3000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:48:58", "100", "https://search.censys.io/hosts/85.102.13.26", "AS9121,AsyncRAT,C2,censys,RAT,TTNET", "0", "DonPasci" "2025-07-23 20:01:43", "1560136", "172.81.62.139:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:44:55", "100", "https://search.censys.io/hosts/172.81.62.139", "AS398019,AsyncRAT,C2,censys,DYNU,RAT", "0", "DonPasci" "2025-07-23 20:01:20", "1560135", "91.227.77.6:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://search.censys.io/hosts/91.227.77.6", "AS62005,BV-EU-AS,C2,censys,RAT,SpiceRAT", "0", "DonPasci" "2025-07-23 20:01:01", "1560134", "121.61.108.193:444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:00:55", "100", "https://search.censys.io/hosts/121.61.108.193", "AS4134,C2,censys,CHINANET-BACKBONE,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2025-07-23 20:00:54", "1560133", "110.42.57.182:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:01:21", "100", "https://search.censys.io/hosts/110.42.57.182", "AS136188,C2,censys,CHINATELECOM-ZHEJIANG-NINGBO-IDC,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 20:00:46", "1560132", "45.80.158.252:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:21:17", "100", "https://search.censys.io/hosts/45.80.158.252", "AS210558,C2,censys,CobaltStrike,cs-watermark-987654321,SERVICES-1337-GMBH", "0", "DonPasci" "2025-07-23 20:00:42", "1560131", "20.243.170.247:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:01:51", "100", "https://search.censys.io/hosts/20.243.170.247", "AS8075,C2,censys,CobaltStrike,cs-watermark-987654321,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-07-23 20:00:38", "1560130", "196.251.80.243:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:01:04", "100", "https://search.censys.io/hosts/196.251.80.243", "AS401120,C2,censys,CHEAPY-HOST,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-07-23 19:18:57", "1560101", "bedazq.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:57", "1560102", "tonmtq.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:57", "1560103", "moxqk.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:57", "1560104", "deaoee.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:57", "1560105", "unfjbw.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:57", "1560106", "retailrakkbakk.info", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:57", "1560107", "ftgoiv.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:57", "1560108", "ngbmrq.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:57", "1560109", "baemdk.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:57", "1560110", "hylyzb.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:56", "1560098", "beqeowc.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:56", "1560099", "turnick.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:55", "1560092", "pinywpc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:55", "1560095", "escgzk.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:55", "1560096", "textmastery.net", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:55", "1560097", "lumma-market.fun", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:54", "1560091", "reckdp.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:53", "1560081", "defvj.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:53", "1560083", "electr.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:52", "1560079", "gennqut.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:52", "1560080", "mispiqad.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:51", "1560075", "advancednodefx.net", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:51", "1560077", "heartny.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:49", "1560072", "skincee.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:48", "1560065", "fayebbc.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:48", "1560066", "bcjpdb.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:48", "1560067", "clarazx.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:48", "1560068", "chartri.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:48", "1560069", "cgsgwl.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:48", "1560070", "batrj.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:48", "1560071", "ajuyn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560045", "bqeto.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560046", "atlakhv.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560047", "butmxy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560048", "atqgz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560049", "teextes.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560050", "sublimv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560051", "sndemam.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560052", "siiqga.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560053", "siewcl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560054", "sanitfy.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560055", "saawzig.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560056", "plnnozg.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560057", "pledgxe.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560058", "misco.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560059", "joylyzv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560060", "hovve.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560061", "ligwkv.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560062", "aperojk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560063", "hakyjq.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:47", "1560064", "fflxah.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560024", "banirv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560025", "alooi.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560026", "aczpy.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560027", "utiavg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560028", "ungqnh.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560029", "rictbxt.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560030", "prexn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560031", "fradpf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560032", "lucufj.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560033", "cuvcicr.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560034", "butvqr.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560035", "adviykk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560036", "lilexu.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560037", "lateged.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560038", "hotw.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560039", "gimbrte.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560040", "appasxp.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560041", "agnostn.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560042", "defyhub.net", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560043", "currx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:46", "1560044", "civijgc.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560002", "dimtl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560003", "collb.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560004", "afdzph.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560006", "tilvfq.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560007", "sthfna.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560008", "pantvi.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560009", "migwsy.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560010", "tooql.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560011", "picnq.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560012", "madpgk.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560013", "inswti.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560014", "chehmk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560015", "bisci.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560016", "laoewv.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560017", "kilcvv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560018", "euyzh.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560019", "cryrn.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560020", "coyawl.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560021", "clotj.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560022", "cidtpz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:45", "1560023", "prgdzp.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559981", "stibm.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559982", "spisd.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559983", "sopzbd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559984", "siyju.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559985", "sckfs.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559986", "scfyfa.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559987", "pouytr.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559988", "plsnae.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559989", "pekyow.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559990", "mawscf.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559991", "karapvc.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559992", "insdly.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559993", "heavdu.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559994", "germon.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559995", "genuj.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559996", "gasvej.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559997", "gaukbj.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559998", "fiurz.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1559999", "anntiv.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1560000", "elilzy.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:44", "1560001", "ecchs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559963", "acqcfc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559964", "dupufl.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559965", "selflch.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559966", "rankibanni.info", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559967", "abbcdc.info", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559968", "dibb.info", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559969", "cb-dd.info", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559970", "bannfab.info", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559971", "zyihztu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559972", "wouamhg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559973", "whirzd.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559974", "sptegm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559975", "spifd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559976", "siaetld.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559977", "miiuf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559978", "instbf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559979", "genxsy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:43", "1559980", "erhrwcu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559943", "monzb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559944", "lineyn.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559945", "ketwue.