################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2025-05-10 00:16:57 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-05-10 00:16:57", "1519114", "xizaf.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-05-10 00:01:49", "1519113", "3.141.231.53:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.141.231.53", "AMAZON-02,AS16509,censys,EvilGoPhish,panel,Phishing", "0", "DonPasci" "2025-05-10 00:01:33", "1519112", "179.134.104.251:9990", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/179.134.104.251", "AS26599,C2,censys,Netsupport,RAT,TELEFONICA", "0", "DonPasci" "2025-05-10 00:01:28", "1519111", "171.22.28.66:443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/171.22.28.66", "AS19318,C2,censys,IS-AS-1,Quasar,RAT", "0", "DonPasci" "2025-05-10 00:01:27", "1519110", "196.251.80.135:443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/196.251.80.135", "AS401120,C2,censys,CHEAPY-HOST,Quasar,RAT", "0", "DonPasci" "2025-05-10 00:01:26", "1519108", "188.132.129.196:2053", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/188.132.129.196", "AS214036,C2,censys,Hookbot,ULTAHOST-AS", "0", "DonPasci" "2025-05-10 00:01:26", "1519109", "103.116.8.240:50555", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/103.116.8.240", "AS150828,C2,censys,Hookbot,VMONCLOUD-VN", "0", "DonPasci" "2025-05-10 00:01:24", "1519107", "45.149.172.87:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.149.172.87", "AS62240,C2,censys,CLOUVIDER,Mythic", "0", "DonPasci" "2025-05-10 00:01:18", "1519104", "179.13.7.0:8020", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/179.13.7.0", "AS27831,AsyncRAT,C2,censys,Colombia,RAT", "0", "DonPasci" "2025-05-10 00:01:18", "1519105", "176.65.142.189:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.65.142.189", "-Reserved,AS215240,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-05-10 00:01:18", "1519106", "196.251.114.11:888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.114.11", "AS401116,AsyncRAT,C2,censys,NYBULA,RAT", "0", "DonPasci" "2025-05-10 00:01:07", "1519102", "188.130.154.246:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/188.130.154.246", "AS56971,C2,censys,Sliver", "0", "DonPasci" "2025-05-10 00:01:07", "1519103", "139.59.79.75:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/139.59.79.75", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-05-10 00:00:43", "1519100", "123.56.187.48:8008", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/123.56.187.48", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-05-10 00:00:43", "1519101", "43.167.243.22:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.167.243.22", "AS132203,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-05-10 00:00:40", "1519098", "156.251.179.102:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/156.251.179.102", "AS40065,C2,censys,CNSERVERS,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-05-10 00:00:40", "1519099", "8.219.163.113:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.219.163.113", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-05-09 20:54:53", "1518943", "93.82.29.106:8000", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2025-05-10 00:55:13", "75", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-05-09 20:54:25", "1518942", "85.102.244.59:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-05-10 00:54:41", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-05-09 20:53:47", "1518941", "70.31.125.66:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-05-10 00:54:03", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-05-09 20:51:50", "1518940", "39.40.186.30:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-05-10 00:51:54", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-05-09 20:50:58", "1518939", "24.158.32.188:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-05-10 00:51:04", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-05-09 20:50:06", "1518938", "20.138.253.27:448", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-05-10 00:50:13", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-05-09 20:46:41", "1518937", "161.132.68.248:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-05-10 00:46:24", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-05-09 20:11:15", "1518935", "213.209.150.210:8882", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/67dbfc74bebb4384c847b3c7c89b173878eb0e1e8e058a85ba5801b10ff62389/", "asyncrat", "0", "abuse_ch" "2025-05-09 20:10:54", "1518934", "https://rninepicchf.bet/lznd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9e318e8fbdba0bc0f745c0d58ddd5799203dae43437fb3de470c7ead44ba6e49/", "lumma", "0", "abuse_ch" "2025-05-09 20:01:50", "1518876", "8.141.114.174:54681", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-05-10 00:54:18", "100", "https://search.censys.io/hosts/8.141.114.174", "ALIBABA-CN-NET,AS37963,censys,Chaos,panel", "0", "DonPasci" "2025-05-09 20:01:32", "1518875", "179.13.7.0:8010", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-05-10 00:48:02", "100", "https://search.censys.io/hosts/179.13.7.0", "AS27831,C2,censys,Colombia,DcRAT,RAT", "0", "DonPasci" "2025-05-09 20:01:27", "1518874", "47.119.157.245:9999", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/47.119.157.245", "ALIBABA-CN-NET,AS37963,C2,censys,Quasar,RAT", "0", "DonPasci" "2025-05-09 20:01:26", "1518873", "188.132.183.140:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/188.132.183.140", "AS214036,C2,censys,Hookbot,ULTAHOST-AS", "0", "DonPasci" "2025-05-09 20:01:25", "1518870", "102.117.167.141:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/102.117.167.141", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-05-09 20:01:25", "1518871", "103.43.75.230:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.43.75.230", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci" "2025-05-09 20:01:25", "1518872", "https://zmedtipp.live/mnvzx", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9ccfe968b46b9c43056d5cfe626824f586f11791e22161262647fd67f5f05cf1/", "lumma", "0", "abuse_ch" "2025-05-09 20:01:24", "1518869", "209.74.81.48:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-10 00:50:33", "100", "https://search.censys.io/hosts/209.74.81.48", "AS22612,C2,censys,Mythic,NAMECHEAP-NET", "0", "DonPasci" "2025-05-09 20:01:17", "1518868", "176.65.142.189:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:47:45", "100", "https://search.censys.io/hosts/176.65.142.189", "-Reserved,AS215240,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-05-09 20:01:16", "1518867", "176.65.143.147:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:47:48", "100", "https://search.censys.io/hosts/176.65.143.147", "-Reserved,AS215208,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-05-09 20:01:06", "1518866", "https://overcovtcg.top/juhd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9ccfe968b46b9c43056d5cfe626824f586f11791e22161262647fd67f5f05cf1/", "lumma", "0", "abuse_ch" "2025-05-09 20:01:00", "1518864", "176.65.141.187:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/176.65.141.187", "-Reserved,AS215240,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-05-09 20:01:00", "1518865", "196.251.92.126:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:49:57", "100", "https://search.censys.io/hosts/196.251.92.126", "AS401109,C2,censys,RAT,Remcos,ZHONGGUANCUN-CO", "0", "DonPasci" "2025-05-09 20:00:58", "1518863", "https://meteorplyp.live/lekp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9ccfe968b46b9c43056d5cfe626824f586f11791e22161262647fd67f5f05cf1/", "lumma", "0", "abuse_ch" "2025-05-09 20:00:45", "1518862", "https://hunterinrx.run/mnbt", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/7e9c3cddc1273117a1dd9755024432a3f1075bb3680fa89c176d658bc3f1f8f2/", "lumma", "0", "abuse_ch" "2025-05-09 20:00:42", "1518861", "8.134.218.67:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.134.218.67", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-05-09 20:00:40", "1518860", "149.104.25.171:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/149.104.25.171", "AS139659,C2,censys,CobaltStrike,cs-watermark-100000,LUCID-AS-AP", "0", "DonPasci" "2025-05-09 20:00:38", "1518858", "47.111.109.16:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.111.109.16", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-05-09 20:00:38", "1518859", "62.113.107.81:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:58:26", "100", "https://search.censys.io/hosts/62.113.107.81", "AS198610,BEGET-AS,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-05-09 20:00:20", "1518857", "https://cblackljjwc.run/banj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9ccfe968b46b9c43056d5cfe626824f586f11791e22161262647fd67f5f05cf1/", "lumma", "0", "abuse_ch" "2025-05-09 20:00:18", "1518856", "https://blackswmxc.top/bgry", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9ccfe968b46b9c43056d5cfe626824f586f11791e22161262647fd67f5f05cf1/", "lumma", "0", "abuse_ch" "2025-05-09 20:00:16", "1518855", "https://8ninepicchf.bet/lznd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9ccfe968b46b9c43056d5cfe626824f586f11791e22161262647fd67f5f05cf1/", "lumma", "0", "abuse_ch" "2025-05-09 19:15:49", "1518847", "wwwcioudflare.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "clickfix", "0", "juroots" "2025-05-09 19:15:13", "1518846", "https://5grizzlqzuk.live/qhbu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/70cc1f20cf73146b96d6eba742fb3403f0a6aa19b6dced57d134bcae9deeb878/", "lumma", "0", "abuse_ch" "2025-05-09 19:14:57", "1518845", "45.145.41.229:56905", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-05-09 19:13:18", "1518844", "162.250.188.82:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/162.250.188.82#1604", "c2,darkcomet,shodan", "0", "juroots" "2025-05-09 19:13:00", "1518842", "172.86.106.62:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/172.86.106.62#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-09 19:13:00", "1518843", "154.222.16.194:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/154.222.16.194#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-09 19:12:29", "1518841", "110.42.45.117:2083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 19:12:44", "50", "https://www.shodan.io/host/110.42.45.117#2083", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-05-09 19:12:12", "1518840", "47.97.113.36:10010", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 19:12:44", "50", "https://www.shodan.io/host/47.97.113.36#10010", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-05-09 19:01:18", "1518838", "https://xninepicchf.bet/lznd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d353f890a6d20e2a2fa0bd5d4ffee499e2bc6dc187d7b5abe1f4100f4cafd64f/", "lumma", "0", "abuse_ch" "2025-05-09 19:01:08", "1518837", "https://slinsidegrah.run/ieop", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d353f890a6d20e2a2fa0bd5d4ffee499e2bc6dc187d7b5abe1f4100f4cafd64f/", "lumma", "0", "abuse_ch" "2025-05-09 19:00:57", "1518836", "https://nightloqv.run/ihfd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d353f890a6d20e2a2fa0bd5d4ffee499e2bc6dc187d7b5abe1f4100f4cafd64f/", "lumma", "0", "abuse_ch" "2025-05-09 18:55:34", "1518835", "https://kinsidegrah.run/ieop", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/728b3d73a7d96154866b24c36e0ba4c6860034d613bef5879259437e2bbd7997/", "lumma", "0", "abuse_ch" "2025-05-09 18:55:31", "1518834", "https://interpwthc.digital/juab", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/728b3d73a7d96154866b24c36e0ba4c6860034d613bef5879259437e2bbd7997/", "lumma", "0", "abuse_ch" "2025-05-09 18:55:12", "1518833", "https://blackljjwc.run/banj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/728b3d73a7d96154866b24c36e0ba4c6860034d613bef5879259437e2bbd7997/", "lumma", "0", "abuse_ch" "2025-05-09 17:55:10", "1518829", "http://185.62.56.10/index.php", "url", "botnet_cc", "win.koiloader", "None", "Koi Loader", "", "100", "None", "KoiLoader", "0", "abuse_ch" "2025-05-09 17:28:44", "1518818", "wasar.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-09 16:16:20", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 17:28:44", "1518819", "80.66.75.39:416", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 17:28:43", "1518820", "180.178.189.3:420", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 23:44:07", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 17:28:42", "1518821", "180.178.189.3:431", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:44:35", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 17:28:42", "1518822", "76561199845513035", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-09 17:28:41", "1518823", "180.178.189.3:424", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:18:22", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 17:28:41", "1518824", "80.66.75.39:430", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 17:28:41", "1518825", "80.66.75.39:427", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 21:22:48", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 17:28:40", "1518826", "45.155.206.243:22", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-05-09 18:20:05", "75", "None", "Mirai", "0", "elfdigest" "2025-05-09 17:28:40", "1518827", "180.178.189.3:422", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:46:43", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 17:28:39", "1518828", "80.66.75.39:425", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 18:26:28", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 16:05:05", "1518817", "http://mxblog77.cfd/777/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html", "agenda,ransomware,smokeloader", "0", "juroots" "2025-05-09 16:05:04", "1518812", "http://demblog797.xyz/statweb255/index.php", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html", "agenda,ransomware,smokeloader", "0", "juroots" "2025-05-09 16:05:04", "1518813", "http://admlogs457.cfd/statweb255/index.php", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html", "agenda,ransomware,smokeloader", "0", "juroots" "2025-05-09 16:05:04", "1518814", "http://blogmstat599.xyz/statweb255/index.php", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html", "agenda,ransomware,smokeloader", "0", "juroots" "2025-05-09 16:05:04", "1518815", "http://bloglogs757.cfd/statweb255/index.php", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html", "agenda,ransomware,smokeloader", "0", "juroots" "2025-05-09 16:05:04", "1518816", "http://pzh1966.com/statweb255/index.php", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html", "agenda,ransomware,smokeloader", "0", "juroots" "2025-05-09 16:05:03", "1518810", "http://serverlogs295.xyz/statweb255/index.php", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html", "agenda,ransomware,smokeloader", "0", "juroots" "2025-05-09 16:05:03", "1518811", "http://servblog475.cfd/statweb255/index.php", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "50", "https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html", "agenda,ransomware,smokeloader", "0", "juroots" "2025-05-09 16:02:03", "1518808", "https://gentle-chebakia-da1172.netlify.app/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "dogebigballs,ransomware", "0", "juroots" "2025-05-09 16:02:03", "1518809", "https://scintillating-taffy-213dd3.netlify.app/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "dogebigballs,ransomware", "0", "juroots" "2025-05-09 16:01:59", "1518806", "https://98.177.107.142:60446/9tkuuCtbv_U_dz51V3a7EQp5MDcDpINqWhwotIngsQ1uAUwvw5SH/", "url", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,meterpreter,ransomware", "0", "juroots" "2025-05-09 