################################################################
# ThreatFox IOCs: recent additions - CSV format                #
# Last updated: 2025-12-14 16:01:41 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2025-12-14 16:01:41", "1678913", "139.59.116.230:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/139.59.116.230", "AS14061,C2,censys,clickfix,DIGITALOCEAN-ASN,first-stage", "0", "DonPasci"
"2025-12-14 16:01:34", "1678912", "34.229.140.12:8000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/34.229.140.12", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 16:01:33", "1678911", "34.229.140.12:7000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/34.229.140.12", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 16:01:32", "1678909", "34.229.140.12:18100", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/34.229.140.12", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 16:01:32", "1678910", "34.229.140.12:60000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/34.229.140.12", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 16:01:31", "1678908", "34.229.140.12:9200", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/34.229.140.12", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 16:01:29", "1678907", "54.205.202.152:808", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.205.202.152", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 16:00:58", "1678906", "85.132.57.251:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/85.132.57.251", "AS215148,C2,censys,DT-CGW,Quasar,RAT", "0", "DonPasci"
"2025-12-14 16:00:52", "1678905", "162.243.28.13:11155", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/162.243.28.13", "AS14061,AsyncRAT,C2,censys,DIGITALOCEAN-ASN,RAT", "0", "DonPasci"
"2025-12-14 16:00:39", "1678904", "44.252.85.168:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/44.252.85.168", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci"
"2025-12-14 16:00:32", "1678903", "183.136.132.66:8080", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "https://search.censys.io/hosts/183.136.132.66", "AS136188,C2,censys,CHINATELECOM-ZHEJIANG-NINGBO-IDC,Gh0st,RAT", "0", "DonPasci"
"2025-12-14 15:58:06", "1678902", "gust.windc0de.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 15:58:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 15:48:42", "1678901", "route.netw1ng.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 15:49:52", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 15:45:11", "1678900", "193.161.193.99:62104", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch"
"2025-12-14 15:38:00", "1678899", "hub.netw1ng.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 15:39:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 15:27:44", "1678898", "link3.netw1ng.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 15:29:06", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 15:17:57", "1678897", "mesh.netw1ng.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 15:19:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 15:07:34", "1678896", "zeph1r.mintst0rm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 15:08:29", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 14:57:15", "1678890", "breeze.mintst0rm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 14:59:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 14:47:46", "1678889", "herb.mintst0rm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 14:54:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 14:37:08", "1678888", "nexus.bytefl0w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 14:43:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 14:26:53", "1678886", "trace.bytefl0w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 14:28:32", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 14:18:05", "1678885", "flux2.bytefl0w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 14:20:52", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 14:08:28", "1678884", "byte.bytefl0w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 14:11:13", "100", "None", "clearfake", "1", "ttakvam"
"2025-12-14 13:57:34", "1678882", "shard.datash1ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 13:58:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 13:47:43", "1678881", "index.datash1ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 13:48:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 13:38:40", "1678880", "cache.datash1ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 13:43:15", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 13:27:19", "1678879", "stream3.datash1ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 13:33:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 13:18:06", "1678878", "delta.datash1ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 13:24:24", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 13:15:11", "1678877", "193.161.193.99:34712", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch"
"2025-12-14 13:08:17", "1678677", "zen.cloudv1be.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 13:09:36", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:58:03", "1678676", "altos.cloudv1be.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:59:36", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:49:58", "1678675", "43.160.202.246:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-12-14 15:50:39", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch"