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559946", "jalonla.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559947", "gloob.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559948", "endtou.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559949", "elbguy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559950", "disrgqs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559951", "civimd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559952", "inthxt.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559953", "inspnq.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559954", "flamkc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559955", "urizfah.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559956", "encrnb.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559957", "mongok.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559958", "doctqc.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559959", "pinepx.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559960", "adjvcz.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559961", "amerox.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:42", "1559962", "aixraj.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559926", "dalwdd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559927", "cuwewki.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559928", "conrlim.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559929", "cawbn.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559930", "accepkw.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559932", "naveei.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559933", "dessxc.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559934", "venatec.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559935", "sonskhq.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559936", "softanw.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559937", "sharaqz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559938", "saviutf.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559939", "pressm.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559940", "posteqz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559941", "notbwd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:41", "1559942", "neutee.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559910", "coreqdi.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559911", "consono.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559912", "castdyt.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559913", "brotsjom.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:03", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559914", "autotnyx.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559915", "allosno.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559916", "rubeuiq.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559917", "relqfn.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559918", "numberv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559919", "ninaohi.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559920", "neobuvv.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559921", "mistucr.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559922", "marixzn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559923", "loxinxg.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559924", "iddzjd.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:40", "1559925", "fratjo.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559891", "restauun.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559892", "pennkavs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559893", "pandhnyk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559894", "exodjhbn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:03", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559895", "caaokan.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559896", "uvulyxt.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559897", "unthozx.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:03", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559898", "spicerb.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559899", "respluk.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:03", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559900", "monkevm.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559901", "insulfm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559902", "cometopa.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559903", "cenmyrm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559904", "betidsv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559905", "acetjjxl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559906", "hellkkj.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559907", "growtfw.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559908", "cycdjja.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:05", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:39", "1559909", "cucjdlc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:03", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559879", "personal-bann-fab.info", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559880", "squirrvm.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559881", "dermisrg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559882", "blastodx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559883", "artifizz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559884", "amplitra.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559885", "hermew.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:03", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559886", "garmenae.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559887", "fixoml.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559888", "antibigi.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559889", "boylmc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:03", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:38", "1559890", "callxgcs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:37", "1559869", "topkkn.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:37", "1559870", "stranzv.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:37", "1559871", "rebeqax.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:37", "1559872", "placlzh.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:37", "1559873", "membios.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:37", "1559874", "illusgw.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:37", "1559875", "glidzgs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:37", "1559876", "prefilc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:37", "1559877", "chocupw.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 19:18:37", "1559878", "dispckg.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "75", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-07-23 18:52:02", "1559868", "47.245.61.75:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:51:53", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-23 18:51:49", "1559867", "45.143.92.81:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:51:41", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-23 18:49:44", "1559865", "t.ptib.su", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:49:41", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-23 18:49:44", "1559866", "test.c2test.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:49:41", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-23 18:49:23", "1559864", "2fm7tpwmpc2gd.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:49:22", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-23 18:45:32", "1559863", "qu4s4rx.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/17f1fc182f8d844cbabe3c7c3f22bb6fae8962e6f31d0b2ffe3adc32bdc746e7/", "quasar", "0", "abuse_ch" "2025-07-23 18:40:05", "1559862", "185.241.208.219:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2025-07-23 18:04:47", "1559861", "196.251.72.174:7172", "ip:port", "botnet_cc", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "100", "https://tria.ge/250723-styq4axyes", "AS401120,aurotunstealer,C2,stealer,triage", "0", "DonPasci" "2025-07-23 18:04:45", "1559860", "198.251.84.224:7172", "ip:port", "botnet_cc", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "100", "https://tria.ge/250723-styq4axyes", "AS53667,aurotunstealer,C2,stealer,triage", "0", "DonPasci" "2025-07-23 18:03:23", "1559859", "given-offense.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250723-rfgd8agl4w", "C2,domain,njrat,triage", "0", "DonPasci" "2025-07-23 18:03:10", "1559858", "109.248.201.180:7500", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://tria.ge/250723-vxbrvaythy", "AS204490,C2,RedLine,RedlineStealer,stealer,triage", "0", "DonPasci" "2025-07-23 18:01:36", "1559857", "23.140.8.180:23032", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250723-qk8tlafr8z", "AS394760,C2,rat,remcos,triage", "0", "DonPasci" "2025-07-23 17:55:19", "1559853", "147.185.221.26:27450", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-07-23 17:45:58", "1559852", "https://perfoxd.xyz/xkfj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/98ebb99e3993e8f5546c997371efecacfa5a6edd7796752b923487aafc251a15/", "lumma", "0", "abuse_ch" "2025-07-23 17:35:57", "1559851", "https://t.me/sadjv23jadjdhjsa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/125edb38ce9edda52a7ccace6d5d7adfd37b7e9ebfd38cf7dd072c16124bc1c3/", "lumma", "0", "abuse_ch" "2025-07-23 17:10:28", "1559849", "https://api.organica.tv", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-24 10:10:39", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-23 17:10:28", "1559850", "api.organica.tv", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-24 10:10:39", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-23 17:10:27", "1559848", "https://116.203.165.217", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-24 10:10:38", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-23 17:00:38", "1559839", "79.110.49.104:6363", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-07-23 16:04:15", "1559837", "192.159.99.85:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-07-23 16:02:45", "1559836", "62.60.226.159:19000", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/62.60.226.159", "AS214351,C2,censys,FEMOIT,rhadamanthys,stealer", "0", "DonPasci" "2025-07-23 16:02:41", "1559835", "150.139.144.163:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "https://search.censys.io/hosts/150.139.144.163", "AS136195,C2,censys,CHINATELECOM-QINGDAO-CLOUDBASE,RAT", "0", "DonPasci" "2025-07-23 16:02:38", "1559834", "47.236.156.89:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "https://search.censys.io/hosts/47.236.156.89", "ALIBABA-CN-NET,AS45102,C2,censys,RAT", "0", "DonPasci" "2025-07-23 16:02:25", "1559833", "107.150.0.64:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-07-23 16:02:20", "1559832", "35.228.18.60:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:47:06", "100", "https://search.censys.io/hosts/35.228.18.60", "AS396982,censys,EvilGoPhish,GOOGLE-CLOUD-PLATFORM,panel,Phishing", "0", "DonPasci" "2025-07-23 16:02:05", "1559831", "13.127.250.197:1963", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:43:50", "100", "https://search.censys.io/hosts/13.127.250.197", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-23 16:01:59", "1559830", "44.245.0.39:10080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-24 