16:01:59", "1518807", "http://69.55.62.10:8080/vq6qtQjsS3-REJAS-Re9rwfH30bYpWOs6cnIRrJZlc36-yn0McKtf-dBnU4R5zvTAXPgcjVaaUeWFYSuwReprrKo4nsCylLGU/", "url", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,meterpreter,ransomware", "0", "juroots" "2025-05-09 16:01:49", "1518805", "34.79.229.30:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-05-10 00:51:30", "100", "https://search.censys.io/hosts/34.79.229.30", "AS396982,censys,Chaos,GOOGLE-CLOUD-PLATFORM,panel", "0", "DonPasci" "2025-05-09 16:01:43", "1518800", "37fbcb3617f3d5e7ff9f7a93d09e5824", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:43", "1518801", "a576d7479c747b1cd3e86626107efc6b", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:43", "1518802", "2e32a74f9d84cbb8c26cfe349ce9cc28", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:43", "1518803", "c6fc909f995cb8eacc349c326419082f", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:43", "1518804", "0b4ce16873ef2359fa80c28880a9439a", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:42", "1518795", "3cbcb76033543d86804985c0c3384dc6", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:42", "1518796", "0c5c3b2c0f32159939aaff000a063c20", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:42", "1518797", "e7a4642d7737c6c83ef8a83175d91503", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:42", "1518798", "c6e348c7e4ec5ac140a19740813face2", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:42", "1518799", "937f2c5bf320eb3f9067812afbc29732", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:41", "1518794", "385b92ee9792a43621b1b17653dca2d3", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:40", "1518785", "34b6dd67b5df9caa8074f064f0814347", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:40", "1518786", "84f0e1faa47023511c2d9fec8f90337c", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:40", "1518787", "65905abd0d3ca7ea30c35f161c9788b7", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:40", "1518788", "21fe09df8f70ea6a78679e2ea56c829a", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:40", "1518789", "607b5bf4f14ced17c22a9ad3ed1f1ea8", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:40", "1518790", "fe300b9b163b0efbca5e9de3db86574d", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:40", "1518791", "8b955eb8d1ecf61dbe4486de14f9e751", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:40", "1518792", "33d3c8205a11fcfd9a418eb226167958", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:40", "1518793", "bee38b1142bb1361055f558f7c59eb21", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:39", "1518783", "1ae5973830c5c43cd25ca81ed4defbf3", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:39", "1518784", "d799c46a9e51ab6597fbdb2a180e9f42", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:38", "1518782", "101c128c248a3051f170423e16c66efe", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:37", "1518780", "118807dc3691bd1669c52b72a8747476", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:37", "1518781", "30e981ef16c9ae87b552a07a38bdcaff", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:36", "1518778", "71eea9205113b7d6741a89398315f472", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:36", "1518779", "591d606814b7b002226c9ef8890bb7a0", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:35", "1518774", "85235abfc2b984ecbd5480f9af1873d7", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:35", "1518775", "9c902af97b7df8af8f9bf60c4f7d32c4", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:35", "1518776", "473c7ab844335b5bc247680fb63fc008", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:35", "1518777", "d6aa5a4c2a5585aab22bc8b65bafd8b2", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:34", "1518773", "e92b6fe0365abe864d6af3e4b7b00cb5", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:33", "1518772", "f11b7713f0a8085418f8914a9dfc61c3", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:32", "1518770", "2.58.56.24:7000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/2.58.56.24", "AS210558,C2,censys,DcRAT,RAT,SERVICES-1337-GMBH", "0", "DonPasci" "2025-05-09 16:01:32", "1518771", "9601df0d00f19965ce25f66d7d2afab8", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://www.netskope.com/blog/new-doge-big-balls-ransomware-tools-in-the-wild", "DOGEBigBalls,ransomware", "0", "juroots" "2025-05-09 16:01:28", "1518768", "35.223.112.67:3389", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:51:35", "100", "https://search.censys.io/hosts/35.223.112.67", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Havoc", "0", "DonPasci" "2025-05-09 16:01:28", "1518769", "34.170.250.223:3389", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:51:25", "100", "https://search.censys.io/hosts/34.170.250.223", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Havoc", "0", "DonPasci" "2025-05-09 16:01:23", "1518767", "209.74.81.48:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-10 00:50:32", "100", "https://search.censys.io/hosts/209.74.81.48", "AS22612,C2,censys,Mythic,NAMECHEAP-NET", "0", "DonPasci" "2025-05-09 16:01:02", "1518766", "94.85.28.4:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-05-09 23:54:27", "100", "https://search.censys.io/hosts/94.85.28.4", "AS3269,ASN-IBSNAZ,C2,censys,Sliver", "0", "DonPasci" "2025-05-09 16:00:45", "1518765", "13.112.114.65:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/13.112.114.65", "AMAZON-02,AS16509,C2,censys,CobaltStrike", "0", "DonPasci" "2025-05-09 16:00:40", "1518764", "47.101.187.219:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.101.187.219", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-05-09 16:00:31", "1518763", "https://hinsidegrah.run/ieop", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/75114b340583d9a9045380bd135307ac39148fb45b047f454de7c495cb67c561/", "lumma", "0", "abuse_ch" "2025-05-09 16:00:12", "1518762", "https://0ninepicchf.bet/lznd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/75114b340583d9a9045380bd135307ac39148fb45b047f454de7c495cb67c561/", "lumma", "0", "abuse_ch" "2025-05-09 15:56:41", "1518761", "a.hbweb.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://securitylabs.datadoghq.com/articles/redisraider-weaponizing-misconfigured-redis/", "RedisRaider", "0", "juroots" "2025-05-09 15:55:54", "1518760", "https://wskninepicchf.bet/lznd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/56ee900a8dc4b83700f081d2cd55ab136684c017e1c0a4eecd1754599c6f46ed/", "lumma", "0", "abuse_ch" "2025-05-09 15:55:25", "1518759", "https://i3ninepicchf.bet/lznd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/eba7e507e00f71e75207c5e18c2a6feda50452686520a888f00742dcf574450b/", "lumma", "0", "abuse_ch" "2025-05-09 15:53:57", "1518758", "zuvul.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-09 15:48:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 15:40:30", "1518757", "wwwc1oudflare.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "clickfix", "0", "juroots" "2025-05-09 15:34:34", "1518756", "5.104.168.62:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "50", "https://www.shodan.io/host/5.104.168.62#80", "c2,gh0st,shodan", "0", "juroots" "2025-05-09 15:34:12", "1518755", "162.254.86.108:8085", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/162.254.86.108#8085", "bruteratel,c2,shodan", "0", "juroots" "2025-05-09 15:32:21", "1518754", "47.108.39.159:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.108.39.159#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-05-09 15:20:58", "1518753", "login.kakao-accounts.kro.kr", "domain", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "", "c2,kimsuky", "0", "juroots" "2025-05-09 15:16:39", "1518752", "http://panel.diicotsec.ru:8080/x/api/endpoint.php", "url", "botnet_cc", "win.xmrig", "None", "xmrig", "", "50", "", "c2,coinminer,xmrig", "0", "juroots" "2025-05-09 15:06:43", "1518749", "https://cpanel.santechplumbing.com/profileLayout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-05-09 15:05:25", "1518751", "panel.diicotsec.ru", "domain", "botnet_cc", "win.xmrig", "None", "xmrig", "", "50", "https://bazaar.abuse.ch/sample/fab54ddfb018ce05c431ffd15bbfc4c343d4c3e87fe2c9e7f7b27f74fb49f8a5/", "c2,coinminer,xmrig", "0", "juroots" "2025-05-09 15:05:24", "1518750", "auto.zerodaypool.ru", "domain", "botnet_cc", "win.xmrig", "None", "xmrig", "", "50", "https://bazaar.abuse.ch/sample/fab54ddfb018ce05c431ffd15bbfc4c343d4c3e87fe2c9e7f7b27f74fb49f8a5/", "c2,coinminer,xmrig", "0", "juroots" "2025-05-09 14:56:00", "1518748", "https://searchilyo.run/gsna", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/99eac79318763b16d9132d81a7d2692c98e2ab713290c71e6fc52f8af790c34b/", "lumma", "0", "abuse_ch" "2025-05-09 14:55:56", "1518747", "https://qhdatawavej.digital/bafy", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/95d20cfbedc5639dcede26190213e5fb088c2ea90a68ad315a162922858a329e/", "lumma", "0", "abuse_ch" "2025-05-09 14:55:55", "1518746", "https://pnoxajb.top/bnbd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/81a9f61ca95f8d1edf2012819238339bef9f53a609e59af1bdb81d42ecd443eb/", "lumma", "0", "abuse_ch" "2025-05-09 14:55:49", "1518745", "https://lvclatteqrpq.digital/kljz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/71be1fecb5161dad585b1aaeec0e9dd12aed26277f62bc3f081a72119f6237ef/", "lumma", "0", "abuse_ch" "2025-05-09 14:55:43", "1518744", "https://insulaey.live/gantb", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/95d20cfbedc5639dcede26190213e5fb088c2ea90a68ad315a162922858a329e/", "lumma", "0", "abuse_ch" "2025-05-09 14:55:36", "1518743", "https://dclatteqrpq.digital/kljz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/99eac79318763b16d9132d81a7d2692c98e2ab713290c71e6fc52f8af790c34b/", "lumma", "0", "abuse_ch" "2025-05-09 14:55:31", "1518742", "https://6civitasu.run/werrp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/95d20cfbedc5639dcede26190213e5fb088c2ea90a68ad315a162922858a329e/", "lumma", "0", "abuse_ch" "2025-05-09 14:50:46", "1518741", "http://diicotsec.ru:8080/v3//receive.php", "url", "botnet_cc", "win.blacknet_rat", "None", "BlackNET RAT", "", "100", "None", "BlackNET", "0", "abuse_ch" "2025-05-09 14:49:27", "1518739", "http://diicotsec.ru:8080/animeNET/login.php", "url", "botnet_cc", "win.blacknet_rat", "None", "BlackNET RAT", "", "50", "https://urlquery.net/report/a2b2a4c2-3aa1-40f7-8fff-0af5916b6896", "blacknet,c2,urlquery", "0", "juroots" "2025-05-09 14:49:27", "1518740", "http://diicotsec.ru:8080/v3/login.php", "url", "botnet_cc", "win.blacknet_rat", "None", "BlackNET RAT", "", "50", "https://urlquery.net/report/90ae5e8a-326b-4dbb-aa7c-20ff5fbefd14", "blacknet,c2,urlquery", "0", "juroots" "2025-05-09 14:46:43", "1518732", "https://my-privatebanker.top/jse/minjs.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114478404892998678", "SmartApeSG", "0", "monitorsg" "2025-05-09 14:46:43", "1518733", "my-privatebanker.top", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-09 14:44:05", "100", "https://infosec.exchange/@monitorsg/114478404892998678", "SmartApeSG", "0", "monitorsg" "2025-05-09 14:46:42", "1518734", "https://my-privatebanker.top/jse/select.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114478404892998678", "SmartApeSG", "0", "monitorsg" "2025-05-09 14:46:42", "1518736", "https://jaagnet.com/rsrs.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114478404892998678", "SmartApeSG", "0", "monitorsg" "2025-05-09 14:46:40", "1518735", "https://my-privatebanker.top/jse/xxx.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114478404892998678", "SmartApeSG", "0", "monitorsg" "2025-05-09 14:46:39", "1518737", "jaagnet.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114478404892998678", "SmartApeSG", "0", "monitorsg" "2025-05-09 14:44:28", "1518738", "https://sleetpotato.icu/art.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-05-09 14:36:29", "1518731", "http://172.171.241.227:8787/", "url", "payload_delivery", "win.mimikatz", "None", "MimiKatz", "", "50", "", "mimikatz,opendir", "0", "juroots" "2025-05-09 14:26:25", "1518730", "http://210.125.101.75/agent.exe", "url", "payload_delivery", "win.meterpreter", "None", "Meterpreter", "", "50", "https://urlquery.net/report/a45312ee-4a35-44a9-a7c8-29f2c848f756", "meterpreter,urlquery", "0", "juroots" "2025-05-09 14:26:24", "1518728", "http://167.250.49.155/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe", "url", "payload_delivery", "win.meterpreter", "None", "Meterpreter", "", "50", "https://urlquery.net/report/9a23a0a3-2daa-424e-8643-5cd5dc83f513", "meterpreter,urlquery", "0", "juroots" "2025-05-09 14:26:24", "1518729", "http://qiniuyunxz.yxflzs.com/msf.exe", "url", "payload_delivery", "win.meterpreter", "None", "Meterpreter", "", "50", "https://urlquery.net/report/1b6ccf43-2a58-4af8-9812-9ac9598f26c8", "meterpreter,urlquery", "0", "juroots" "2025-05-09 14:22:55", "1518726", "quaestort.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-05-09 14:22:55", "1518727", "sidebyafzy.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-05-09 14:22:12", "1518725", "wwwcloudfiare.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "clickfix", "0", "juroots" "2025-05-09 14:21:25", "1518723", "193.161.193.99:64972", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-05-09 14:21:25", "1518724", "209.54.102.133:8078", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-05-09 14:20:55", "1518722", "Mohamed1321-64972.portmap.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-05-09 14:20:39", "1518721", "https://pastebin.com/raw/QD7huvEf", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-05-09 14:20:21", "1518719", "196.251.115.185:43213", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-05-09 14:20:21", "1518720", "20.121.52.1:5708", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-05-09 14:19:58", "1518713", "elrey051526.kozow.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-05-09 14:19:58", "1518714", "selectbrasil.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-05-09 14:19:58", "1518715", "wealthybillionaireman.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-05-09 14:19:58", "1518716", "www.assanalumlnyum.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-05-09 14:19:58", "1518717", "www.ees-ro.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-05-09 14:19:58", "1518718", "www.sermansilian.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-05-09 14:19:03", "1518712", "linda991.mywire.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-05-09 14:18:49", "1518709", "botnet.fkgpt.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-05-09 14:18:49", "1518710", "ccn.fdstat.vip", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-05-09 14:18:49", "1518711", "ssro.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-05-09 14:18:27", "1518706", "45.145.41.229:2130", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-05-09 14:18:27", "1518707", "45.145.41.229:2137", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-05-09 14:18:27", "1518708", "45.145.41.229:3232", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-05-09 14:18:06", "1518700", "ipzsfhmzc.localto.