"2025-12-14 12:47:37", "1678674", "nimbus5.cloudv1be.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:48:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:37:53", "1678673", "cirrus.cloudv1be.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:39:07", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:27:37", "1678672", "6ifg.mistybyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:34:29", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:17:18", "1678671", "whx.mistybyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:19:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:07:32", "1678670", "tq.mistybyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:09:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 12:01:37", "1678668", "79.45.101.40:4444", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/79.45.101.40", "AS3269,ASN-IBSNAZ,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 12:01:37", "1678669", "199.101.111.209:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/199.101.111.209", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 12:01:27", "1678667", "5.255.103.171:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/5.255.103.171", "AS60404,C2,censys,Gafgyt,LITESERVER,open-dir", "0", "DonPasci"
"2025-12-14 12:01:19", "1678666", "ekmeowprogram.ddns.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251214-ns8gpaxpdt", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-12-14 12:01:06", "1678665", "app.castlerocks.za.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-14 12:01:07", "100", "https://tria.ge/251214-h48nyaslfj", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-12-14 12:01:04", "1678664", "95.113.168.128:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/95.113.168.128", "AS6805,C2,censys,Mythic,TDDE-ASN1", "0", "DonPasci"
"2025-12-14 12:01:00", "1678663", "185.11.61.69:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/185.11.61.69", "AS57523,C2,censys,CHANGWAY-AS,RAT,Sectop", "0", "DonPasci"
"2025-12-14 12:00:48", "1678662", "194.59.30.9:8000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/194.59.30.9", "AS399486,C2,censys,open-dir,payload,Sliver,VIRTUO", "0", "DonPasci"
"2025-12-14 12:00:38", "1678661", "http://webmail.revitpourtous.com:53/filestreamingservice/files/6ea77424-b4f6-4a77", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/05c944314d0c39b3f389a6ed36b5adc5f2d8521b5a1d9a82d2f36ab1acbbce87/", "cobaltstrike", "0", "abuse_ch"
"2025-12-14 12:00:33", "1678660", "http://mail.revitpourtous.com:53/filestreamingservice/files/6ea77424-b4f6-4a77", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/05c944314d0c39b3f389a6ed36b5adc5f2d8521b5a1d9a82d2f36ab1acbbce87/", "cobaltstrike", "0", "abuse_ch"
"2025-12-14 12:00:26", "1678659", "n7xbtfikx.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251214-jdjskaslfq", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-14 12:00:25", "1678658", "ellu2222-37691.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251214-la1m1sfw6c", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-14 12:00:22", "1678657", "S2eeka-62143.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-12-14 12:00:24", "100", "https://tria.ge/251214-n1qlvaxqav", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-14 11:58:14", "1678656", "rock.mistybyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 12:04:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 11:55:02", "1678655", "66.49.168.90:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch"
"2025-12-14 11:50:12", "1678654", "193.161.193.99:62143", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch"
"2025-12-14 11:50:05", "1678653", "http://nightlume.xyz/eternalPythonJavascript_LinuxDownloads.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch"
"2025-12-14 11:47:24", "1678652", "jq.darkbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 11:48:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 11:39:31", "1678641", "156.234.216.177:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 12:00:15", "100", "https://search.censys.io/hosts/156.234.216.177", "AS138415,C2,censys", "0", "dyingbreeds_"
"2025-12-14 11:39:31", "1678645", "156.67.26.237:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/156.67.26.237", "AS51167,Botnet,byob,C2,censys,CONTABO", "0", "dyingbreeds_"
"2025-12-14 11:39:30", "1678613", "castlerocks.za.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://www.capesandbox.com/analysis/44589/", "AsyncRAT,botnet,c2,Dcrat", "0", "Amethyste"
"2025-12-14 11:39:29", "1678643", "181.214.100.68:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 12:00:46", "90", "https://search.censys.io/hosts/181.214.100.68", "AS21859,C2,censys,ZEN-ECN", "0", "dyingbreeds_"
"2025-12-14 11:39:28", "1678644", "1.55.101.190:443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-14 12:01:06", "100", "https://search.censys.io/hosts/1.55.101.190", "AS18403,C2,censys,RAT", "0", "dyingbreeds_"
"2025-12-14 11:39:28", "1678646", "173.212.250.92:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/173.212.250.92", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-12-14 11:39:27", "1678647", "34.136.172.215:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.136.172.215", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-12-14 11:39:27", "1678648", "188.119.123.91:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/188.119.123.91", "AS62005,BV-EU-AS,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-12-14 11:35:00", "1678651", "byte.darkbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 11:42:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 11:26:46", "1678650", "hog.darkbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 11:28:09", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 11:17:02", "1678649", "4n.darkbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 11:18:43", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 11:00:37", "1678642", "crest.rockstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 11:02:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:57:24", "1678640", "mist.rockstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:58:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:47:39", "1678639", "5wnc.rockstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:52:44", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:37:23", "1678638", "delta.rockstorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:38:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:27:03", "1678637", "ab.clearl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:32:10", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:17:10", "1678636", "nexus.clearl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:23:52", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 