10:47:25", "100", "https://search.censys.io/hosts/44.245.0.39", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-07-23 16:01:49", "1559829", "164.92.238.177:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:44:42", "100", "https://search.censys.io/hosts/164.92.238.177", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-07-23 16:01:40", "1559828", "45.81.23.43:444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:47:40", "100", "https://search.censys.io/hosts/45.81.23.43", "AS49870,AS49870-BV,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-07-23 16:01:35", "1559827", "92.249.61.30:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:49:13", "100", "https://search.censys.io/hosts/92.249.61.30", "AS212219,AsyncRAT,C2,censys,HOSTINGDUNYAM,RAT", "0", "DonPasci" "2025-07-23 16:01:19", "1559826", "43.205.82.171:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-07-24 10:47:22", "100", "https://search.censys.io/hosts/43.205.82.171", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci" "2025-07-23 16:00:55", "1559825", "38.54.30.22:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:21:13", "100", "https://search.censys.io/hosts/38.54.30.22", "AS138915,C2,censys,CobaltStrike,cs-watermark-0,KAOPU-HK", "0", "DonPasci" "2025-07-23 16:00:52", "1559824", "43.138.22.149:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:51:32", "100", "https://search.censys.io/hosts/43.138.22.149", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-07-23 16:00:44", "1559823", "8.140.22.103:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:21:17", "100", "https://search.censys.io/hosts/8.140.22.103", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-07-23 16:00:37", "1559822", "47.122.152.65:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:00:28", "100", "https://search.censys.io/hosts/47.122.152.65", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-07-23 15:20:27", "1559821", "https://acetjjxl.top/agjn", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/6b715e8feeb3258e7b087ec2f6a49c421cfadc55af15a9cd157a6e6c34186d4d/", "lumma", "0", "abuse_ch" "2025-07-23 15:18:26", "1559820", "http://172.94.96.95/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS207184,TELCHAK GOLD VENTURES (PRIVATE) LIMITED,unam", "0", "antiphishorg" "2025-07-23 14:56:43", "1559815", "https://markets.globalequity360.com/viewDashboard", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-07-23 14:56:42", "1559816", "markets.globalequity360.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2025-07-23 14:10:20", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-07-23 14:56:42", "1559817", "207.90.236.243:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-07-23 14:56:41", "1559818", "178.130.47.243:80", "ip:port", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "25", "https://app.any.run/tasks/1e28f8a6-65d1-478f-aa93-435d0feb0a1f", "None", "0", "pitachu" "2025-07-23 14:20:23", "1559819", "143.92.61.180:80", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-07-23 13:45:57", "1559814", "https://stfota.xyz/toxz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/6cecb28cd305a419493ab69862a83c610462e1329374986c9e3542e1088206e3/", "lumma", "0", "abuse_ch" "2025-07-23 13:45:50", "1559813", "https://ondcvxe.top/xkdz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/6cecb28cd305a419493ab69862a83c610462e1329374986c9e3542e1088206e3/", "lumma", "0", "abuse_ch" "2025-07-23 13:42:45", "1559811", "172.245.4.250:16070", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-07-23 13:42:45", "1559812", "172.245.4.250:16090", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-07-23 13:41:38", "1559810", "http://45.84.227.95:8080/", "url", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "", "50", "https://urlscan.io/result/01983784-aa86-743e-a90b-b65242a2df6c", "c2,chaos,urlscan", "0", "juroots" "2025-07-23 13:41:07", "1559809", "https://66.129.66.16/mailgust/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/01983784-3089-7788-b85c-8dd23d64bbbe", "amadey,c2,urlscan", "0", "juroots" "2025-07-23 13:41:06", "1559808", "https://66.129.66.16/maillist/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/01983784-2ca3-7689-8961-a81ff24f444d", "amadey,c2,urlscan", "0", "juroots" "2025-07-23 13:40:06", "1559807", "45.77.162.217:800", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2025-07-23 13:39:59", "1559806", "62.113.59.146:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://www.shodan.io/host/62.113.59.146#443", "c2,havoc,shodan", "0", "juroots" "2025-07-23 13:39:43", "1559805", "145.82.183.176:3460", "ip:port", "botnet_cc", "win.poison_ivy", "SPIVY,pivy,poisonivy", "Poison Ivy", "", "50", "https://www.shodan.io/host/145.82.183.176#3460", "c2,poison_ivy,shodan", "0", "juroots" "2025-07-23 13:39:26", "1559804", "155.94.155.157:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/155.94.155.157#1604", "c2,darkcomet,shodan", "0", "juroots" "2025-07-23 13:39:03", "1559802", "54.147.50.180:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 04:04:06", "50", "https://www.shodan.io/host/54.147.50.180#443", "c2,gophish,phishing,shodan", "0", "juroots" "2025-07-23 13:39:03", "1559803", "52.220.84.38:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 04:04:06", "50", "https://www.shodan.io/host/52.220.84.38#443", "c2,gophish,phishing,shodan", "0", "juroots" "2025-07-23 13:38:25", "1559801", "20.235.39.5:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/20.235.39.5#31337", "c2,shodan,sliver", "0", "juroots" "2025-07-23 13:38:24", "1559796", "149.28.255.228:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/149.28.255.228#31337", "c2,shodan,sliver", "0", "juroots" "2025-07-23 13:38:24", "1559797", "170.238.45.40:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/170.238.45.40#31337", "c2,shodan,sliver", "0", "juroots" "2025-07-23 13:38:24", "1559798", "139.59.44.30:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/139.59.44.30#31337", "c2,shodan,sliver", "0", "juroots" "2025-07-23 13:38:24", "1559799", "45.38.20.58:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/45.38.20.58#31337", "c2,shodan,sliver", "0", "juroots" "2025-07-23 13:38:24", "1559800", "104.248.142.64:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/104.248.142.64#31337", "c2,shodan,sliver", "0", "juroots" "2025-07-23 13:38:23", "1559792", "185.28.84.46:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/185.28.84.46#31337", "c2,shodan,sliver", "0", "juroots" "2025-07-23 13:38:23", "1559793", "31.129.108.115:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/31.129.108.115#31337", "c2,shodan,sliver", "0", "juroots" "2025-07-23 13:38:23", "1559794", "85.198.82.179:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/85.198.82.179#31337", "c2,shodan,sliver", "0", "juroots" "2025-07-23 13:38:23", "1559795", "206.189.1.112:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/206.189.1.112#31337", "c2,shodan,sliver", "0", "juroots" "2025-07-23 13:37:57", "1559790", "5.161.55.85:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/5.161.55.85#80", "c2,cobaltstrike,shodan", "0", "juroots" "2025-07-23 13:37:57", "1559791", "124.222.74.146:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/124.222.74.146#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-07-23 13:37:56", "1559788", "43.138.22.149:8086", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/43.138.22.149#8086", "c2,cobaltstrike,shodan", "0", "juroots" "2025-07-23 13:37:56", "1559789", "47.122.158.243:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.122.158.243#80", "c2,cobaltstrike,shodan", "0", "juroots" "2025-07-23 13:37:55", "1559787", "35.92.61.165:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 13:37:57", "50", "https://www.shodan.io/host/35.92.61.165#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-07-23 13:37:37", "1559786", "196.251.116.69:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 13:37:56", "50", "https://www.shodan.io/host/196.251.116.69#4433", "c2,cobaltstrike,cs-watermark-678358251,shodan", "0", "juroots" "2025-07-23 13:37:20", "1559784", "47.237.120.206:444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 13:37:57", "50", "https://www.shodan.io/host/47.237.120.206#444", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-07-23 13:37:20", "1559785", "109.205.213.106:12525", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 13:37:55", "50", "https://www.shodan.io/host/109.205.213.106#12525", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-07-23 13:37:17", "1559783", "116.55.209.90:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 13:37:57", "50", "https://www.shodan.io/host/116.55.209.90#8888", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-07-23 13:37:16", "1559780", "43.138.22.149:8085", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 13:37:56", "50", "https://www.shodan.io/host/43.138.22.149#8085", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-07-23 13:37:16", "1559781", "154.3.33.103:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 13:37:56", "50", "https://www.shodan.io/host/154.3.33.103#8443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-07-23 13:37:16", "1559782", "47.122.51.211:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:21", "50", "https://www.shodan.io/host/47.122.51.211#80", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-07-23 13:02:00", "1559779", "http://45.131.65.57/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-07-23 13:00:38", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-07-23 12:24:09", "1559778", "http://193.233.16.35/api/YTAsODYsODIsOWQsYTEsODgsOTAsOTUsNjUsN2Qs", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "75", "", "SmartLoader", "0", "tcains1" "2025-07-23 12:06:34", "1559756", "nageiaju.pics", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "100", "", "None", "0", "pitachu" "2025-07-23 12:06:34", "1559757", "http://43.250.174.240:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 06:39:50", "100", "None", "AS62468,supershell,VpsQuan L.L.C.", "0", "antiphishorg" "2025-07-23 12:03:18", "1559777", "htht1-21140.