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-05-09 14:18:06", "1518701", "naplet21-56905.portmap.io", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-05-09 14:18:06", "1518702", "ratrat2-21846.portmap.io", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-05-09 14:18:06", "1518703", "ratrat2-28358.portmap.io", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-05-09 14:18:06", "1518704", "ratrat2-28891.portmap.io", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-05-09 14:18:06", "1518705", "ratrat2-33149.portmap.io", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-05-09 14:17:48", "1518699", "floatboatin.ydns.eu", "domain", "botnet_cc", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "50", "", "avemaria,c2", "0", "juroots" "2025-05-09 14:17:18", "1518698", "http://login.kakao-accounts.kro.kr", "url", "payload_delivery", "win.kimsuky", "None", "Kimsuky", "", "50", "https://urlquery.net/report/6699e4b9-2c64-44f9-ad5f-e2c1dae651c0", "c2,kimsuky,urlquery", "0", "juroots" "2025-05-09 14:16:39", "1518697", "http://pilivoqv.beget.tech/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/1b9a6ed6-782e-4729-958c-f9cef0a6a7ec", "c2,unam,urlquery", "0", "juroots" "2025-05-09 14:15:52", "1518696", "https://din.akurasiibl.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196b567-0dbc-70fd-9e02-2bcaf2903323", "c2,fakecaptcha,urlscan", "0", "juroots" "2025-05-09 14:15:43", "1518695", "https://proprtrmsvstr.world/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196b566-ea6e-745b-9ba8-07620f506ae5", "c2,fakecaptcha,urlscan", "0", "juroots" "2025-05-09 14:15:42", "1518694", "https://admin-extr-net.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196b566-e6cf-72d3-b858-d86c29c56899", "c2,fakecaptcha,urlscan", "0", "juroots" "2025-05-09 14:15:41", "1518693", "https://solara-support.github.io/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196b566-dc1c-723f-bbec-658b71a5a294", "c2,fakecaptcha,urlscan", "0", "juroots" "2025-05-09 14:15:08", "1518692", "http://185.147.124.212/d", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196b566-5d75-7131-98d8-ac1f3274344c", "c2,Odyssey,urlscan", "0", "juroots" "2025-05-09 14:14:44", "1518691", "http://217.154.22.37:8080/", "url", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "", "50", "https://urlscan.io/result/0196b566-053d-7388-b0ff-8abcf5a10267", "c2,chaos,urlscan", "0", "juroots" "2025-05-09 14:03:25", "1518683", "privatunis.cfd", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 14:03:24", "1518688", "zmedtipp.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-09 20:09:34", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-09 14:03:23", "1518689", "overcovtcg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-09 20:09:32", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-09 14:03:23", "1518690", "blackswmxc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-09 20:09:33", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-09 14:00:27", "1518687", "http://124.70.158.176:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196b558-ee93-76a9-a0ce-e666a7bd92b4", "c2,supershell,urlscan", "0", "juroots" "2025-05-09 14:00:12", "1518686", "http://216.83.42.230:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196b558-b638-73da-85ee-decb196db82f", "c2,supershell,urlscan", "0", "juroots" "2025-05-09 14:00:11", "1518685", "http://217.197.162.241:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196b558-b08c-7461-8991-ba39a7881b2e", "c2,supershell,urlscan", "0", "juroots" "2025-05-09 14:00:07", "1518684", "http://45.145.228.9:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196b558-9ac0-7278-b190-b2b7175be0a3", "c2,supershell,urlscan", "0", "juroots" "2025-05-09 14:00:04", "1518682", "http://47.96.179.5:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196b558-90c7-76e8-91c4-b3562296eda3", "c2,supershell,urlscan", "0", "juroots" "2025-05-09 13:58:09", "1518681", "91.132.139.150:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/91.132.139.150#80", "c2,mustangpanda,shodan", "0", "juroots" "2025-05-09 13:57:58", "1518680", "3.96.141.164:11300", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/3.96.141.164#11300", "c2,netbus,shodan", "0", "juroots" "2025-05-09 13:57:50", "1518656", "180.178.189.3:426", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:45:08", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:57:49", "1518673", "180.178.189.3:419", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:33:18", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:57:22", "1518679", "209.141.33.132:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/209.141.33.132#443", "c2,Pentegana,shodan", "0", "juroots" "2025-05-09 13:56:39", "1518678", "18.237.255.148:13", "ip:port", "botnet_cc", "win.blackshades", "None", "BlackShades", "", "50", "https://www.shodan.io/host/18.237.255.148#13", "blackshades,c2,shodan", "0", "juroots" "2025-05-09 13:56:07", "1518677", "213.155.195.70:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/213.155.195.70#1604", "c2,darkcomet,shodan", "0", "juroots" "2025-05-09 13:55:55", "1518676", "160.25.7.206:4443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/160.25.7.206#4443", "c2,shodan,villain", "0", "juroots" "2025-05-09 13:55:10", "1518675", "185.75.240.211:4443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/185.75.240.211#4443", "bruteratel,c2,shodan", "0", "juroots" "2025-05-09 13:55:09", "1518674", "212.69.167.73:8443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/212.69.167.73#8443", "bruteratel,c2,shodan", "0", "juroots" "2025-05-09 13:54:08", "1518671", "54.218.66.197:2379", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/54.218.66.197#2379", "c2,netsupport,shodan", "0", "juroots" "2025-05-09 13:54:08", "1518672", "157.175.54.222:13", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/157.175.54.222#13", "c2,netsupport,shodan", "0", "juroots" "2025-05-09 13:54:07", "1518669", "118.122.8.155:1650", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/118.122.8.155#1650", "c2,netsupport,shodan", "0", "juroots" "2025-05-09 13:54:07", "1518670", "13.231.55.89:50100", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/13.231.55.89#50100", "c2,netsupport,shodan", "0", "juroots" "2025-05-09 13:53:47", "1518668", "89.111.173.134:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/89.111.173.134#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-09 13:53:44", "1518666", "5.35.125.77:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/5.35.125.77#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-09 13:53:44", "1518667", "178.128.214.21:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/178.128.214.21#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-09 13:53:43", "1518663", "196.251.116.232:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/196.251.116.232#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-09 13:53:43", "1518664", "23.95.247.74:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/23.95.247.74#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-09 13:53:43", "1518665", "34.87.122.145:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/34.87.122.145#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-09 13:53:19", "1518662", "35.200.198.66:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/35.200.198.66#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2025-05-09 13:52:48", "1518661", "211.86.146.70:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/211.86.146.70#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-05-09 13:52:47", "1518660", "86.107.101.112:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/86.107.101.112#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-05-09 13:52:46", "1518658", "18.254.72.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/18.254.72.220#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-05-09 13:52:46", "1518659", "158.247.206.56:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 13:52:48", "50", "https://www.shodan.io/host/158.247.206.56#8443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-05-09 13:52:45", "1518657", "34.169.179.154:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/34.169.179.154#80", "c2,cobaltstrike,shodan", "0", "juroots" "2025-05-09 13:51:26", "1518634", "https://packedbrick.com/IB4zUEmTzFv831zG2HSjRlSntuq8fJ6Q0-JaBCv4v6g", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "KeitaroTDS,SocGholish", "0", "threatcat_ch" "2025-05-09 13:51:25", "1518639", "180.178.189.3:416", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:06:02", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:24", "1518635", "80.66.75.39:418", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 13:14:12", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:24", "1518636", "80.66.75.39:428", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 20:27:19", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:23", "1518637", "cpanel.santechplumbing.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "2025-05-09 15:01:07", "100", "https://infosec.exchange/@monitorsg/114478047983459455", "SocGholish", "0", "monitorsg" "2025-05-09 13:51:23", "1518638", "huliq.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-09 13:17:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 13:51:22", "1518640", "80.66.75.39:422", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 17:53:26", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:22", "1518641", "180.178.189.3:429", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:20:30", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:22", "1518643", "180.178.189.3:423", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:52:37", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:21", "1518642", "80.66.75.39:429", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:21", "1518644", "80.66.75.39:421", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 18:46:39", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:20", "1518645", "180.178.189.3:425", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:43:31", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:20", "1518646", "80.66.75.39:424", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 18:08:21", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:19", "1518647", "180.178.189.3:417", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:36:01", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:19", "1518650", "180.178.189.3:430", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 23:27:32", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:18", "1518648", "80.66.75.39:419", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 20:58:20", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:18", "1518649", "180.178.189.3:428", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:30:39", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:18", "1518652", "80.66.75.39:423", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 17:37:04", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:17", "1518653", "180.178.189.3:421", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:21:02", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:17", "1518654", "180.178.189.3:418", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-09 23:53:41", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:51:16", "1518655", "80.66.75.39:417", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2025-05-10 00:42:59", "100", "None", "backconnect,proxy_cfg,Tofsee", "0", "Bitsight" "2025-05-09 13:36:08", "1518651", "196.251.118.131:2005", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-09 19:54:26", "75", "https://bazaar.abuse.ch/sample/62e3c9074362450d6bb286ed1cc75d4ac55b5bd2e88ce64ecada3e2e0727c1c4/", "remcos", "0", "abuse_ch" "2025-05-09 13:01:06", "1518633", "62.217.178.168:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:58:26", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-09 12:59:49", "1518632", "39.101.75.126:2096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:57:33", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-09 12:59:03", "1518631", "166.88.100.85:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:56:51", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-09 12:58:48", "1518630", "154.219.109.205:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:56:38", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-09 12:58:11", "1518629", "121.37.25.79:2053", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:56:05", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-09 12:57:47", "1518628", "113.45.225.150:8899", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:55:45", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-09 12:57:24", "1518627", "103.171.35.26:7443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:55:23", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-09 12:57:04", "1518626", "www.tsesec.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:55:05", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-09 12:56:56", "1518625", "qq.vnifnifnie.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:54:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-09 12:56:34", "1518624", "cntax.it.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:54:41", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-09 12:56:26", "1518623", "afn00ws82z1yf.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:54:35", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-09 12:55:47", "1518587", "ponek.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-09 10:57:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 12:55:47", "1518592", "218.30.103.224:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-09 12:55:47", "1518593", "54.157.200.163:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-09 12:55:45", "1518595", "101.201.80.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 12:00:39", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-09 12:45:25", "1518622", "https://bulgecont.run/gaoh", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/072f0ec1fc8f5d650fdd3b346fab313251ab4a56a02dba6d4aa698ad847dce8c/", "lumma", "0", "abuse_ch" "2025-05-09 12:01:51", "1518621", "47.109.83.12:7100", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/47.109.83.12", "ALIBABA-CN-NET,AS37963,C2,censys,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-05-09 12:01:25", "1518619", "115.79.224.62:6000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/115.79.224.62", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci" "2025-05-09 12:01:25", "1518620", "193.233.113.35:4449", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/193.233.113.35", "AS215826,C2,censys,PARTNER-HOSTING-LTD,RAT,Venom", "0", "DonPasci" "2025-05-09 12:01:24", "1518617", "34.9.238.133:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:51:30", "100", "https://search.censys.io/hosts/34.9.238.133", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Havoc", "0", "DonPasci" "2025-05-09 12:01:24", "1518618", "34.9.238.133:3389", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:51:30", "100", "https://search.censys.io/hosts/34.9.238.133", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Havoc", "0", "DonPasci" "2025-05-09 12:01:23", "1518615", "212.232.22.202:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:50:36", "100", "https://search.censys.io/hosts/212.232.22.202", "AS215117,C2,censys,Havoc,HOSTERDADDY", "0", "DonPasci" "2025-05-09 12:01:23", "1518616", "34.173.145.169:3389", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:51:26", "100", "https://search.censys.io/hosts/34.173.145.169", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Havoc", "0", "DonPasci" "2025-05-09 12:01:20", "1518614", "46.202.166.197:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/46.202.166.197", "AS-HOSTINGER,AS47583,C2,censys,Hookbot", "0", "DonPasci" "2025-05-09 12:01:19", "1518613", "193.233.254.100:2053", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/193.233.254.100", "AS215826,C2,censys,Hookbot,PARTNER-HOSTING-LTD", "0", "DonPasci" "2025-05-09 12:01:14", "1518612", "196.251.86.13:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:49:56", "100", "https://search.censys.io/hosts/196.251.86.13", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-05-09 12:01:13", "1518610", "128.90.113.42:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:44:33", "100", "https://search.censys.io/hosts/128.90.113.42", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-05-09 12:01:13", "1518611", "196.251.73.133:5555", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:49:51", "100", "https://search.censys.io/hosts/196.251.73.133", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-05-09 12:01:12", "1518608", "3.239.212.84:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:51:14", "100", "https://search.censys.io/hosts/3.239.212.84", "AMAZON-AES,AS14618,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-05-09 12:01:12", "1518609", "128.90.113.42:4000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:44:32", "100", "https://search.censys.io/hosts/128.90.113.42", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-05-09 12:01:09", "1518607", "45.129.3.220:80", "ip:port", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "", "90", "https://search.censys.io/hosts/45.129.3.220", "AS51659,ASBAXET,C2,censys,RAT,ShadowPad", "0", "DonPasci" "2025-05-09 12:01:08", "1518606", "78.141.221.31:443", "ip:port", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "", "90", "https://search.censys.io/hosts/78.141.221.31", "AS-VULTR,AS20473,C2,censys,RAT,ShadowPad", "0", "DonPasci" "2025-05-09 12:01:00", "1518604", "121.37.189.77:9100", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-05-10 00:44:20", "100", "https://search.censys.io/hosts/121.37.189.77", "AS55990,C2,censys,HWCSNET,Sliver", "0", "DonPasci" "2025-05-09 12:01:00", "1518605", "157.245.103.84:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-05-10 00:46:10", "100", "https://search.censys.io/hosts/157.245.103.84", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-05-09 12:00:56", "1518601", "162.246.185.77:4699", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:46:32", "100", "https://search.censys.io/hosts/162.246.185.77", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2025-05-09 12:00:56", "1518602", "188.93.233.101:8443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:48:45", "100", "https://search.censys.io/hosts/188.93.233.101", "AS47674,C2,censys,NETSOLUTIONS,RAT,Remcos", "0", "DonPasci" "2025-05-09 12:00:56", "1518603", "78.70.235.238:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:54:14", "100", "https://search.censys.io/hosts/78.70.235.238", "AS3301,C2,censys,RAT,Remcos,TELIANET-SWEDEN", "0", "DonPasci" "2025-05-09 12:00:55", "1518600", "196.251.85.124:2004", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:49:55", "100", "https://search.censys.io/hosts/196.251.85.124", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-05-09 12:00:42", "1518599", "43.139.240.201:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:57:42", "100", "https://search.censys.io/hosts/43.139.240.201", "AS45090,C2,censys,CobaltStrike,cs-watermark-305419896,TENCENT-NET-AP", "0", "DonPasci" "2025-05-09 12:00:40", "1518598", "121.40.159.30:9000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/121.40.159.30", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-05-09 12:00:39", "1518597", "154.12.20.34:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:56:36", "100", "https://search.censys.io/hosts/154.12.20.34", "AS142032,C2,censys,CobaltStrike,cs-watermark-666666666,HFTCL-AS-AP", "0", "DonPasci" "2025-05-09 12:00:36", "1518596", "103.241.74.243:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/103.241.74.243", "AS152194,C2,censys,CobaltStrike,cs-watermark-987654321,CTGSERVERLIMITED-AS-AP", "0", "DonPasci" "2025-05-09 11:20:37", "1518591", "https://taleweaiver.run/toibnh", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/3aa3267ea9c8e98869d744d08985d9dea179f86aeff81142a585d86c2cd6e3c2/", "lumma", "0", "abuse_ch" "2025-05-09 11:20:35", "1518590", "https://sjawdedmirror.run/ewqd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/3aa3267ea9c8e98869d744d08985d9dea179f86aeff81142a585d86c2cd6e3c2/", "lumma", "0", "abuse_ch" "2025-05-09 11:15:31", "1518589", "https://fowlflright.digital/qopy", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ec2effc4937b27ce986a7a2f65a816c259e64e0674f6f99f68ef15dbc329357a/", "lumma", "0", "abuse_ch" "2025-05-09 10:56:22", "1518588", "103.140.154.111:2443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-05-09 23:55:22", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-05-09 10:15:47", "1518583", "meteorplyp.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-09 10:15:46", "1518582", "cokok.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-09 09:46:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 10:15:46", "1518585", "blackljjwc.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-09 20:06:51", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-09 10:15:45", "1518584", "interpwthc.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-09 20:09:32", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-09 10:15:44", "1518586", "demuq.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-09 10:17:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 09:25:51", "1518579", "https://architrata.com/drive/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-05-09 14:11:09", "50", "", "latrodectus", "0", "plebourhis" "2025-05-09 09:25:50", "1518580", "https://carflotyup.com/drive/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-05-09 14:11:09", "50", "", "latrodectus", "0", "plebourhis" "2025-05-09 09:25:50", "1518581", "103.77.241.3:2023", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "None", "Moobot", "0", "elfdigest" "2025-05-09 09:08:15", "1518556", "curol.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-09 06:26:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 08:56:56", "1518558", "ximyt.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-09 07:17:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 08:53:38", "1518578", "75.119.159.249:8082", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:54:05", "75", "None", "drb-ra,Havoc", "0", "abuse_ch" "2025-05-09 08:01:38", "1518577", "nervous-mccarthy.154-53-165-98.plesk.page", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.53.165.98+nervous-mccarthy.154-53-165-98.plesk.page", "AS62425,C2,censys,KUZEYDC,panel,Unam", "0", "DonPasci" "2025-05-09 08:01:25", "1518575", "3.25.173.186:82", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:51:15", "100", "https://search.censys.io/hosts/3.25.173.186", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-05-09 08:01:25", "1518576", "3.25.173.186:2082", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:51:15", "100", "https://search.censys.io/hosts/3.25.173.186", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-05-09 08:01:21", "1518573", "172.86.110.217:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:47:22", "100", "https://search.censys.io/hosts/172.86.110.217", "AS14956,C2,censys,Havoc,ROUTERHOSTING", "0", "DonPasci" "2025-05-09 08:01:21", "1518574", "172.86.110.217:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:47:21", "100", "https://search.censys.io/hosts/172.86.110.217", "AS14956,C2,censys,Havoc,ROUTERHOSTING", "0", "DonPasci" "2025-05-09 08:01:20", "1518571", "185-143-241-98.verelox.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/185.143.241.98+185-143-241-98.verelox.com", "AS52073,C2,censys,Havoc,I2SNETWORK", "0", "DonPasci" "2025-05-09 08:01:20", "1518572", "196.251.86.20:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:49:56", "100", "https://search.censys.io/hosts/196.251.86.20", "AS401120,C2,censys,CHEAPY-HOST,Havoc", "0", "DonPasci" "2025-05-09 08:01:17", "1518569", "188.132.183.140:2053", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/188.132.183.140", "AS214036,C2,censys,Hookbot,ULTAHOST-AS", "0", "DonPasci" "2025-05-09 08:01:17", "1518570", "103.116.8.240:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/103.116.8.240", "AS150828,C2,censys,Hookbot,VMONCLOUD-VN", "0", "DonPasci" "2025-05-09 08:01:16", "1518568", "srv35062473.ultasrv.net", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/212.224.107.135+srv35062473.ultasrv.net", "AS44066,C2,censys,DE-FIRSTCOLO,Hookbot", "0", "DonPasci" "2025-05-09 08:01:15", "1518566", "149.248.51.122:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-10 00:45:33", "100", "https://search.censys.io/hosts/149.248.51.122", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci" "2025-05-09 08:01:15", "1518567", "31.172.74.201:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-10 00:51:21", "100", "https://search.censys.io/hosts/31.172.74.201", "AS16003,C2,censys,FORNEX-NL-AS,Mythic", "0", "DonPasci" "2025-05-09 08:01:10", "1518564", "196.251.114.11:222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:49:32", "100", "https://search.censys.io/hosts/196.251.114.11", "AS401116,AsyncRAT,C2,censys,NYBULA,RAT", "0", "DonPasci" "2025-05-09 08:01:10", "1518565", "196.251.114.11:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:49:33", "100", "https://search.censys.io/hosts/196.251.114.11", "AS401116,AsyncRAT,C2,censys,NYBULA,RAT", "0", "DonPasci" "2025-05-09 08:01:09", "1518563", "94.26.90.69:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-09 23:54:26", "100", "https://search.censys.io/hosts/94.26.90.69", "AS214943,AsyncRAT,C2,censys,RAILNET,RAT", "0", "DonPasci" "2025-05-09 08:00:59", "1518562", "20.2.234.165:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/20.2.234.165", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,open-dir,payload,Sliver", "0", "DonPasci" "2025-05-09 08:00:40", "1518561", "43.139.240.201:8389", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:57:42", "100", "https://search.censys.io/hosts/43.139.240.201", "AS45090,C2,censys,CobaltStrike,cs-watermark-305419896,TENCENT-NET-AP", "0", "DonPasci" "2025-05-09 08:00:37", "1518560", "38.165.21.124:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/38.165.21.124", "AS967,C2,censys,CobaltStrike,cs-watermark-100000,VMISS-", "0", "DonPasci" "2025-05-09 08:00:35", "1518559", "167.99.76.115:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:56:52", "100", "https://search.censys.io/hosts/167.99.76.115", "AS14061,C2,censys,CobaltStrike,cs-watermark-987654321,DIGITALOCEAN-ASN", "0", "DonPasci" "2025-05-09 06:40:04", "1518557", "http://146.158.127.185:41312/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf" "2025-05-09 06:15:37", "1518555", "https://vinsidegrah.run/ieop", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dcae71ef628fe69043928102796bc97033c5a40ca4d4504fddc8259c3a525fbc/", "lumma", "0", "abuse_ch" "2025-05-09 06:15:34", "1518554", "https://rhomewappzb.top/tqba", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dcae71ef628fe69043928102796bc97033c5a40ca4d4504fddc8259c3a525fbc/", "lumma", "0", "abuse_ch" "2025-05-09 06:15:31", "1518553", "https://kgrizzlqzuk.live/qhbu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dcae71ef628fe69043928102796bc97033c5a40ca4d4504fddc8259c3a525fbc/", "lumma", "0", "abuse_ch" "2025-05-09 05:36:07", "1518542", "178.128.251.127:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/178.128.251.127", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-09 05:36:07", "1518543", "54.154.114.105:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.154.114.105", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-09 05:36:07", "1518544", "91.99.15.48:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/91.99.15.48", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-05-09 05:36:06", "1518545", "15.228.82.215:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/15.228.82.215", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-09 05:36:06", "1518546", "154.247.240.8:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-05-10 00:45:55", "100", "https://search.censys.io/hosts/154.247.240.8", "ALGTEL-AS,AS36947,C2,censys", "0", "dyingbreeds_" "2025-05-09 05:36:05", "1518538", "213.157.40.164:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/213.157.40.164", "AS8393,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-09 05:36:05", "1518539", "149.104.28.134:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/149.104.28.134", "AS139659,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-09 05:36:05", "1518540", "38.128.250.180:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/38.128.250.180", "AS400130,censys,GoPhish,Phishing,SERV3R", "0", "dyingbreeds_" "2025-05-09 05:36:05", "1518541", "161.35.207.1:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.35.207.1", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-09 05:36:04", "1518537", "93.125.114.39:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/93.125.114.39", "AS56740,censys,DATAHATA-AS,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-09 05:36:03", "1518529", "47.108.140.10:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.108.140.10", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-05-09 05:36:03", "1518531", "123.56.187.48:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/123.56.187.48", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-05-09 05:36:02", "1518530", "120.46.183.147:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/120.46.183.147", "AS55990,censys,Viper", "0", "dyingbreeds_" "2025-05-09 05:36:01", "1518526", "freeresolve.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.208.187.156+freeresolve.com", "AMAZON-AES,AS14618,C2,censys,Mythic", "0", "dyingbreeds_" "2025-05-09 05:36:01", "1518528", "143.92.48.137:8000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-05-10 00:45:08", "100", "https://search.censys.io/hosts/143.92.48.137", "AS152194,C2,censys,RAT", "0", "dyingbreeds_" "2025-05-09 05:36:00", "1518525", "tempoestil.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.132.51.146+tempoestil.com", "AS3132,C2,censys,Mythic", "0", "dyingbreeds_" "2025-05-09 05:36:00", "1518527", "188.55.203.226:1337", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-05-09 04:01:14", "100", "https://search.censys.io/hosts/188.55.203.226", "AS25019,C2,censys,RAT,SAUDINETSTC-AS", "0", "dyingbreeds_" "2025-05-09 05:35:59", "1518524", "43.242.200.223:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 04:00:34", "100", "https://search.censys.io/hosts/43.242.200.223", "AS142032,C2,censys", "0", "dyingbreeds_" "2025-05-09 05:35:58", "1518522", "202.95.12.160:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:57:18", "100", "https://search.censys.io/hosts/202.95.12.160", "AS152194,C2,censys", "0", "dyingbreeds_" "2025-05-09 05:35:58", "1518523", "156.245.28.75:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:56:46", "100", "https://search.censys.io/hosts/156.245.28.75", "AS133199,C2,censys", "0", "dyingbreeds_" "2025-05-09 05:35:57", "1518520", "209.141.51.24:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "2025-05-09 15:01:07", "100", "None", "FAKEUPDATES,SocGholish", "0", "pancak3lullz" "2025-05-09 05:35:57", "1518521", "124.220.205.147:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:56:12", "100", "https://search.censys.io/hosts/124.220.205.147", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-05-09 05:35:56", "1518504", "http://213.226.113.234/nhf7/phbf.exe", "url", "payload_delivery", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "", "dcrat", "0", "tanner" "2025-05-09 05:35:56", "1518516", "micuh.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-09 01:34:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 05:35:56", "1518519", "158.247.206.56:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-09 05:35:54", "1518499", "hyvur.