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250723-lytvdavxdw", "C2,domain,njrat,triage", "0", "DonPasci" "2025-07-23 12:03:16", "1559776", "34.32.121.27:80", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/34.32.121.27", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,PowershellEmpire", "0", "DonPasci" "2025-07-23 12:03:02", "1559775", "115.29.211.107:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/115.29.211.107", "ALIBABA-CN-NET,AS37963,C2,censys,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-07-23 12:02:40", "1559774", "45.134.225.90:7000", "ip:port", "botnet_cc", "win.bit_rat", "None", "BitRAT", "2025-07-24 04:03:43", "100", "https://search.censys.io/hosts/45.134.225.90", "AS213438,BitRAT,C2,censys,COLOCATEL-INC,RAT", "0", "DonPasci" "2025-07-23 12:02:25", "1559772", "144.172.101.181:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:44:08", "100", "https://search.censys.io/hosts/144.172.101.181", "AS14956,C2,censys,Mythic,ROUTERHOSTING", "0", "DonPasci" "2025-07-23 12:02:25", "1559773", "https://psycibdz.shop/xlad", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250723-mhsg2sel5w", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-23 12:02:15", "1559771", "196.251.69.242:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:46:06", "100", "https://search.censys.io/hosts/196.251.69.242", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-07-23 12:02:09", "1559770", "172.94.1.232:81", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:44:56", "100", "https://search.censys.io/hosts/172.94.1.232", "AS212238,AsyncRAT,C2,CDNEXT,censys,RAT", "0", "DonPasci" "2025-07-23 12:02:04", "1559769", "185.196.10.29:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:45:33", "100", "https://search.censys.io/hosts/185.196.10.29", "AS42624,AsyncRAT,C2,censys,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-07-23 12:01:57", "1559768", "1.13.164.149:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 04:02:32", "100", "https://search.censys.io/hosts/1.13.164.149", "AS45090,C2,censys,Supershell,TENCENT-NET-AP", "0", "DonPasci" "2025-07-23 12:01:52", "1559767", "45.141.215.235:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250723-mn51bsvzez", "AS210558,C2,quasar,rat,triage", "0", "DonPasci" "2025-07-23 12:01:39", "1559766", "206.123.149.194:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-07-24 10:46:23", "100", "https://search.censys.io/hosts/206.123.149.194", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2025-07-23 12:01:32", "1559765", "173.249.28.102:2565", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-07-24 10:45:01", "100", "https://search.censys.io/hosts/173.249.28.102", "AS51167,C2,censys,CONTABO,RAT,Remcos", "0", "DonPasci" "2025-07-23 12:01:24", "1559764", "149.88.86.89:8080", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-07-24 04:02:12", "100", "https://search.censys.io/hosts/149.88.86.89", "AS142032,C2,censys,Gh0st,HFTCL-AS-AP,RAT", "0", "DonPasci" "2025-07-23 12:01:07", "1559763", "47.122.135.192:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:02:05", "100", "https://search.censys.io/hosts/47.122.135.192", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 12:00:58", "1559762", "47.110.32.175:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:21", "100", "https://search.censys.io/hosts/47.110.32.175", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 12:00:45", "1559761", "43.138.22.149:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:51:32", "100", "https://search.censys.io/hosts/43.138.22.149", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-07-23 12:00:43", "1559760", "another-expedia.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250723-mqnh3avzgt", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-23 12:00:34", "1559759", "110.41.12.167:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:50:13", "100", "https://search.censys.io/hosts/110.41.12.167", "AS55990,C2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2025-07-23 12:00:31", "1559758", "106.52.241.166:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:01:37", "100", "https://search.censys.io/hosts/106.52.241.166", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-07-23 11:36:52", "1559747", "117.50.172.208:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "evilgophish,panel", "1", "BlinkzSec" "2025-07-23 11:36:52", "1559749", "https://moruk.xyz/tag/buy.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114902246390735094", "SmartApeSG", "0", "monitorsg" "2025-07-23 11:36:52", "1559750", "moruk.xyz", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-23 11:12:28", "100", "https://infosec.exchange/@monitorsg/114902246390735094", "SmartApeSG", "0", "monitorsg" "2025-07-23 11:36:51", "1559751", "https://moruk.xyz/tag/buffer.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114902246390735094", "SmartApeSG", "0", "monitorsg" "2025-07-23 11:36:50", "1559754", "https://eveloungeyyc.com/bezs.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114902246390735094", "SmartApeSG", "0", "monitorsg" "2025-07-23 11:36:49", "1559752", "https://eveloungeyyc.com/lal1.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114902246390735094", "SmartApeSG", "0", "monitorsg" "2025-07-23 11:36:49", "1559753", "eveloungeyyc.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-23 11:12:31", "100", "https://infosec.exchange/@monitorsg/114902246390735094", "SmartApeSG", "0", "monitorsg" "2025-07-23 11:25:42", "1559755", "91.219.239.22:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/013cefb6299d98a05613896a42fbaf73826149faa8e4f65ab2199598367dd04c/", "xworm", "0", "abuse_ch" "2025-07-23 11:10:37", "1559748", "https://t.me/pawpawasc", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9be4bae7dcdb65306f2d9705080781961011570a6e114b7d21f1b39099993a5b/", "lumma", "0", "abuse_ch" "2025-07-23 10:15:05", "1559744", "perfoxd.xyz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-23 10:15:04", "1559745", "stfota.xyz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-23 10:15:04", "1559746", "ondcvxe.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-23 09:55:15", "1559743", "149.30.242.248:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-07-23 09:40:11", "1559742", "http://cj46418.tw1.ru/5fefa906.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-07-23 08:52:27", "1559741", "178.128.212.39:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:51:05", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-23 08:50:41", "1559740", "sciencemagazine.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:49:40", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-23 08:48:57", "1559739", "54.36.163.184:8384", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-07-24 10:48:17", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-23 08:48:49", "1559738", "51.89.229.188:5007", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-07-24 10:48:06", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-23 08:47:43", "1559737", "34.198.206.81:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-07-24 10:46:58", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-23 08:46:06", "1559735", "182.30.92.201:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-07-24 10:45:27", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-23 08:46:06", "1559736", "182.30.92.214:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-07-24 10:45:27", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-23 08:44:43", "1559734", "149.109.82.74:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-07-24 10:44:17", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-07-23 08:30:21", "1559733", "45.134.142.6:57489", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-07-23 08:02:41", "1559732", "155.94.155.250:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-07-23 08:02:08", "1559731", "18.153.210.162:1963", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:45:16", "100", "https://search.censys.io/hosts/18.153.210.162", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-23 08:02:03", "1559730", "51.84.68.56:1099", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:48:06", "100", "https://search.censys.io/hosts/51.84.68.56", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-23 08:01:57", "1559729", "42.119.166.132:4444", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "2025-07-24 04:03:39", "100", "https://search.censys.io/hosts/42.119.166.132", "AS18403,C2,censys,FPT-AS-AP,Orcus,RAT", "0", "DonPasci" "2025-07-23 08:01:48", "1559728", "pastsslv.shop", "domain", "botnet_cc", "apk.hook", "None", "Hook", "2025-07-24 04:03:12", "100", "https://search.censys.io/hosts/196.251.80.35+pastsslv.shop", "AS401120,C2,censys,CHEAPY-HOST,Hookbot", "0", "DonPasci" "2025-07-23 08:01:40", "1559727", "95.217.44.118:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/95.217.44.118", "AS24940,C2,censys,HETZNER-AS,RAT,Sectop", "0", "DonPasci" "2025-07-23 08:01:23", "1559726", "109.172.87.64:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-07-24 10:43:24", "100", "https://search.censys.io/hosts/109.172.87.64", "AS48282,C2,censys,Sliver,VDSINA-AS", "0", "DonPasci" "2025-07-23 08:01:15", "1559725", "167.160.161.198:99", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-07-24 10:44:45", "100", "https://search.censys.io/hosts/167.160.161.198", "AS214943,C2,censys,RAILNET,RAT,Remcos", "0", "DonPasci" "2025-07-23 08:01:12", "1559724", "196.251.81.126:6001", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-07-24 10:46:09", "100", "https://search.censys.io/hosts/196.251.81.126", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-07-23 08:01:02", "1559723", "185.96.166.113:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-07-24 10:45:41", "100", "https://search.censys.io/hosts/185.96.166.113", "AS59466,C2,censys,EUROXP,RAT,Remcos", "0", "DonPasci" "2025-07-23 08:00:57", "1559722", "109.230.231.31:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-07-24 10:43:24", "100", "https://search.censys.io/hosts/109.230.231.31", "ACTIVE-SERVERS,AS197071,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-07-23 08:00:35", "1559721", "8.148.105.246:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:01:57", "100", "https://search.censys.io/hosts/8.148.105.246", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 08:00:34", "1559720", "8.148.105.246:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:01:54", "100", "https://search.censys.io/hosts/8.148.105.246", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 08:00:33", "1559719", "8.148.79.16:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:11", "100", "https://search.censys.io/hosts/8.148.79.16", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 08:00:31", "1559718", "113.45.26.62:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:00:24", "100", "https://search.censys.io/hosts/113.45.26.62", "AS55990,C2,censys,CobaltStrike,cs-watermark-100000,HWCSNET", "0", "DonPasci" "2025-07-23 08:00:30", "1559717", "121.43.152.104:18081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:01:59", "100", "https://search.censys.io/hosts/121.43.152.104", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-07-23 08:00:29", "1559716", "39.104.22.29:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:01:09", "100", "https://search.censys.io/hosts/39.104.22.29", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-07-23 07:55:13", "1559715", "46.246.4.24:5067", "ip:port", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "None", "Vjw0rm", "0", "abuse_ch" "2025-07-23 07:55:07", "1559714", "http://oby2349.giize.com:5067/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-07-23 07:55:04", "1559713", "46.246.4.24:7045", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-07-23 07:47:57", "1559712", "https://icebushes.xyz/bin.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-07-23 07:32:34", "1559707", "www.chrome-update.pro", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2025-07-23 07:15:46", "100", "", "APK,fakeupdates", "0", "HuntYethHounds" "2025-07-23 07:32:34", "1559708", "http://www.chrome-update.pro/morph.