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 22:35:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 05:35:54", "1518503", "213.226.113.234:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "", "None", "0", "tanner" "2025-05-09 05:35:53", "1518497", "security.guradclaouds.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "CoreSecThree", "0", "rmceoin" "2025-05-09 05:35:53", "1518498", "security.clauodgaards.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "CoreSecThree", "0", "rmceoin" "2025-05-09 05:35:52", "1518474", "140.143.205.14:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-09 05:35:52", "1518475", "118.195.134.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:55:54", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-09 05:35:51", "1518472", "kahox.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 19:06:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 05:35:51", "1518473", "47.242.152.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-09 05:35:50", "1518469", "sukum.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 18:35:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-09 05:35:50", "1518471", "http://129.226.189.66:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-09 15:36:23", "100", "None", "AS132203,supershell,Tencent Building Kejizhongyi Avenue", "0", "antiphishorg" "2025-05-09 05:34:09", "1518552", "62.234.92.164:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-426352781", "0", "abuse_ch" "2025-05-09 05:33:52", "1518551", "113.45.7.54:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-05-09 05:33:49", "1518550", "8.155.7.173:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-05-09 05:05:19", "1518549", "https://lclatteqrpq.digital/kljz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/bdb5cb257762482a6a63c58497afb7e11190382c15c54862e6c031c4e1f095c9/", "lumma", "0", "abuse_ch" "2025-05-09 05:05:18", "1518548", "https://kaeneasq.live/nmgj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/bdb5cb257762482a6a63c58497afb7e11190382c15c54862e6c031c4e1f095c9/", "lumma", "0", "abuse_ch" "2025-05-09 05:05:13", "1518547", "https://4homewappzb.top/tqba", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/bdb5cb257762482a6a63c58497afb7e11190382c15c54862e6c031c4e1f095c9/", "lumma", "0", "abuse_ch" "2025-05-09 04:01:20", "1518533", "167.86.171.34:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:47:04", "100", "https://search.censys.io/hosts/167.86.171.34", "AS25019,C2,censys,Netsupport,RAT,SAUDINETSTC-AS", "0", "DonPasci" "2025-05-09 04:01:20", "1518534", "51.20.131.192:44819", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:53:13", "100", "https://search.censys.io/hosts/51.20.131.192", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-05-09 04:01:20", "1518535", "13.247.67.85:32963", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:44:39", "100", "https://search.censys.io/hosts/13.247.67.85", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-05-09 04:01:20", "1518536", "13.247.67.85:47163", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:44:39", "100", "https://search.censys.io/hosts/13.247.67.85", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-05-09 04:01:19", "1518532", "102.100.72.239:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:43:09", "100", "https://search.censys.io/hosts/102.100.72.239", "AS36925,ASMedi,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-05-09 03:20:12", "1518518", "38.46.14.202:27987", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-05-09 01:55:13", "1518517", "202.95.8.144:7081", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-05-09 00:05:17", "1518515", "http://8.130.132.210:7777/Rpc", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/3e53dac6ff6df102b3d056cfa5f08f9df434171add4e8fad6bb1cf57b56e72e0/", "cobaltstrike", "0", "abuse_ch" "2025-05-09 00:01:51", "1518514", "94.198.40.6:20024", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-05-09 23:54:25", "100", "https://search.censys.io/hosts/94.198.40.6", "AS9009,BianLian,C2,censys,M247", "0", "DonPasci" "2025-05-09 00:01:22", "1518513", "51.12.242.29:80", "ip:port", "botnet_cc", "apk.ermac", "None", "ERMAC", "2025-05-09 04:00:57", "100", "https://search.censys.io/hosts/51.12.242.29", "AS8075,C2,censys,Ermac,MICROSOFT-CORP-MSN-AS-BLOCK,panel", "0", "DonPasci" "2025-05-09 00:01:18", "1518512", "143.92.48.130:8000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-05-10 00:45:08", "100", "https://search.censys.io/hosts/143.92.48.130", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,DcRAT,RAT", "0", "DonPasci" "2025-05-09 00:01:13", "1518511", "213.209.150.210:8883", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-05-09 04:00:46", "100", "https://search.censys.io/hosts/213.209.150.210", "AS214943,C2,censys,Quasar,RAILNET,RAT", "0", "DonPasci" "2025-05-09 00:01:12", "1518510", "188.132.129.196:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-05-09 04:00:41", "100", "https://search.censys.io/hosts/188.132.129.196", "AS214036,C2,censys,Hookbot,ULTAHOST-AS", "0", "DonPasci" "2025-05-09 00:01:05", "1518509", "45.81.23.113:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:52:38", "100", "https://search.censys.io/hosts/45.81.23.113", "AS49870,AS49870-BV,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-05-09 00:00:53", "1518508", "77.221.158.154:31999", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-05-10 00:54:08", "100", "https://search.censys.io/hosts/77.221.158.154", "AEZA-AS,AS210644,C2,censys,Sliver", "0", "DonPasci" "2025-05-09 00:00:41", "1518507", "38.55.192.237:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:57:30", "100", "https://search.censys.io/hosts/38.55.192.237", "AS139659,C2,censys,CobaltStrike,LUCID-AS-AP", "0", "DonPasci" "2025-05-09 00:00:36", "1518506", "84.46.236.55:18080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:58:47", "100", "https://search.censys.io/hosts/84.46.236.55", "AS46475,C2,censys,CobaltStrike,cs-watermark-666666666,LIMESTONENETWORKS", "0", "DonPasci" "2025-05-08 23:35:15", "1518505", "213.226.113.235:1912", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2025-05-09 20:05:30", "100", "None", "RedLineStealer", "0", "abuse_ch" "2025-05-08 22:57:23", "1518502", "167.86.109.240:8888", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-05-09 23:56:52", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-05-08 22:55:06", "1518501", "olympusgo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:54:56", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-08 22:35:18", "1518500", "https://raeneasq.live/nmgj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/c687d14a3d2a1e43c4a0b965892ee3f74dae3d34a9598177c2e7acaa77327bf0/", "lumma", "0", "abuse_ch" "2025-05-08 20:53:07", "1518496", "70.31.125.238:2078", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-05-10 00:54:03", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-05-08 20:51:20", "1518495", "43.141.130.132:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-05-10 00:52:03", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-05-08 20:48:24", "1518494", "189.140.41.58:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-05-10 00:48:47", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-05-08 20:46:11", "1518493", "158.160.26.151:1720", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-05-10 00:46:12", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-05-08 20:44:07", "1518492", "116.26.10.55:36166", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-05-10 00:44:11", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-05-08 20:44:00", "1518491", "185.195.64.68:443", "ip:port", "botnet_cc", "win.warmcookie", "Badspace,Carrotstick,QUICKBIND", "WarmCookie", "", "100", "None", "warmcookie", "0", "Rony" "2025-05-08 20:43:17", "1518490", "103.159.50.30:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:43:17", "75", "None", "drb-ra,Havoc", "0", "abuse_ch" "2025-05-08 20:43:07", "1518489", "101.226.27.147:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-05-10 00:43:06", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-05-08 20:42:21", "1518488", "199.247.6.61:80", "ip:port", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "", "SpyNote", "0", "NDA0E" "2025-05-08 20:41:43", "1518487", "fsdlaowaa.top", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "", "SpyNote", "0", "NDA0E" "2025-05-08 20:40:50", "1518486", "mskisdakw.top", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2025-05-08 20:41:43", "100", "", "SpyNote", "0", "NDA0E" "2025-05-08 20:01:47", "1518485", "172.171.241.227:8787", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/172.171.241.227", "AS8075,C2,censys,hacktool,MICROSOFT-CORP-MSN-AS-BLOCK,Mimikatz,open-dir", "0", "DonPasci" "2025-05-08 20:01:23", "1518484", "54.187.139.165:113", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:53:24", "100", "https://search.censys.io/hosts/54.187.139.165", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-05-08 20:01:22", "1518483", "52.79.126.186:11872", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:53:22", "100", "https://search.censys.io/hosts/52.79.126.186", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-05-08 20:01:15", "1518482", "45.80.158.238:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-05-09 04:00:42", "100", "https://search.censys.io/hosts/45.80.158.238", "AS210558,C2,censys,Hookbot,SERVICES-1337-GMBH", "0", "DonPasci" "2025-05-08 20:01:08", "1518480", "196.251.118.253:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:49:43", "100", "https://search.censys.io/hosts/196.251.118.253", "AS401116,AsyncRAT,C2,censys,NYBULA,RAT", "0", "DonPasci" "2025-05-08 20:01:08", "1518481", "176.65.134.77:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:47:37", "100", "https://search.censys.io/hosts/176.65.134.77", "-Reserved,AS215240,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-05-08 20:01:06", "1518479", "116.62.30.120:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-09 04:00:32", "100", "https://search.censys.io/hosts/116.62.30.120", "ALIBABA-CN-NET,AS37963,C2,censys,Supershell", "0", "DonPasci" "2025-05-08 20:00:54", "1518478", "5.35.125.77:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-05-10 00:53:09", "100", "https://search.censys.io/hosts/5.35.125.77", "ADMINVPS,AS211183,C2,censys,Sliver", "0", "DonPasci" "2025-05-08 20:00:50", "1518477", "212.69.86.8:5061", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:50:38", "100", "https://search.censys.io/hosts/212.69.86.8", "AS57043,C2,censys,HOSTKEY-AS,RAT,Remcos", "0", "DonPasci" "2025-05-08 20:00:35", "1518476", "47.109.190.151:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 04:00:15", "100", "https://search.censys.io/hosts/47.109.190.151", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-05-08 18:50:10", "1518470", "103.12.149.123:8080", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-05-08 18:12:22", "1518468", "77.232.38.204:37215", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "Mirai", "0", "NDA0E" "2025-05-08 18:01:36", "1518467", "fecif.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 17:44:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 17:21:07", "1518457", "fanpuy.com", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-08 17:21:07", "1518464", "minak.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 16:06:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 16:58:36", "1518466", "39.105.6.249:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:57:36", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-08 16:56:41", "1518465", "113.44.132.115:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:55:44", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-08 16:01:21", "1518463", "18.133.246.144:1244", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:48:05", "100", "https://search.censys.io/hosts/18.133.246.144", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-05-08 16:01:20", "1518462", "202.95.14.161:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-05-09 04:00:54", "100", "https://search.censys.io/hosts/202.95.14.161", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,DcRAT,RAT", "0", "DonPasci" "2025-05-08 16:01:08", "1518461", "196.251.71.236:2222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-09 19:49:15", "100", "https://search.censys.io/hosts/196.251.71.236", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-05-08 16:00:56", "1518460", "89.111.173.134:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-05-10 00:54:51", "100", "https://search.censys.io/hosts/89.111.173.134", "AS-REG,AS197695,C2,censys,Sliver", "0", "DonPasci" "2025-05-08 16:00:51", "1518458", "185.49.126.223:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:48:38", "100", "https://search.censys.io/hosts/185.49.126.223", "AS199654,C2,censys,OXIDE-GROUP-LIMITED,RAT,Remcos", "0", "DonPasci" "2025-05-08 16:00:51", "1518459", "45.13.38.142:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:52:11", "100", "https://search.censys.io/hosts/45.13.38.142", "AS47890,C2,censys,RAT,Remcos,UNMANAGED-DEDICATED-SERVERS", "0", "DonPasci" "2025-05-08 16:00:32", "1518456", "166.88.100.85:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 04:00:09", "100", "https://search.censys.io/hosts/166.88.100.85", "AS149440,C2,censys,CobaltStrike,cs-watermark-391144938,EVOXTENTERPRISE-AS-AP", "0", "DonPasci" "2025-05-08 16:00:31", "1518454", "149.88.71.241:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 05:33:52", "100", "https://search.censys.io/hosts/149.88.71.241", "AS142032,C2,censys,CobaltStrike,cs-watermark-987654321,HFTCL-AS-AP", "0", "DonPasci" "2025-05-08 16:00:31", "1518455", "154.204.35.210:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 05:33:48", "100", "https://search.censys.io/hosts/154.204.35.210", "AS133199,C2,censys,CobaltStrike,cs-watermark-987654321,SONDERCLOUDLIMITED-AS-AP", "0", "DonPasci" "2025-05-08 15:51:34", "1518453", "genow.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 15:56:22", "100", "None", "clearfake", "1", "ttakvam" "2025-05-08 15:50:07", "1518452", "a3d8e4f55c50bc916f6410f31a811e2d", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "https://x.com/PrakkiSathwik/status/1919821345296417032", "APT,APT36,SideCopy", "0", "abuse_ch" "2025-05-08 15:49:35", "1518451", "sohaeidacademy.com", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "https://x.com/skocherhan/status/1920418319225454691", "LummaStealer", "0", "abuse_ch" "2025-05-08 15:48:51", "1518448", "c402f62212873f3a7e6fce5d490f6ddb", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "https://x.com/bofheaded/status/1920193029278667220", "APT,APT36,SideCopy", "0", "abuse_ch" "2025-05-08 15:48:51", "1518449", "b03211f6feccd3a62273368b52f6079d", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "https://x.com/bofheaded/status/1920193029278667220", "APT,APT36,SideCopy", "0", "abuse_ch" "2025-05-08 15:48:51", "1518450", "2fde001f4c17c8613480091fa48b55a0", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "https://x.com/bofheaded/status/1920193029278667220", "APT,APT36,SideCopy", "0", "abuse_ch" "2025-05-08 15:48:16", "1518447", "myspecialdot.com", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://x.com/skocherhan/status/1920451301835510257", "LummaStealer", "0", "abuse_ch" "2025-05-08 15:47:07", "1518444", "bec378cef9cbb85f127691385517b659", "md5_hash", "payload", "osx.amos", "Atomic macOS Stealer", "AMOS", "", "100", "https://x.com/suyog41/status/1920333338260258922", "AMOS", "0", "abuse_ch" "2025-05-08 15:47:07", "1518445", "b92960006ed39ecd4a7a403b44064c01", "md5_hash", "payload", "osx.amos", "Atomic macOS Stealer", "AMOS", "", "100", "https://x.com/suyog41/status/1920333338260258922", "AMOS", "0", "abuse_ch" "2025-05-08 15:47:07", "1518446", "d99840757365a6c5045a870980e5fdf8", "md5_hash", "payload", "osx.amos", "Atomic macOS Stealer", "AMOS", "", "100", "https://x.com/suyog41/status/1920333338260258922", "AMOS", "0", "abuse_ch" "2025-05-08 15:46:20", "1518443", "a539275d837cf5501e0d98abce56f16ca8f97c9d06662162278c0dffb783d7de", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://x.com/byrne_emmy12099/status/1920283332795117829", "APT", "0", "abuse_ch" "2025-05-08 15:41:20", "1518442", "sihen.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 15:46:07", "100", "None", "clearfake", "1", "ttakvam" "2025-05-08 15:40:13", "1518441", "137.220.135.67:6064", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-05-08 15:27:57", "1518440", "jodob.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 15:25:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 15:20:12", "1518439", "http://92.63.102.85/2ProvidertemporaryPrivate/HttpApitemporary6/4PublicSecureauth/lowWindows/9/lowJsVoiddb/Temporaryproton/videojavascripthttpserverProtectflowerGeneratortrafficuploadsdownloads.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-05-08 15:06:17", "1518429", "mehig.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 14:24:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 15:05:10", "1518438", "196.251.117.50:5213", "ip:port", "botnet_cc", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "100", "None", "AveMariaRAT,RAT", "0", "abuse_ch" "2025-05-08 14:55:31", "1518437", "https://ggrizzlqzuk.live/qhbu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/820e40285429a78a439c4f2fd7b89e463adc156be8617bf49cf7712b698d2e41/", "lumma", "0", "abuse_ch" "2025-05-08 14:55:30", "1518436", "https://finsidegrah.run/ieop", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/820e40285429a78a439c4f2fd7b89e463adc156be8617bf49cf7712b698d2e41/", "lumma", "0", "abuse_ch" "2025-05-08 14:55:19", "1518435", "https://8stuffgull.top/qwio", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/820e40285429a78a439c4f2fd7b89e463adc156be8617bf49cf7712b698d2e41/", "lumma", "0", "abuse_ch" "2025-05-08 14:51:01", "1518434", "https://voznessxyy.life/bnaz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9b416d495be3632084094ef0c50ef47009a1d63256859023038436c5bb3e5a99/", "lumma", "0", "abuse_ch" "2025-05-08 14:50:52", "1518433", "https://tclatteqrpq.digital/kljz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9b416d495be3632084094ef0c50ef47009a1d63256859023038436c5bb3e5a99/", "lumma", "0", "abuse_ch" "2025-05-08 14:50:37", "1518432", "https://ninepicchf.bet/lznd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-09 22:55:45", "75", "https://bazaar.abuse.ch/sample/9b416d495be3632084094ef0c50ef47009a1d63256859023038436c5bb3e5a99/", "lumma", "0", "abuse_ch" "2025-05-08 14:50:19", "1518431", "https://clatteqrpq.digital/kljz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8232a11066fe5a6f552302da37f9b4e42f313bbeaf51f86c61fbf84bd95b1ca9/", "lumma", "0", "abuse_ch" "2025-05-08 14:50:14", "1518430", "https://3homewappzb.top/tqba", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9b416d495be3632084094ef0c50ef47009a1d63256859023038436c5bb3e5a99/", "lumma", "0", "abuse_ch" "2025-05-08 14:18:43", "1518428", "https://wishspy.xyz/art.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-05-08 14:05:26", "1518427", "appli-cff.com", "domain", "payload_delivery", "apk.coper", "ExobotCompact,Octo", "Coper", "", "100", "", "CHE,Coper,geo,Octo", "0", "abuse_ch" "2025-05-08 14:04:55", "1518426", "cagom.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 13:53:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 13:35:10", "1518423", "daqev.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 13:33:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 13:35:10", "1518424", "https://www.thefertilemine.com/profileLayout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-05-08 13:35:09", "1518425", "166.88.164.201:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "2025-05-09 07:35:33", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-05-08 13:27:22", "1518421", "160.30.44.124:2023", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "mirai,MooBot", "0", "NDA0E" "2025-05-08 13:27:22", "1518422", "160.30.44.174:2023", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "mirai,MooBot", "0", "NDA0E" "2025-05-08 13:16:03", "1518420", "77.90.153.228:443", "ip:port", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "75", "https://bazaar.abuse.ch/sample/1e4ed6b38ca75c7a198c5409591e974cf84baa92706aee65bda17e1d7295b3a0/", "CHE,Coper,geo,Octo", "0", "abuse_ch" "2025-05-08 13:15:40", "1518419", "53d6c5e5e04f7e079df5d5d77bc259ea.us", "domain", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "100", "https://bazaar.abuse.ch/sample/1e4ed6b38ca75c7a198c5409591e974cf84baa92706aee65bda17e1d7295b3a0/", "CHE,Coper,geo,Octo", "0", "abuse_ch" "2025-05-08 13:13:35", "1518411", "https://motocyclenews.top/jse/minjs.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114472374283059996", "SmartApeSG", "0", "monitorsg" "2025-05-08 13:13:35", "1518413", "https://motocyclenews.top/jse/select.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114472374283059996", "SmartApeSG", "0", "monitorsg" "2025-05-08 13:13:34", "1518409", "https://johnoton.live/log/in", "url", "payload_delivery", "js.kongtuke", "None", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/114472368542616723", "KongTuke", "0", "monitorsg" "2025-05-08 13:13:33", "1518410", "johnoton.live", "domain", "payload_delivery", "js.kongtuke", "None", "KongTuke", "2025-05-08 16:10:11", "100", "https://infosec.exchange/@monitorsg/114472368542616723", "KongTuke", "0", "monitorsg" "2025-05-08 13:13:32", "1518412", "motocyclenews.top", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-08 13:10:21", "100", "https://infosec.exchange/@monitorsg/114472374283059996", "SmartApeSG", "0", "monitorsg" "2025-05-08 13:13:32", "1518414", "https://motocyclenews.top/jse/lll.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114472374283059996", "SmartApeSG", "0", "monitorsg" "2025-05-08 13:13:31", "1518415", "https://territoirespaysagistes.com/buts.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114472374283059996", "SmartApeSG", "0", "monitorsg" "2025-05-08 13:13:30", "1518416", "territoirespaysagistes.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114472374283059996", "SmartApeSG", "0", "monitorsg" "2025-05-08 13:13:30", "1518417", "ttxch.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 13:12:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 13:13:30", "1518418", "www.thefertilemine.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "2025-05-08 13:34:07", "100", "https://infosec.exchange/@monitorsg/114472379548048316", "SocGholish", "0", "monitorsg" "2025-05-08 13:06:22", "1518408", "mobile-cff.app", "domain", "payload_delivery", "apk.coper", "ExobotCompact,Octo", "Coper", "", "100", "https://bazaar.abuse.ch/sample/1e4ed6b38ca75c7a198c5409591e974cf84baa92706aee65bda17e1d7295b3a0/", "CHE,Coper,geo,Octo", "0", "abuse_ch" "2025-05-08 12:56:39", "1518407", "111.230.233.129:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:55:38", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-08 12:47:53", "1518388", "mzrln.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 11:35:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 12:47:52", "1518405", "https://taskrunp.run/xnzbd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "https://www.joesandbox.com/analysis/1684313/0/html", "None", "0", "tmechen_" "2025-05-08 12:01:31", "1518404", "wizardly-cannon.51-195-229-85.plesk.page", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-09 04:01:10", "100", "https://search.censys.io/hosts/51.195.229.85+wizardly-cannon.51-195-229-85.plesk.page", "AS16276,C2,censys,OVH,panel,Unam", "0", "DonPasci" "2025-05-08 12:01:30", "1518403", "154.201.90.76:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-05-09 04:01:08", "100", "https://search.censys.io/hosts/154.201.90.76", "AS8796,C2,censys,FD-298-8796,moobot", "0", "DonPasci" "2025-05-08 12:01:22", "1518402", "23.26.201.169:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-10 00:50:58", "100", "https://search.censys.io/hosts/23.26.201.169", "AS23470,C2,censys,Covenant,RELIABLESITE", "0", "DonPasci" "2025-05-08 12:01:18", "1518401", "15.152.54.240:20547", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:45:39", "100", "https://search.censys.io/hosts/15.152.54.240", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-05-08 12:01:14", "1518399", "75.119.159.249:8000", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:54:05", "100", "https://search.censys.io/hosts/75.119.159.249", "AS51167,C2,censys,CONTABO,Havoc", "0", "DonPasci" "2025-05-08 12:01:14", "1518400", "31.220.44.127:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:51:22", "100", "https://search.censys.io/hosts/31.220.44.127", "AS63473,C2,censys,Havoc,HOSTHATCH", "0", "DonPasci" "2025-05-08 12:01:13", "1518397", "setup.bestoffersfortoday.store", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-09 04:00:49", "100", "https://search.censys.io/hosts/104.248.5.186+setup.bestoffersfortoday.store", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-05-08 12:01:13", "1518398", "37-72-168-146.static.hvvc.us", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-09 04:00:48", "100", "https://search.censys.io/hosts/37.72.168.146+37-72-168-146.static.hvvc.us", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-05-08 12:01:11", "1518396", "45.61.165.249:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-05-09 04:00:45", "100", "https://search.censys.io/hosts/45.61.165.249", "AS14956,C2,censys,Quasar,RAT,ROUTERHOSTING", "0", "DonPasci" "2025-05-08 12:00:54", "1518395", "92.63.100.74:33949", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-05-10 00:55:09", "100", "https://search.censys.io/hosts/92.63.100.74", "AS29182,C2,censys,RU-JSCIOT,Sliver", "0", "DonPasci" "2025-05-08 12:00:37", "1518394", "43.139.240.201:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:57:42", "100", "https://search.censys.io/hosts/43.139.240.201", "AS45090,C2,censys,CobaltStrike,cs-watermark-305419896,TENCENT-NET-AP", "0", "DonPasci" "2025-05-08 12:00:34", "1518393", "139.224.30.125:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:56:26", "100", "https://search.censys.io/hosts/139.224.30.125", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-05-08 12:00:31", "1518391", "103.140.154.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:55:22", "100", "https://search.censys.io/hosts/103.140.154.238", "AS151804,C2,censys,CobaltStrike,cs-watermark-987654321,SNOTIONPTELTD-AS-AP", "0", "DonPasci" "2025-05-08 12:00:31", "1518392", "47.107.49.44:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 05:33:52", "100", "https://search.censys.io/hosts/47.107.49.44", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-05-08 12:00:30", "1518389", "202.95.12.160:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:57:18", "100", "https://search.censys.io/hosts/202.95.12.160", "AS152194,C2,censys,CobaltStrike,cs-watermark-987654321,CTGSERVERLIMITED-AS-AP", "0", "DonPasci" "2025-05-08 12:00:30", "1518390", "116.62.205.141:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 04:00:12", "100", "https://search.censys.io/hosts/116.62.205.141", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-05-08 11:19:30", "1518378", "snhnv.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 09:45:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 11:19:29", "1518379", "noxajb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-08 11:19:28", "1518380", "voznessxyy.life", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-09 20:06:51", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-08 11:19:26", "1518381", "clatteqrpq.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-09 20:09:32", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-08 11:19:26", "1518382", "ninepicchf.bet", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-09 20:06:51", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-05-08 11:19:25", "1518383", "https://colliel.live/log/in", "url", "payload_delivery", "js.kongtuke", "None", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/114471670175374600", "KongTuke", "0", "monitorsg" "2025-05-08 11:19:24", "1518384", "colliel.live", "domain", "payload_delivery", "js.kongtuke", "None", "KongTuke", "2025-05-08 12:11:29", "100", "https://infosec.exchange/@monitorsg/114471670175374600", "KongTuke", "0", "monitorsg" "2025-05-08 11:19:23", "1518385", "fhtnt.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 10:24:02", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 11:19:21", "1518386", "xtkdt.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 10:54:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 10:59:24", "1518387", "81.17.20.66:4431", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-05-09 23:58:43", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-05-08 09:26:25", "1518377", "nshpd.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 09:06:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 08:55:16", "1518376", "110.41.60.33:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:55:35", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-08 08:54:13", "1518375", "95.135.153.175:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-05-09 23:54:27", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-05-08 08:43:49", "1518374", "npknn.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 08:26:02", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 08:18:02", "1518373", "life.judyfay.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "50", "", "SocGholish", "0", "juroots" "2025-05-08 08:17:15", "1518372", "lenovo-sync.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "50", "", "vkeylogger", "0", "juroots" "2025-05-08 08:16:45", "1518371", "spec.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-05-08 08:16:04", "1518369", "46.101.236.176:1853", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:01:03", "50", "", "c2,remcos", "0", "juroots" "2025-05-08 08:16:04", "1518370", "79.110.62.113:4836", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-05-08 08:15:40", "1518368", "botnet.ethoneservices.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-05-08 08:14:49", "1518365", "jamesrockky.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-05-08 08:14:49", "1518366", "riches20.kozow.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-05-08 08:14:49", "1518367", "steveswiths.freemyip.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-05-08 08:08:29", "1518362", "qmzks.