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "APK,fakeupdates", "0", "HuntYethHounds" "2025-07-23 07:32:33", "1559709", "randsopskwn.site", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "", "fakeupdates", "0", "HuntYethHounds" "2025-07-23 07:21:06", "1559710", "116.203.14.51:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-07-23 07:21:06", "1559711", "37.27.92.232:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-07-23 06:45:16", "1559706", "91.92.120.133:8467", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-07-23 06:38:39", "1559693", "akwatic-hotel.ci", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-07-23 06:32:45", "1559705", "120.27.160.106:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-07-23 06:32:44", "1559703", "8.148.77.60:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:13", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-23 06:32:44", "1559704", "47.99.150.238:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-23 06:32:43", "1559702", "47.122.135.192:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:02:08", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-23 06:32:23", "1559701", "8.148.79.16:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-23 06:32:22", "1559699", "47.122.158.243:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-23 06:32:22", "1559700", "47.122.49.109:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-23 06:32:21", "1559697", "8.148.79.138:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-23 06:32:21", "1559698", "8.148.78.165:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-23 06:32:20", "1559696", "149.104.29.129:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 04:02:02", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-07-23 06:31:58", "1559695", "81.69.220.187:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-07-23 06:31:55", "1559694", "175.24.47.254:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:01", "100", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2025-07-23 06:23:42", "1559691", "security.guiaodfalear.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-23 06:23:42", "1559692", "nomgerx.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-23 06:23:39", "1559537", "jaclwdc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-23 19:18:40", "50", "", "LummaStealer", "0", "burger" "2025-07-23 06:23:39", "1559539", "jfbd.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-07-23 06:23:38", "1559540", "https://jfbd.com/f/c", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-07-23 06:23:38", "1559541", "https://www.jfbd.com/f/f", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-07-23 06:23:37", "1559546", "hydrillageardes.shop", "domain", "payload_delivery", "win.acr_stealer", "None", "ACR Stealer", "", "100", "", "ACR Stealer", "0", "HuntYethHounds" "2025-07-23 06:23:37", "1559547", "casulahobbuoies.shop", "domain", "payload_delivery", "win.acr_stealer", "None", "ACR Stealer", "", "100", "", "ACR Stealer", "0", "HuntYethHounds" "2025-07-23 06:23:37", "1559548", "otterspromisdes.shop", "domain", "payload_delivery", "win.acr_stealer", "None", "ACR Stealer", "", "100", "", "ACR Stealer", "0", "HuntYethHounds" "2025-07-23 06:23:36", "1559549", "outdonefurniturders.shop", "domain", "payload_delivery", "win.acr_stealer", "None", "ACR Stealer", "", "100", "", "ACR Stealer", "0", "HuntYethHounds" "2025-07-23 06:23:36", "1559552", "proxybuilderservice.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "", "SocGholish", "0", "HuntYethHounds" "2025-07-23 06:23:35", "1559550", "stompinggrounders.shop", "domain", "payload_delivery", "win.acr_stealer", "None", "ACR Stealer", "", "100", "", "ACR Stealer", "0", "HuntYethHounds" "2025-07-23 06:23:34", "1559562", "194.213.18.89:443", "ip:port", "botnet_cc", "win.broomstick", "CLEANBOOST,CleanUp,CleanUpLoader,Oyster", "Broomstick", "", "100", "", "oyster", "0", "tanner" "2025-07-23 06:23:33", "1559567", "eartheea.life", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:06", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-23 06:23:33", "1559568", "glassma.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-23 06:01:07", "1559689", "134.122.177.12:9091", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250723-emlw3atnt3", "AS152194,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-07-23 06:01:07", "1559690", "134.122.177.12:9092", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250723-emlw3atnt3", "AS152194,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-07-23 06:01:06", "1559688", "zg.jackload.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250723-cvsy8ssry8", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2025-07-23 06:01:01", "1559687", "medical-principles.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250723-dqmr4atlv3", "C2,domain,njrat,triage", "0", "DonPasci" "2025-07-23 06:00:56", "1559686", "https://securemega.xyz", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250723-gaptasvjv8", "C2,stealc,stealer,triage", "0", "DonPasci" "2025-07-23 06:00:51", "1559685", "https://stranzv.pics/xlao", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250723-fpclvasxgw", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-23 06:00:32", "1559683", "196.251.86.155:8059", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250723-epp2hatnv2", "AS401120,C2,triage,xworm", "0", "DonPasci" "2025-07-23 06:00:32", "1559684", "program-neutral.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250723-aet59asly7", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-23 05:10:25", "1559681", "https://dev.ip.organica.tv", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-23 16:10:28", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-23 05:10:25", "1559682", "dev.ip.organica.tv", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-23 16:10:28", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-23 04:20:11", "1559680", "134.122.177.12:9090", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-07-23 04:15:03", "1559679", "155.94.155.249:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-07-23 04:05:34", "1559678", "3.83.187.221:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.83.187.221", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:32", "1559677", "52.59.86.84:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.59.86.84", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:30", "1559676", "52.59.86.84:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.59.86.84", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:28", "1559675", "45.10.175.124:10086", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.10.175.124", "AS55933,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:26", "1559674", "31.220.95.101:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/31.220.95.101", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:24", "1559673", "18.140.155.160:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.140.155.160", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:22", "1559672", "41.78.75.244:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/41.78.75.244", "AS37371,censys,GoPhish,HORMUUD,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:20", "1559671", "50.19.179.151:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/50.19.179.151", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:18", "1559670", "18.159.4.171:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.159.4.171", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:15", "1559669", "185.16.61.161:4444", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.16.61.161", "AS197540,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:13", "1559668", "18.195.126.122:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.195.126.122", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:11", "1559667", "89.250.200.30:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/89.250.200.30", "AS41421,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:08", "1559666", "194.37.80.183:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.37.80.183", "AS204548,censys,CLOUDWEBMANAGE-IL-FR,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:05", "1559665", "57.128.223.136:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/57.128.223.136", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:03", "1559664", "57.128.223.136:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/57.128.223.136", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-07-23 04:05:00", "1559663", "15.156.238.124:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/15.156.238.124", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:04:58", "1559662", "40.81.227.247:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/40.81.227.247", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-07-23 04:04:56", "1559661", "54.252.181.85:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.252.181.85", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:04:54", "1559660", "204.44.87.238:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/204.44.87.238", "AS-COLOCROSSING,AS36352,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:04:51", "1559659", "158.220.116.136:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/158.220.116.136", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:04:49", "1559658", "103.235.75.107:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.235.75.107", "AS135444,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:04:47", "1559657", "23.95.198.247:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/23.95.198.247", "AS-COLOCROSSING,AS36352,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:04:45", "1559656", "23.95.198.247:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/23.95.198.247", "AS-COLOCROSSING,AS36352,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:04:43", "1559655", "132.255.20.218:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/132.255.20.218", "AS27951,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-07-23 04:04:42", "1559654", "116.202.19.145:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/116.202.19.145", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-07-23 04:04:33", "1559653", "193.112.206.193:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.112.206.193", "AS45090,censys,Viper", "0", "dyingbreeds_" "2025-07-23 04:04:31", "1559652", "122.51.215.90:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/122.51.215.90", "AS45090,censys,Viper", "0", "dyingbreeds_" "2025-07-23 04:04:29", "1559651", "113.45.188.14:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/113.45.188.14", "AS55990,censys,Viper", "0", "dyingbreeds_" "2025-07-23 04:04:11", "1559650", "85.208.108.228:5000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/85.208.108.228", "AS53363,Botnet,byob,C2,censys,TANGRAM-CANADA-INC", "0", "dyingbreeds_" "2025-07-23 04:03:10", "1559649", "62.60.226.235:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/62.60.226.235", "AS214351,C2,censys,cert,FEMOIT,rhadamanthys,stealer", "0", "DonPasci" "2025-07-23 04:02:39", "1559648", "18.61.119.224:445", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:45:22", "100", "https://search.censys.io/hosts/18.61.119.224", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-23 04:02:36", "1559647", "13.114.15.139:49501", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:43:49", "100", "https://search.censys.io/hosts/13.114.15.139", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-23 04:02:33", "1559646", "93.232.99.226:81", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:49:15", "100", "https://search.censys.io/hosts/93.232.99.226", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci" "2025-07-23 04:02:31", "1559645", "181.12.248.204:5610", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:45:23", "100", "https://search.censys.io/hosts/181.12.248.204", "AS7303,C2,censys,Netsupport,RAT,Telecom", "0", "DonPasci" "2025-07-23 04:02:23", "1559644", "194.79.46.110:7000", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-07-23 04:03:37", "100", "https://search.censys.io/hosts/194.79.46.110", "AS49545,C2,censys,Quasar,RAT,STROYTELECOM-YUG-AS", "0", "DonPasci" "2025-07-23 04:02:18", "1559643", "46.101.158.51:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:47:44", "100", "https://search.censys.io/hosts/46.101.158.51", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-07-23 04:02:15", "1559642", "184.83.83.47:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:45:29", "100", "https://search.censys.io/hosts/184.83.83.47", "AS11232,C2,censys,MIDCO-NET,Mythic", "0", "DonPasci" "2025-07-23 