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 08:05:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 08:01:18", "1518364", "47.129.144.57:636", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-05-10 00:52:54", "100", "https://search.censys.io/hosts/47.129.144.57", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-05-08 08:01:11", "1518363", "134.199.169.177:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-10 00:44:44", "100", "https://search.censys.io/hosts/134.199.169.177", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-05-08 08:01:04", "1518361", "167.172.94.208:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-09 04:00:33", "100", "https://search.censys.io/hosts/167.172.94.208", "AS14061,C2,censys,DIGITALOCEAN-ASN,Supershell", "0", "DonPasci" "2025-05-08 08:00:54", "1518360", "120.26.243.135:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/120.26.243.135", "ALIBABA-CN-NET,AS37963,C2,censys,open-dir,payload,Sliver", "0", "DonPasci" "2025-05-08 08:00:51", "1518359", "66.42.44.50:53", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2025-05-10 00:53:55", "100", "https://search.censys.io/hosts/66.42.44.50", "AS-VULTR,AS20473,C2,censys,Pupy,RAT", "0", "DonPasci" "2025-05-08 08:00:49", "1518357", "27.102.127.136:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:51:07", "100", "https://search.censys.io/hosts/27.102.127.136", "AS45996,C2,censys,DAOU-AS-KR,RAT,Remcos", "0", "DonPasci" "2025-05-08 08:00:49", "1518358", "89.40.31.225:9373", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:54:54", "100", "https://search.censys.io/hosts/89.40.31.225", "AS215117,C2,censys,HOSTERDADDY,RAT,Remcos", "0", "DonPasci" "2025-05-08 08:00:33", "1518356", "154.219.119.63:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 04:00:08", "100", "https://search.censys.io/hosts/154.219.119.63", "AS137899,C2,censys,CobaltStrike,cs-watermark-666666666,ILAYERLIMITED-AS-AP", "0", "DonPasci" "2025-05-08 08:00:30", "1518355", "121.36.228.26:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:56:03", "100", "https://search.censys.io/hosts/121.36.228.26", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-05-08 08:00:29", "1518354", "91.200.14.226:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:58:50", "100", "https://search.censys.io/hosts/91.200.14.226", "AS215730,C2,censys,CobaltStrike,cs-watermark-987654321,H2NEXUS-AS", "0", "DonPasci" "2025-05-08 08:00:15", "1518353", "http://kruasanpcs.mywebcommunity.org/providerjavascriptupdategamebigloaddblinux.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-05-08 07:55:32", "1518352", "http://103.74.101.88/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/0196aee4-7bed-775d-bf44-107eb2386c44", "c2,hookbot,urlscan", "0", "juroots" "2025-05-08 07:55:31", "1518351", "http://85.192.48.2:50555/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/0196aee4-779f-710c-9885-ce2535475cfd", "c2,hookbot,urlscan", "0", "juroots" "2025-05-08 07:53:39", "1518337", "xkpdf.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 07:34:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 07:53:11", "1518350", "117.209.241.134:49682", "ip:port", "botnet_cc", "elf.mozi", "None", "Mozi", "", "50", "https://www.shodan.io/host/117.209.241.134#49682", "c2,mozi,shodan", "0", "juroots" "2025-05-08 07:52:26", "1518349", "15.222.3.45:12112", "ip:port", "botnet_cc", "win.blackshades", "None", "BlackShades", "", "50", "https://www.shodan.io/host/15.222.3.45#12112", "blackshades,c2,shodan", "0", "juroots" "2025-05-08 07:51:31", "1518348", "220.71.102.113:54984", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "https://www.shodan.io/host/220.71.102.113#54984", "c2,nanocore,shodan", "0", "juroots" "2025-05-08 07:51:01", "1518347", "158.247.207.197:443", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "https://www.shodan.io/host/158.247.207.197#443", "c2,kimsuky,shodan", "0", "juroots" "2025-05-08 07:51:00", "1518346", "158.247.202.109:443", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "https://www.shodan.io/host/158.247.202.109#443", "c2,kimsuky,shodan", "0", "juroots" "2025-05-08 07:50:45", "1518345", "51.21.245.196:12284", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/51.21.245.196#12284", "c2,netbus,shodan", "0", "juroots" "2025-05-08 07:50:29", "1518343", "37.72.168.146:10443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-05-10 00:51:41", "50", "https://www.shodan.io/host/37.72.168.146#10443", "c2,havoc,shodan", "0", "juroots" "2025-05-08 07:50:29", "1518344", "169.150.155.228:55553", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://www.shodan.io/host/169.150.155.228#55553", "c2,havoc,shodan", "0", "juroots" "2025-05-08 07:49:31", "1518341", "15.168.9.236:2002", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/15.168.9.236#2002", "c2,netsupport,shodan", "0", "juroots" "2025-05-08 07:49:31", "1518342", "176.82.189.27:6001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/176.82.189.27#6001", "c2,netsupport,shodan", "0", "juroots" "2025-05-08 07:48:30", "1518339", "24.199.73.199:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-05-10 00:51:05", "50", "https://www.shodan.io/host/24.199.73.199#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-08 07:48:30", "1518340", "158.247.218.220:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-05-10 00:46:14", "50", "https://www.shodan.io/host/158.247.218.220#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-08 07:47:10", "1518338", "185.196.11.181:9922", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:57:04", "50", "https://www.shodan.io/host/185.196.11.181#9922", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-05-08 07:30:38", "1518336", "https://mstuffgull.top/qwio", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/175dc09d98178b10ba5c1649e61513a13cbd207d9665a94c116fb951993dba6e/", "lumma", "0", "abuse_ch" "2025-05-08 07:30:33", "1518335", "https://joctalfbsh.bet/mben", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/175dc09d98178b10ba5c1649e61513a13cbd207d9665a94c116fb951993dba6e/", "lumma", "0", "abuse_ch" "2025-05-08 07:30:28", "1518334", "43.132.216.81:635", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-05-08 07:30:17", "1518332", "https://3k0monemiltxny.shop/tqiw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/795fc149a846a08473ec9f574aab38b91730908ea1db607713a6fcac714cf333/", "lumma", "0", "abuse_ch" "2025-05-08 07:30:17", "1518333", "https://3yoctalfbsh.bet/mben", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/aa7166092d9839013f346d3210845f9e1e38ad07396b5d9075e9546695ec8098/", "lumma", "0", "abuse_ch" "2025-05-08 07:25:15", "1518330", "pmglw.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 07:03:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 07:25:15", "1518331", "176.65.141.210:15390", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-05-08 09:20:05", "75", "None", "Mirai", "0", "elfdigest" "2025-05-08 06:46:06", "1518318", "http://51.195.229.85/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS16276,OVH SAS,unam", "0", "antiphishorg" "2025-05-08 06:46:05", "1518319", "rkblm.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 06:02:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 06:40:28", "1518329", "https://ohomewappzb.top/tqba", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/724f8b236a4a8b3d11c697e746d79876c952a92ed47ae872883c0af77db6fe22/", "lumma", "0", "abuse_ch" "2025-05-08 06:40:25", "1518328", "https://mariosefqcu.shop/wrqo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/21bfbc7ad27302a1b12edc842d257ec522b48ccb7079925c76f686beb9772bd1/", "lumma", "0", "abuse_ch" "2025-05-08 06:29:43", "1518321", "egiftshop.cloud", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://x.com/skocherhan/status/1920321510109024641", "LummaStealer", "0", "abuse_ch" "2025-05-08 06:29:43", "1518322", "highcouncipl.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://x.com/skocherhan/status/1920321510109024641", "LummaStealer", "0", "abuse_ch" "2025-05-08 06:29:43", "1518323", "tapandshop.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://x.com/skocherhan/status/1920321510109024641", "LummaStealer", "0", "abuse_ch" "2025-05-08 06:29:43", "1518324", "tavernfolkk.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://x.com/skocherhan/status/1920321510109024641", "LummaStealer", "0", "abuse_ch" "2025-05-08 06:29:43", "1518325", "towerstozne.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://x.com/skocherhan/status/1920321510109024641", "LummaStealer", "0", "abuse_ch" "2025-05-08 06:29:43", "1518326", "unmutezcx.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://x.com/skocherhan/status/1920321510109024641", "LummaStealer", "0", "abuse_ch" "2025-05-08 06:29:43", "1518327", "viscosityobserving.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://x.com/skocherhan/status/1920321510109024641", "LummaStealer", "0", "abuse_ch" "2025-05-08 06:15:20", "1518320", "https://ctortoisgfe.top/paxk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/412d297dee67e80c141da310ecbe4a58f3d4c3e62243dff7341d42595960a02d/", "lumma", "0", "abuse_ch" "2025-05-08 05:48:13", "1518302", "djrtt.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 05:15:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 05:46:51", "1518317", "147.79.20.62:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-05-08 05:46:50", "1518316", "101.37.80.173:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 20:00:39", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-05-08 05:46:32", "1518315", "47.92.216.212:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 05:33:51", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-05-08 05:46:31", "1518314", "43.251.100.146:8086", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-05-08 05:46:30", "1518313", "150.158.108.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 20:00:38", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-05-08 05:45:48", "1518312", "https://tremelzxiy.live/atok", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8d30a02b63faa25db2310612bebdd8db66dcda85f676ca016e1c21fc4167af61/", "lumma", "0", "abuse_ch" "2025-05-08 05:45:38", "1518311", "https://oorijinalecza.net/kazd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/60bc96bd8c684e5d6ff85364f7403fb56ef72fa93668ea2591635177664820e7/", "lumma", "0", "abuse_ch" "2025-05-08 05:45:28", "1518310", "https://grizzlqzuk.live/qhbu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/45f4eab50d96810f5e3046d61721127d9b9d1aa35be5b8a8d468b9b4935e70bb/", "lumma", "0", "abuse_ch" "2025-05-08 05:45:26", "1518309", "https://egrizzlqzuk.live/qhbu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8d30a02b63faa25db2310612bebdd8db66dcda85f676ca016e1c21fc4167af61/", "lumma", "0", "abuse_ch" "2025-05-08 05:45:21", "1518308", "https://apronsxrum.digital/pwq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/28d8ba77930a7fdb5d6f7fd77b7f3d9be8a638976f563598e247fbec54574809/", "lumma", "0", "abuse_ch" "2025-05-08 05:45:20", "1518307", "https://9octalfbsh.bet/mben", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/45f4eab50d96810f5e3046d61721127d9b9d1aa35be5b8a8d468b9b4935e70bb/", "lumma", "0", "abuse_ch" "2025-05-08 05:22:56", "1518306", "preyinthewild.online", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-05-08 05:20:41", "1518305", "persongiants.icu", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-05-08 05:19:17", "1518303", "https://brotherreligion.xyz/art.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-05-08 05:19:17", "1518304", "http://troublesisters.xyz/oils.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-05-08 05:08:57", "1518298", "8.138.46.58:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-08 05:08:56", "1518299", "20.205.16.222:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-08 05:02:33", "1518300", "http://baleturn.com/front.php", "url", "botnet_cc", "win.satacom", "CurlyGate,LegionLoader,RobotDropper", "Satacom", "", "100", "https://bazaar.abuse.ch/sample/885268e2da486a7c3473e76c11a1a51595efe389c33af5ece150a44166cee80d/", "LegionLoader,Satacom", "0", "abuse_ch" "2025-05-08 05:02:33", "1518301", "https://fmecoutsm.com/diagnostics.php", "url", "botnet_cc", "win.satacom", "CurlyGate,LegionLoader,RobotDropper", "Satacom", "", "100", "https://bazaar.abuse.ch/sample/885268e2da486a7c3473e76c11a1a51595efe389c33af5ece150a44166cee80d/", "LegionLoader,Satacom", "0", "abuse_ch" "2025-05-08 04:50:44", "1518297", "xmlvm.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-08 04:55:44", "100", "None", "clearfake", "1", "ttakvam" "2025-05-08 04:50:10", "1518296", "http://a1106686.xsph.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-05-08 04:31:15", "1518128", "df-www.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:57", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:14", "1518129", "en-koinly.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:13", "1518130", "metatradar5.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:13", "1518131", "optislgns.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:12", "1518132", "paychex-us.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:11", "1518134", "www.qik.su", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:57", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:10", "1518133", "bbvanetcashs.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:07", "1518135", "4kdownloadl.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:06", "1518136", "techsmlth.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:05", "1518137", "ccieaner.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:04", "1518138", "koinly-en.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:02", "1518139", "zoho-us.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:01", "1518140", "dv-www.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:31:00", "1518141", "en-payroll.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:59", "1518142", "easycrypto.su", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:57", "1518143", "www.dp-www.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:57", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:56", "1518144", "www.cisco-us.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:56", "1518145", "audacltyteam.org", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:45:04", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:55", "1518146", "cllcktime.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:54", "1518147", "quantower.site", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:52", "1518148", "quantower.pw", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:51", "1518149", "adoobes.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:49", "1518150", "sportsenginec.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:48", "1518151", "apachefrlends.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:48", "1518152", "dk-www.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:46", "1518153", "xrpscan-en.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:46", "1518154", "coinomi.pw", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:40", "1518155", "en-sdccu.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:39", "1518156", "monadls.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:38", "1518157", "web-chatgpt.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:37", "1518158", "ccieaner.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:36", "1518159", "www.drr-www.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:35", "1518160", "metatradar5.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:34", "1518161", "keepassw.info", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:33", "1518162", "web.guarda.pw", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:32", "1518163", "floridarealestatechool.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:31", "1518164", "www.dq-www.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:57", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:30", "1518165", "www.dy-www.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:29", "1518166", "bot.installs.pro", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:28", "1518167", "web-silkai.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:27", "1518168", "wasabiwallet.pw", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:26", "1518169", "moblsystems.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:25", "1518170", "openofflce.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:24", "1518171", "manageenglne.