04:02:08", "1559641", "185.126.64.49:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/185.126.64.49", "AS214927,C2,censys,PSB-AS,RAT,Sectop", "0", "DonPasci" "2025-07-23 04:02:05", "1559640", "89.185.80.219:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/89.185.80.219", "AS215540,C2,censys,GCS-AS,RAT,Sectop", "0", "DonPasci" "2025-07-23 04:02:02", "1559639", "185.93.89.56:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/185.93.89.56", "AS213790,C2,censys,LIMITEDNETWORK-AS,RAT,Sectop", "0", "DonPasci" "2025-07-23 04:02:00", "1559638", "83.222.191.223:15647", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/83.222.191.223", "AS204428,C2,censys,RAT,Sectop,SS-NET", "0", "DonPasci" "2025-07-23 04:01:59", "1559637", "83.222.191.223:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/83.222.191.223", "AS204428,C2,censys,RAT,Sectop,SS-NET", "0", "DonPasci" "2025-07-23 04:01:56", "1559636", "45.74.8.89:83", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:47:36", "100", "https://search.censys.io/hosts/45.74.8.89", "AS3223,AsyncRAT,C2,censys,RAT,VOXILITY", "0", "DonPasci" "2025-07-23 04:01:45", "1559635", "164.92.224.52:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/164.92.224.52", "AS14061,C2,censys,DIGITALOCEAN-ASN,open-dir,payload,Sliver", "0", "DonPasci" "2025-07-23 04:01:40", "1559634", "139.180.136.101:53", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2025-07-24 10:44:01", "100", "https://search.censys.io/hosts/139.180.136.101", "AS-VULTR,AS20473,C2,censys,Pupy,RAT", "0", "DonPasci" "2025-07-23 04:01:19", "1559632", "59.110.12.179:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:21:16", "100", "https://search.censys.io/hosts/59.110.12.179", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 04:01:19", "1559633", "182.160.2.66:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:05", "100", "https://search.censys.io/hosts/182.160.2.66", "AS136907,C2,censys,CobaltStrike,cs-watermark-666666666,HWCLOUDS-AS-AP", "0", "DonPasci" "2025-07-23 04:01:18", "1559631", "8.148.31.196:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:01:34", "100", "https://search.censys.io/hosts/8.148.31.196", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 04:01:15", "1559630", "8.148.23.98:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:18", "100", "https://search.censys.io/hosts/8.148.23.98", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 04:01:10", "1559629", "47.122.117.96:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:12", "100", "https://search.censys.io/hosts/47.122.117.96", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 04:01:04", "1559628", "8.148.77.56:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:21:11", "100", "https://search.censys.io/hosts/8.148.77.56", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 04:00:59", "1559627", "8.148.20.98:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:12", "100", "https://search.censys.io/hosts/8.148.20.98", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-23 04:00:40", "1559626", "82.156.202.136:20001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:01:10", "100", "https://search.censys.io/hosts/82.156.202.136", "AS45090,C2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci" "2025-07-23 04:00:34", "1559625", "156.224.79.193:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:20", "100", "https://search.censys.io/hosts/156.224.79.193", "AkileCloud,AS61112,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-07-23 04:00:25", "1559624", "113.45.129.135:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:00:53", "100", "https://search.censys.io/hosts/113.45.129.135", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-07-23 04:00:12", "1559623", "47.237.153.209:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:00:47", "100", "https://search.censys.io/hosts/47.237.153.209", "AS45102,C2,censys", "0", "dyingbreeds_" "2025-07-23 03:25:43", "1559622", "https://glassma.live/alpz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/89b87ee6778b2c3349c1a18d6f4e75b8c29031695460d452fb4fbe5add6f3902/", "lumma", "0", "abuse_ch" "2025-07-23 03:25:33", "1559621", "https://eartheea.life/itiz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/89b87ee6778b2c3349c1a18d6f4e75b8c29031695460d452fb4fbe5add6f3902/", "lumma", "0", "abuse_ch" "2025-07-23 03:15:08", "1559620", "http://a0595798.xsph.ru/asynccdn.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-07-23 03:10:04", "1559619", "147.185.221.30:6048", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-07-23 01:40:19", "1559618", "144.172.91.74:7709", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-07-23 00:06:53", "1559617", "http://logickplatformsystems.boats:8080/updater?for=5120D3FEDD36EAC912DB54C863CE59BB", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "GoProxy", "0", "abuse_ch" "2025-07-23 00:01:56", "1559616", "102.96.170.230:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:43:07", "100", "https://search.censys.io/hosts/102.96.170.230", "AS36925,ASMedi,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-23 00:01:54", "1559615", "146.19.215.141:9090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-07-24 10:44:12", "100", "https://search.censys.io/hosts/146.19.215.141", "ADVIN-AS,AS206216,C2,censys,DcRAT,RAT", "0", "DonPasci" "2025-07-23 00:01:50", "1559614", "42.116.61.184:4444", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "2025-07-23 04:03:59", "100", "https://search.censys.io/hosts/42.116.61.184", "AS18403,C2,censys,FPT-AS-AP,Orcus,RAT", "0", "DonPasci" "2025-07-23 00:01:46", "1559613", "34.100.150.65:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-24 10:46:56", "100", "https://search.censys.io/hosts/34.100.150.65", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Havoc", "0", "DonPasci" "2025-07-23 00:01:40", "1559612", "111.90.151.59:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-23 04:03:20", "100", "https://search.censys.io/hosts/111.90.151.59", "AS45839,C2,censys,Mythic,SHINJIRU-MY-AS-AP", "0", "DonPasci" "2025-07-23 00:01:38", "1559611", "102.117.167.7:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:43:06", "100", "https://search.censys.io/hosts/102.117.167.7", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-07-23 00:01:36", "1559610", "84.32.190.72:82", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-23 04:03:08", "100", "https://search.censys.io/hosts/84.32.190.72", "AS59642,C2,censys,CHERRYSERVERS2-AS,Mythic", "0", "DonPasci" "2025-07-23 00:01:24", "1559609", "124.198.132.250:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:43:43", "100", "https://search.censys.io/hosts/124.198.132.250", "AS210558,AsyncRAT,C2,censys,RAT,SERVICES-1337-GMBH", "0", "DonPasci" "2025-07-23 00:01:21", "1559608", "172.111.248.132:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:44:52", "100", "https://search.censys.io/hosts/172.111.248.132", "AS212238,AsyncRAT,C2,CDNEXT,censys,RAT", "0", "DonPasci" "2025-07-23 00:01:08", "1559607", "52.91.190.99:8000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/52.91.190.99", "AMAZON-AES,AS14618,C2,censys,open-dir,payload,Sliver", "0", "DonPasci" "2025-07-23 00:01:03", "1559606", "194.48.248.59:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-07-24 10:45:57", "100", "https://search.censys.io/hosts/194.48.248.59", "ALEXHOST,AS200019,C2,censys,Sliver", "0", "DonPasci" "2025-07-23 00:00:38", "1559605", "101.34.66.77:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:01:45", "100", "https://search.censys.io/hosts/101.34.66.77", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-07-23 00:00:34", "1559604", "185.38.142.214:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:01:42", "100", "https://search.censys.io/hosts/185.38.142.214", "AS47674,C2,censys,CobaltStrike,cs-watermark-987654321,NETSOLUTIONS", "0", "DonPasci" "2025-07-23 00:00:30", "1559603", "47.109.58.47:8989", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:00:59", "100", "https://search.censys.io/hosts/47.109.58.47", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-07-22 22:06:37", "1559602", "152.89.218.72:7705", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-07-22 21:25:24", "1559601", "147.185.221.30:26979", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-07-22 21:25:10", "1559600", "129.28.85.210:55112", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-07-24 04:01:13", "100", "None", "Meterpreter", "0", "abuse_ch" "2025-07-22 20:50:55", "1559599", "47.120.48.100:8443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-07-24 10:51:50", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-07-22 20:50:03", "1559598", "161.97.149.235:587", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-07-24 10:51:00", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-07-22 20:49:00", "1559597", "www.goodle.cyou", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:49:44", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-22 20:48:22", "1559596", "86.126.224.214:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-07-24 10:49:02", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-07-22 20:44:22", "1559594", "158.255.213.22:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2025-07-24 10:44:30", "75", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-07-22 20:44:22", "1559595", "158.255.213.22:63421", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2025-07-24 10:44:30", "75", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-07-22 20:43:07", "1559593", "103.141.50.146:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-07-24 10:43:08", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-07-22 20:40:22", "1559592", "47.239.1.95:26868", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-07-22 20:02:02", "1559590", "155.94.155.173:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-07-22 20:02:02", "1559591", "155.94.155.226:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-07-22 20:01:44", "1559589", "13.250.125.176:80", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/13.250.125.176", "AMAZON-02,AS16509,C2,censys,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-07-22 20:01:35", "1559587", "s798860.foxcdn.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-23 04:04:21", "100", "https://search.censys.io/hosts/185.92.74.43+s798860.foxcdn.net", "AS200904,C2,censys,FOXCLOUD,panel,Unam", "0", "DonPasci" "2025-07-22 20:01:35", "1559588", "172.94.96.95:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-23 04:04:23", "100", "https://search.censys.io/hosts/172.94.96.95", "AS207184,C2,censys,panel,TELCHAK-AS,Unam", "0", "DonPasci" "2025-07-22 20:01:22", "1559585", "145.223.69.2:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-24 10:44:11", "100", "https://search.censys.io/hosts/145.223.69.2", "AS215311,C2,censys,Havoc,REGXA-CLOUD", "0", "DonPasci" "2025-07-22 20:01:22", "1559586", "145.223.69.2:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-24 10:44:11", "100", "https://search.censys.io/hosts/145.223.69.2", "AS215311,C2,censys,Havoc,REGXA-CLOUD", "0", "DonPasci" "2025-07-22 20:01:21", "1559584", "185.250.207.163:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-24 10:45:38", "100", "https://search.censys.io/hosts/185.250.207.163", "AS211381,C2,censys,Havoc,PODAON", "0", "DonPasci" "2025-07-22 20:01:19", "1559583", "102.219.210.202:8090", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-07-23 04:03:33", "100", "https://search.censys.io/hosts/102.219.210.202", "AS328856,C2,censys,Quasar,RAT,VIJIJI-CONNECT-LIMITED", "0", "DonPasci" "2025-07-22 20:01:18", "1559582", "207.180.232.158:3000", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-07-23 04:03:26", "100", "https://search.censys.io/hosts/207.180.232.158", "AS51167,C2,censys,CONTABO,Hookbot", "0", "DonPasci" "2025-07-22 20:01:17", "1559580", "165.227.143.23:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:44:43", "100", "https://search.censys.io/hosts/165.227.143.23", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-07-22 20:01:17", "1559581", "139.162.190.174:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:44:01", "100", "https://search.censys.io/hosts/139.162.190.174", "AKAMAI-LINODE-AP,AS63949,C2,censys,Mythic", "0", "DonPasci" "2025-07-22 20:01:13", "1559579", "45.94.47.104:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/45.94.47.104", "AS57043,C2,censys,HOSTKEY-AS,RAT,Sectop", "0", "DonPasci" "2025-07-22 20:00:57", "1559578", "170.64.232.216:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-07-24 10:44:48", "100", "https://search.censys.io/hosts/170.64.232.216", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-07-22 20:00:48", "1559577", "65.20.82.213:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2025-07-24 10:48:27", "100", "https://search.censys.io/hosts/65.20.82.213", "AS-VULTR,AS20473,C2,censys,Pupy,RAT", "0", "DonPasci" "2025-07-22 20:00:47", "1559576", "85.239.55.40:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://search.censys.io/hosts/85.239.55.40", "AS62005,BV-EU-AS,C2,censys,RAT,SpiceRAT", "0", "DonPasci" "2025-07-22 20:00:45", "1559575", "178.209.246.120:2222", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "2025-07-23 04:01:57", "100", "https://search.censys.io/hosts/178.209.246.120", "AS12714,C2,censys,DarkComet,MEGAFON-AS,RAT", "0", "DonPasci" "2025-07-22 20:00:30", "1559573", "111.229.80.204:7001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:01:52", "100", "https://search.censys.io/hosts/111.229.80.204", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-07-22 20:00:30", "1559574", "111.229.80.204:7000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:01:50", "100", "https://search.censys.io/hosts/111.229.80.204", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-07-22 20:00:28", "1559572", "154.12.22.142:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:00:37", "100", "https://search.censys.io/hosts/154.12.22.142", "AS142032,C2,censys,CobaltStrike,cs-watermark-100000,HFTCL-AS-AP", "0", "DonPasci" "2025-07-22 20:00:27", "1559571", "121.43.152.104:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:03", "100", "https://search.censys.io/hosts/121.43.152.104", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-07-22 20:00:26", "1559569", "121.40.76.3:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:21:17", "100", "https://search.censys.io/hosts/121.40.76.3", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-07-22 20:00:26", "1559570", "185.38.142.214:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:01:38", "100", "https://search.censys.io/hosts/185.38.142.214", "AS47674,C2,censys,CobaltStrike,cs-watermark-987654321,NETSOLUTIONS", "0", "DonPasci" "2025-07-22 18:51:06", "1559566", "23.95.61.136:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:51:20", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-22 18:49:25", "1559565", "ns2.vmupdate.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:49:37", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-22 18:49:24", "1559564", "ns1.vmupdate.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 10:49:36", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-22 18:15:39", "1559563", "206.123.145.172:7676", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-07-22 18:01:16", "1559560", "104.238.191.68:80", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250722-wedn6axygx", "AS20473,C2,njrat,triage", "0", "DonPasci" "2025-07-22 18:01:16", "1559561", "heo.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250722-tg63dayjs5", "C2,domain,njrat,triage", "0", "DonPasci" "2025-07-22 18:00:57", "1559559", "https://pennkavs.top/toox", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250722-vpbrwaymw8", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-22 18:00:56", "1559558", "https://restauun.top/algk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250722-vqlcpsej5t", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-22 18:00:44", "1559557", "selection-links.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250722-t8wqqadq3x", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-07-22 18:00:39", "1559554", "ygfbasync.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250722-pqn6psbq5z", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-22 18:00:39", "1559555", "tvsanarch.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250722-pqn6psbq5z", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-22 18:00:39", "1559556", "venomfhd.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250722-pqn6psbq5z", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-22 18:00:38", "1559553", "reservamarina0011.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250722-scmx9sdj6x", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-22 17:40:10", "1559551", "106.14.1.192:9999", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "None", "Meterpreter", "0", "abuse_ch" "2025-07-22 17:15:15", "1559545", "43.250.173.179:8080", "ip:port", "botnet_cc", "win.fatal_rat", "Sainbox RAT", "FatalRat", "", "100", "None", "FatalRAT", "0", "abuse_ch" "2025-07-22 17:10:27", "1559543", "https://test.www.organica.tv", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-23 07:20:30", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-22 17:10:27", "1559544", "test.www.organica.tv", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-23 07:20:49", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-22 16:45:07", "1559542", "103.59.160.219:1912", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "None", "RedLineStealer", "0", "abuse_ch" "2025-07-22 16:25:26", "1559538", "216.9.225.51:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-07-22 16:15:44", "1559536", "45.192.218.158:443", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-07-22 16:03:47", "1559535", "208.72.155.9:7712", "ip:port", "botnet_cc", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "100", "None", "AurotunStealer", "0", "abuse_ch" "2025-07-22 16:02:56", "1559534", "119.167.205.150:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "https://search.censys.io/hosts/119.167.205.150", "AS4837,C2,censys,CHINA169-BACKBONE,RAT", "0", "DonPasci" "2025-07-22 16:02:53", "1559533", "8.211.5.170:1337", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/8.211.5.170", "ALIBABA-CN-NET,AS45102,C2,censys,Starkillerc2", "0", "DonPasci" "2025-07-22 16:02:44", "1559532", "185.194.175.132:5000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://search.censys.io/hosts/185.194.175.132", "AS206163,C2,censys,open-dir,TBTNET-TELEKOM,Xworm", "0", "DonPasci" "2025-07-22 16:02:38", "1559531", "212.193.2.162:50001", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/212.193.2.162", "AS26383,ASNET,C2,censys,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-07-22 16:02:35", "1559530", "124.220.51.88:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/124.220.51.88", "AS45090,C2,censys,hacktool,Mimikatz,open-dir,TENCENT-NET-AP", "0", "DonPasci" "2025-07-22 16:02:11", "1559529", "16.63.137.205:20000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:44:34", "100", "https://search.censys.io/hosts/16.63.137.205", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-22 16:02:07", "1559528", "16.63.137.205:3550", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:44:34", "100", "https://search.censys.io/hosts/16.63.137.205", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-22 16:02:03", "1559527", "34.254.158.94:4730", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:46:58", "100", "https://search.censys.io/hosts/34.254.158.94", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-22 16:01:56", "1559526", "78.163.49.248:81", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-07-23 04:03:53", "100", "https://search.censys.io/hosts/78.163.49.248", "AS9121,C2,censys,RAT,TTNET,Venom", "0", "DonPasci" "2025-07-22 16:01:51", "1559525", "4.213.161.104:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-24 10:47:15", "100", "https://search.censys.io/hosts/4.213.161.104", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-07-22 16:01:47", "1559524", "93.95.231.28:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-24 10:49:16", "100", "https://search.censys.io/hosts/93.95.231.28", "AS44925,C2,censys,Havoc,THE-1984-AS", "0", "DonPasci" "2025-07-22 16:01:41", "1559523", "46.101.246.74:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:47:44", "100", "https://search.censys.io/hosts/46.101.246.74", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-07-22 16:01:37", "1559522", "34.1.135.57:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 10:46:56", "100", "https://search.censys.io/hosts/34.1.135.57", "AS15169,C2,censys,GOOGLE,Mythic", "0", "DonPasci" "2025-07-22 16:01:01", "1559521", "47.111.8.116:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 06:31:55", "100", "https://search.censys.io/hosts/47.111.8.116", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike", "0", "DonPasci" "2025-07-22 16:00:52", "1559520", "111.229.80.204:20001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:01:49", "100", "https://search.censys.io/hosts/111.229.80.204", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-07-22 16:00:45", "1559519", "8.148.104.223:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:21", "100", "https://search.censys.io/hosts/8.148.104.223", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-22 16:00:37", "1559518", "8.140.22.103:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:20", "100", "https://search.censys.io/hosts/8.140.22.103", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-07-22 16:00:31", "1559517", "8.130.161.225:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 06:32:48", "100", "https://search.censys.io/hosts/8.130.161.225", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-07-22 16:00:18", "1559351", "arb-swap.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "c2", "0", "GurmanPatrick" "2025-07-22 16:00:15", "1559502", "brainbotfilebeatsave.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-07-22 16:00:14", "1559503", "vericlyd.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-07-22 16:00:13", "1559505", "https://mordpdv.xyz/rgfx", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 16:00:13", "1559506", "https://adviykk.top/bmnd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 16:00:13", "1559507", "https://imphybg.top/djur", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 16:00:12", "1559508", "https://comstmo.digital/pal", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 16:00:11", "1559509", "https://t.me/asdasdasdsds12", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 16:00:11", "1559510", "https://myozyi.lat/aplx", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 16:00:11", "1559511", "https://fradpf.top/taiw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 16:00:10", "1559512", "https://astrotg.world/lOAksj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 16:00:10", "1559513", "https://pinepx.pics/xplh", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 16:00:09", "1559514", "https://t.me/yrtysfg", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 16:00:08", "1559515", "https://t.me/my_flowers_my", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 16:00:08", "1559516", "https://t.me/sdkfkkflls", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm" "2025-07-22 15:20:31", "1559504", "https://genusuvk.xyz/mngs", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/02dca612bb625739eae13396c7f54088671b2be19bb7e0eb6441a233fffffdbf/", "lumma", "0", "abuse_ch" "2025-07-22 14:01:00", "1559348", "genuschs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-23 19:18:38", "100", "", "None", "0", "pitachu" "2025-07-22 14:01:00", "1559349", "throseu.