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:23", "1518172", "dg-www.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:57", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:20", "1518173", "newrelic-en.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:19", "1518174", "tlger.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:18", "1518175", "sultecrm.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:17", "1518176", "do-www.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:17", "1518177", "www.bawag-web.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:16", "1518178", "openofflce.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:15", "1518179", "ninjaone-en.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:14", "1518180", "du-www.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:57", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:12", "1518181", "admin.prompasport.ru", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:11", "1518182", "techsmlth.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:10", "1518183", "apachefrlends.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:08", "1518184", "brightdata-en.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:07", "1518185", "sysaid-en.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:07", "1518186", "www.shopmeyxchange.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:06", "1518187", "coreidraw.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:04", "1518188", "cllcktime.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:03", "1518189", "ion-login.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:03", "1518190", "blendrer.org", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-07 20:44:58", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:30:02", "1518191", "www-yoast.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:59", "1518192", "quantower.su", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:57", "1518193", "3cx-en.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:56", "1518194", "moblerecharges.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:55", "1518195", "ultraviewer-en.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:54", "1518196", "tlger.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:53", "1518197", "ultravlewer.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:52", "1518198", "4kdownloadl.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:50", "1518199", "testerscrypto.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:50", "1518200", "bitpay.pw", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-05-08 08:47:36", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:48", "1518201", "sportsenginec.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:47", "1518202", "jam-softwarec.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:46", "1518203", "password-en.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:45", "1518204", "dx-www.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:45", "1518205", "ledgers.su", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:44", "1518206", "manageenglne.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:43", "1518207", "bamboohr-en.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:42", "1518208", "web-goodcrypto.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:29:41", "1518209", "symblosis.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:28:58", "1518210", "testerscrypto.store", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-05-08 04:28:57", "1518213", "bbssj.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-07 20:55:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 04:28:56", "1518216", "hspmj.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-07 23:54:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 04:28:55", "1518233", "h1.glitzyentire.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-08 02:03:24", "100", "https://app.any.run/tasks/e846da58-2c0f-4fb3-8125-3e13c29687ae", "None", "0", "pitachu" "2025-05-08 04:28:54", "1518234", "101.35.235.124:123", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-08 04:28:53", "1518235", "1.13.156.116:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-08 04:28:52", "1518236", "111.230.212.37:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-08 04:28:51", "1518237", "http://137.184.35.179:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-09 15:36:22", "100", "None", "AS14061,DigitalOcean LLC,supershell", "0", "antiphishorg" "2025-05-08 04:28:50", "1518238", "https://rocketlump.com/hdz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-08 01:19:07", "50", "https://www.virustotal.com/gui/file/2155840186f85307c2b1789f05f3a343870ed964e8378bdf2622dd44e8c4c36c/behavior", "None", "1", "pitachu" "2025-05-08 04:28:49", "1518239", "https://fanpuy.com/zxod", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:48", "1518240", "https://medikalbitkisel.org/pek", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:47", "1518241", "https://victoreqs.run/xapw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:46", "1518242", "https://viridisw.top/qwed", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:45", "1518243", "https://toptalentw.top/qena", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:45", "1518244", "https://crocodilefg.top/qeji", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:43", "1518245", "https://wolverineas.top/xadw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:42", "1518246", "https://steamcommunity.com/profiles/76561199845513035", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:40", "1518247", "https://t.me/kubasex", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://www.virustotal.com/gui/file/a19e224ea94067509bb9723c684cc7d9b63dbbb892e62d0d64480dff20cf2162/behavior", "None", "0", "pitachu" "2025-05-08 04:28:39", "1518248", "80.64.18.161:80", "ip:port", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "https://app.any.run/tasks/6371365b-462d-4912-b634-3ac7c3b44fa6", "None", "0", "pitachu" "2025-05-08 04:28:38", "1518249", "improvxf.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-08 15:49:35", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:37", "1518250", "tribunap.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:36", "1518251", "tremelzxiy.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:35", "1518252", "thinkellk.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:34", "1518253", "apronsxrum.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:31", "1518263", "ec2-18-166-31-74.ap-east-1.compute.amazonaws.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/18.166.31.74+ec2-18-166-31-74.ap-east-1.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys", "0", "dyingbreeds_" "2025-05-08 04:28:31", "1518264", "nl-2.193.27.90.134.nip.io", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/193.27.90.134+nl-2.193.27.90.134.nip.io", "ALEXHOST,AS200019,C2,censys", "0", "dyingbreeds_" "2025-05-08 04:28:30", "1518265", "3.236.12.85:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-05-10 00:51:14", "90", "https://search.censys.io/hosts/3.236.12.85", "AMAZON-AES,AS14618,C2,censys", "0", "dyingbreeds_" "2025-05-08 04:28:29", "1518266", "186.169.63.68:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:48:40", "100", "https://search.censys.io/hosts/186.169.63.68", "AS3816,C2,censys,RAT", "0", "dyingbreeds_" "2025-05-08 04:28:26", "1518267", "94.26.90.245:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-09 23:54:26", "100", "https://search.censys.io/hosts/94.26.90.245", "AS214943,C2,censys,RAILNET,RAT", "0", "dyingbreeds_" "2025-05-08 04:28:25", "1518268", "176.65.142.198:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:47:45", "100", "https://search.censys.io/hosts/176.65.142.198", "AS215240,C2,censys,RAT", "0", "dyingbreeds_" "2025-05-08 04:28:24", "1518269", "196.251.71.236:5555", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-05-10 00:49:48", "100", "https://search.censys.io/hosts/196.251.71.236", "AS401120,C2,censys,CHEAPY-HOST,RAT", "0", "dyingbreeds_" "2025-05-08 04:28:23", "1518270", "ec2-44-246-89-112.us-west-2.compute.amazonaws.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/44.246.89.112+ec2-44-246-89-112.us-west-2.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "dyingbreeds_" "2025-05-08 04:28:23", "1518271", "razesec.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.35.218.205+razesec.com", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "dyingbreeds_" "2025-05-08 04:28:21", "1518272", "dotfoods.socalmediazone.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "2025-05-08 04:01:08", "100", "https://search.censys.io/hosts/104.21.59.57+dotfoods.socalmediazone.com", "AS13335,C2,censys,CLOUDFLARENET,Hookbot", "0", "dyingbreeds_" "2025-05-08 04:28:20", "1518273", "sci.socalmediazone.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "2025-05-08 04:01:09", "100", "https://search.censys.io/hosts/172.67.215.33+sci.socalmediazone.com", "AS13335,C2,censys,CLOUDFLARENET,Hookbot", "0", "dyingbreeds_" "2025-05-08 04:28:19", "1518275", "45.11.229.12:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-05-08 04:01:26", "100", "https://search.censys.io/hosts/45.11.229.12", "AS58087,C2,censys,FLORIANKOLB", "0", "dyingbreeds_" "2025-05-08 04:28:19", "1518276", "159.69.199.17:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/159.69.199.17", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:18", "1518277", "3.141.231.53:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.141.231.53", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:16", "1518278", "15.164.18.179:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/15.164.18.179", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:15", "1518279", "203.193.174.94:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.193.174.94", "AS7633,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:14", "1518280", "46.38.254.23:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/46.38.254.23", "AS197540,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:13", "1518281", "4.237.239.110:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/4.237.239.110", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:13", "1518282", "34.249.182.250:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.249.182.250", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:11", "1518283", "52.210.91.186:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.210.91.186", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:11", "1518284", "146.190.118.96:1234", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/146.190.118.96", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:10", "1518285", "38.55.198.29:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/38.55.198.29", "AS139659,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:09", "1518286", "124.71.7.106:10002", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/124.71.7.106", "AS55990,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:08", "1518287", "192.241.135.51:1234", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/192.241.135.51", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:07", "1518288", "43.135.76.103:9999", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/43.135.76.103", "AS132203,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:06", "1518289", "1.92.158.252:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/1.92.158.252", "AS55990,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:05", "1518290", "117.88.102.214:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/117.88.102.214", "AS134756,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:04", "1518291", "37.27.242.2:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/37.27.242.2", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:03", "1518292", "188.166.255.201:1724", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/188.166.255.201", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:02", "1518293", "103.175.217.17:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.175.217.17", "AS133800,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:01", "1518294", "3.39.87.72:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.39.87.72", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:28:00", "1518295", "13.124.234.4:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.124.234.4", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-05-08 04:27:57", "1518107", "aimpes.com", "domain", "payload_delivery", "js.kongtuke", "None", "KongTuke", "2025-05-08 16:10:10", "100", "https://infosec.exchange/@monitorsg/114468130743188269", "KongTuke", "0", "monitorsg" "2025-05-08 04:27:56", "1518108", "https://aimpes.com/js.php", "url", "payload_delivery", "js.kongtuke", "None", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/114468130743188269", "KongTuke", "0", "monitorsg" "2025-05-08 04:27:55", "1518109", "https://tchmitt.live/log/in", "url", "payload_delivery", "js.kongtuke", "None", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/114468130743188269", "KongTuke", "0", "monitorsg" "2025-05-08 04:27:54", "1518110", "tchmitt.live", "domain", "payload_delivery", "js.kongtuke", "None", "KongTuke", "2025-05-08 08:10:17", "100", "https://infosec.exchange/@monitorsg/114468130743188269", "KongTuke", "0", "monitorsg" "2025-05-08 04:27:53", "1518111", "gfddx.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-07 19:23:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 04:27:51", "1518106", "https://aimpes.com/6t4g.js", "url", "payload_delivery", "js.kongtuke", "None", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/114468130743188269", "KongTuke", "0", "monitorsg" "2025-05-08 04:27:50", "1518100", "ntmmh.run", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-05-07 18:21:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-05-08 04:00:46", "1518274", "89.40.31.57:9373", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-05-10 00:54:54", "100", "https://search.censys.io/hosts/89.40.31.57", "AS215117,C2,censys,HOSTERDADDY,RAT,Remcos", "0", "DonPasci" "2025-05-08 03:10:21", "1518262", "https://insidegrah.run/ieop", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/50024331ee5446199550aeee0e77fa75d2f971ab1b1188ebb780467cf73ce360/", "lumma", "0", "abuse_ch" "2025-05-08 03:10:16", "1518261", "https://agrizzlqzuk.live/qhbu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/50024331ee5446199550aeee0e77fa75d2f971ab1b1188ebb780467cf73ce360/", "lumma", "0", "abuse_ch" "2025-05-08 03:10:15", "1518260", "https://2vecturar.top/zsia", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/50024331ee5446199550aeee0e77fa75d2f971ab1b1188ebb780467cf73ce360/", "lumma", "0", "abuse_ch" "2025-05-08 02:56:11", "1518258", "192.3.12.168:43256", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:57:10", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-08 02:56:11", "1518259", "192.3.12.168:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:57:10", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-08 02:55:41", "1518257", "152.42.199.84:1089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-05-09 23:56:36", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-08 02:15:13", "1518255", "46.246.84.12:7046", "ip:port", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "None", "Vjw0rm", "0", "abuse_ch" "2025-05-08 02:15:13", "1518256", "46.246.84.12:2703", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-05-08 02:15:12", "1518254", "http://chongmei33.myddns.rocks:7046/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" # Number of entries: 749