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-23 19:18:40", "100", "", "None", "0", "pitachu" "2025-07-22 14:01:00", "1559350", "djibbg.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "None", "0", "pitachu" "2025-07-22 13:40:52", "1559343", "world-safest.asia", "domain", "botnet_cc", "win.amadey", "None", "Amadey", "", "25", "https://app.any.run/tasks/1f219c99-c9f6-4e26-a9c1-7a543ba22f92", "None", "0", "pitachu" "2025-07-22 13:40:51", "1559344", "teplinks.co.ke", "domain", "botnet_cc", "win.amadey", "None", "Amadey", "", "25", "https://app.any.run/tasks/1f219c99-c9f6-4e26-a9c1-7a543ba22f92", "None", "0", "pitachu" "2025-07-22 13:40:51", "1559345", "176.46.157.32:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "", "25", "https://app.any.run/tasks/1f219c99-c9f6-4e26-a9c1-7a543ba22f92", "None", "0", "pitachu" "2025-07-22 13:40:50", "1559346", "195.133.88.180:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "", "25", "https://app.any.run/tasks/1f219c99-c9f6-4e26-a9c1-7a543ba22f92", "None", "0", "pitachu" "2025-07-22 13:31:02", "1559342", "https://t.me/gafagd4", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2144207c1a122498f32c574d7f7be0238a2a5424188443bd5e980ed7097b6176/", "lumma", "0", "abuse_ch" "2025-07-22 13:31:00", "1559341", "https://t.me/asgfdgha4", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/bccf2951c42b748568df470bdd739f93fb1a0c95540806cd042dc18a92572007/", "lumma", "0", "abuse_ch" "2025-07-22 13:30:51", "1559340", "https://porzxgnw.lat/twoi", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/bccf2951c42b748568df470bdd739f93fb1a0c95540806cd042dc18a92572007/", "lumma", "0", "abuse_ch" "2025-07-22 13:30:48", "1559339", "https://nageiaju.pics/vkah", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2144207c1a122498f32c574d7f7be0238a2a5424188443bd5e980ed7097b6176/", "lumma", "0", "abuse_ch" "2025-07-22 13:30:46", "1559338", "https://mosaicia.top/zlap", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2144207c1a122498f32c574d7f7be0238a2a5424188443bd5e980ed7097b6176/", "lumma", "0", "abuse_ch" "2025-07-22 13:30:43", "1559337", "https://keepnody.top/tiow", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2144207c1a122498f32c574d7f7be0238a2a5424188443bd5e980ed7097b6176/", "lumma", "0", "abuse_ch" "2025-07-22 13:30:38", "1559336", "https://familkqo.xyz/xlak", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2144207c1a122498f32c574d7f7be0238a2a5424188443bd5e980ed7097b6176/", "lumma", "0", "abuse_ch" "2025-07-22 13:27:24", "1559332", "calc.diversifieddebtsolutions.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2025-07-22 13:15:48", "100", "https://infosec.exchange/@monitorsg/114897053672038329", "SocGholish", "0", "monitorsg" "2025-07-22 13:27:24", "1559333", "https://calc.diversifieddebtsolutions.com/viewDashboard", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-07-22 13:27:24", "1559334", "104.194.222.88:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-07-22 13:27:23", "1559335", "rubidin.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-23 19:18:39", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-07-22 12:49:37", "1559331", "download.microsoftwindows.biz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 01:48:49", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-22 12:12:05", "1559329", "https://vartaslowblogisfera.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "Latrodectus,Whenasked", "0", "abuse_ch" "2025-07-22 12:12:05", "1559330", "https://narvadriftbide.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "Latrodectus,Whenasked", "0", "abuse_ch" "2025-07-22 12:11:03", "1559328", "bkp.mail.organica.tv", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-23 07:20:49", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-22 12:11:02", "1559327", "https://bkp.mail.organica.tv", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-23 07:20:30", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-22 12:03:56", "1559326", "kinky82.zapto.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "https://tria.ge/250722-htzchsgp2x", "C2,cybergate,domain,rat,triage", "0", "DonPasci" "2025-07-22 12:03:50", "1559325", "phephelipinho.no-ip.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "https://tria.ge/250722-hycdjsgp6x", "C2,cybergate,domain,rat,triage", "0", "DonPasci" "2025-07-22 12:01:38", "1559324", "202.182.124.254:5555", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/202.182.124.254", "AdaptixC2,AS-VULTR,AS20473,C2,censys", "0", "DonPasci" "2025-07-22 12:01:34", "1559321", "192.228.143.187:5672", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/192.228.143.187", "AS9930,C2,censys,hacktool,Mimikatz,open-dir,TTNET-MY", "0", "DonPasci" "2025-07-22 12:01:34", "1559322", "192.228.143.187:26018", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/192.228.143.187", "AS9930,C2,censys,hacktool,Mimikatz,open-dir,TTNET-MY", "0", "DonPasci" "2025-07-22 12:01:34", "1559323", "192.228.143.187:25", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/192.228.143.187", "AS9930,C2,censys,hacktool,Mimikatz,open-dir,TTNET-MY", "0", "DonPasci" "2025-07-22 12:01:33", "1559318", "192.228.143.187:5903", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/192.228.143.187", "AS9930,C2,censys,hacktool,Mimikatz,open-dir,TTNET-MY", "0", "DonPasci" "2025-07-22 12:01:33", "1559319", "192.228.143.187:58603", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/192.228.143.187", "AS9930,C2,censys,hacktool,Mimikatz,open-dir,TTNET-MY", "0", "DonPasci" "2025-07-22 12:01:33", "1559320", "192.228.143.187:35953", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/192.228.143.187", "AS9930,C2,censys,hacktool,Mimikatz,open-dir,TTNET-MY", "0", "DonPasci" "2025-07-22 12:01:32", "1559317", "192.228.143.187:1336", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/192.228.143.187", "AS9930,C2,censys,hacktool,Mimikatz,open-dir,TTNET-MY", "0", "DonPasci" "2025-07-22 12:01:11", "1559315", "15.188.146.16:833", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:44:19", "100", "https://search.censys.io/hosts/15.188.146.16", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-22 12:01:11", "1559316", "16.51.151.204:1080", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-24 10:44:33", "100", "https://search.censys.io/hosts/16.51.151.204", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-07-22 12:01:05", "1559312", "https://civimd.top/tito", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250722-mtsl7aan9t", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-22 12:01:05", "1559313", "https://getupb.lat/atkk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250722-jsv45sttgx", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-22 12:01:05", "1559314", "https://ummact.top/aktr", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250722-hnclkagn3y", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-22 12:00:58", "1559311", "186.190.211.108:8080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-24 10:45:41", "100", "https://search.censys.io/hosts/186.190.211.108", "AS-GLOBALTELEHOST,AS63023,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-07-22 12:00:57", "1559310", "123.253.111.23:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-23 04:02:40", "100", "https://search.censys.io/hosts/123.253.111.23", "AS134823,C2,censys,SDCL-AS-AP,Supershell", "0", "DonPasci" "2025-07-22 12:00:43", "1559308", "217.156.123.93:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-07-24 10:46:35", "100", "https://search.censys.io/hosts/217.156.123.93", "ALEXHOST,AS200019,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-07-22 12:00:43", "1559309", "mar-vietnamese.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250722-kee2fahm5y", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-07-22 12:00:33", "1559307", "procesos2025.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250722-msyrtaan7y", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-07-22 12:00:28", "1559303", "120.26.218.41:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:01:21", "100", "https://search.censys.io/hosts/120.26.218.41", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-22 12:00:28", "1559304", "republic-ins.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250722-ltv7mshr21", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-22 12:00:28", "1559305", "photography-tools.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250722-ll9p3atxgt", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-22 12:00:28", "1559306", "8.148.69.182:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:20", "100", "https://search.censys.io/hosts/8.148.69.182", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-22 12:00:27", "1559301", "8.148.31.69:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-24 06:20:12", "100", "https://search.censys.io/hosts/8.148.31.69", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-22 12:00:27", "1559302", "8.148.23.98:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:01:25", "100", "https://search.censys.io/hosts/8.148.23.98", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-22 12:00:26", "1559300", "38.14.254.133:2096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-23 04:00:31", "100", "https://search.censys.io/hosts/38.14.254.133", "AROSS-AS,AS400619,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-22 11:40:27", "1559299", "176.65.128.104:5888", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-07-22 11:10:58", "1559288", "genusuvk.xyz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-22 11:10:58", "1559290", "keepnody.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-22 11:10:57", "1559289", "mosaicia.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-24 09:19:07", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-22 11:10:56", "1559291", "familkqo.xyz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-23 19:18:38", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-22 11:10:55", "1559293", "https://headtechnologies.xyz/sourcetag/enroll.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114896570012341513", "SmartApeSG", "0", "monitorsg" "2025-07-22 11:10:55", "1559294", "headtechnologies.xyz", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-23 06:42:24", "100", "https://infosec.exchange/@monitorsg/114896570012341513", "SmartApeSG", "0", "monitorsg" "2025-07-22 11:10:55", "1559295", "https://headtechnologies.xyz/sourcetag/buffer.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114896570012341513", "SmartApeSG", "0", "monitorsg" "2025-07-22 11:10:54", "1559296", "https://clientes.sangrecreativa.com/lal1.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114896570012341513", "SmartApeSG", "0", "monitorsg" "2025-07-22 11:10:54", "1559297", "clientes.sangrecreativa.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114896570012341513", "SmartApeSG", "0", "monitorsg" "2025-07-22 11:10:53", "1559298", "http://www.austinroofs.net/wrbe.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114896570012341513", "SmartApeSG", "0", "monitorsg" # Number of entries: 840