10:05:05", "1678635", "wt.clearl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 10:10:16", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:57:52", "1678634", "lj.clearl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:58:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:47:30", "1678633", "po1y8.windst0ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:48:23", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:37:44", "1678632", "hfe.windst0ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:44:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:28:27", "1678631", "556.windst0ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:30:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:17:38", "1678630", "gc31.windst0ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:25:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 09:09:18", "1678629", "field.wild5ky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:10:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:57:03", "1678628", "13rv.wild5ky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 09:07:24", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:47:09", "1678627", "63oi.wild5ky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 08:49:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:45:35", "1678626", "195.20.17.33:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:45:58", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-12-14 08:37:56", "1678625", "q5.wild5ky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 08:43:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:28:04", "1678624", "ember.bluef1re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 08:29:20", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:18:01", "1678623", "trace.bluef1re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 08:19:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:07:29", "1678622", "clear.bluef1re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 08:09:06", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 08:02:32", "1678621", "45.93.20.50:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.93.20.50", "AS57523,C2,censys,CHANGWAY-AS,clickfix,first-stage", "0", "DonPasci"
"2025-12-14 08:02:25", "1678620", "54.83.104.76:2405", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.83.104.76", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 08:02:24", "1678619", "103.177.47.147:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.147", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 08:02:00", "1678618", "3.114.19.102:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "100", "https://search.censys.io/hosts/3.114.19.102", "AMAZON-02,AS16509,BRC4,C2,censys", "0", "DonPasci"
"2025-12-14 08:01:48", "1678617", "144.126.149.104:20300", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-14 11:00:52", "100", "https://search.censys.io/hosts/144.126.149.104", "AS40021,AsyncRAT,C2,censys,CONTABO-40021,RAT", "0", "DonPasci"
"2025-12-14 08:00:13", "1678616", "156.234.101.163:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:31", "100", "https://search.censys.io/hosts/156.234.101.163", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-14 08:00:12", "1678615", "156.234.101.170:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 11:00:09", "100", "https://search.censys.io/hosts/156.234.101.170", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-14 07:57:43", "1678614", "beta.bluef1re.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:59:02", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 07:47:26", "1678612", "mcx.deepcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:49:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 07:46:23", "1678611", "w2li.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "abuse_ch"
"2025-12-14 07:46:21", "1678609", "http://w2li.xyz/8f42fdde60222ec1.node", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/url/3733407/", "ClickFix", "0", "abuse_ch"
"2025-12-14 07:46:21", "1678610", "http://w2li.xyz/uploads/09aeb1c5c233f36f.dll", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/url/3733407/", "ClickFix", "0", "abuse_ch"
"2025-12-14 07:46:20", "1678607", "http://w2li.xyz/health", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/url/3733407/", "ClickFix", "0", "abuse_ch"
"2025-12-14 07:46:20", "1678608", "http://w2li.xyz/conn", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/url/3733407/", "ClickFix", "0", "abuse_ch"
"2025-12-14 07:45:26", "1678606", "204.77.130.20:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-12-14 07:45:16", "1678605", "115.190.238.185:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-12-14 07:45:14", "1678604", "39.104.81.39:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2025-12-14 07:45:10", "1678603", "111.231.11.55:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-12-14 07:39:17", "1678602", "159.65.222.92:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-14 07:38:15", "1678601", "https://steamcommunity.com/profiles/76561199877608270/", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/a29828923481108b477df9f34543d24a8f1898e0c96386fcc4b20ed57bd8aff7/", "dropped-by-amadey", "0", "abuse_ch"
"2025-12-14 07:37:09", "1678600", "wqu5.deepcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:38:51", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 07:27:23", "1678599", "wind.deepcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:33:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 07:18:55", "1678598", "5nr.deepcl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:19:17", "100", "None", "clearfake", "1", "ttakvam"
"2025-12-14 07:16:58", "1678597", "myrepis.gd", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://bazaar.abuse.ch/sample/80809b3c28022cad38c37667c082ed755561f7d5bfd5cf6415cb6bf0211a2e2a/", "Mirai", "0", "abuse_ch"
"2025-12-14 07:14:51", "1678596", "87.121.84.60:9772", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/f49281b2686733db50a17808ac43aca8e492aef199c8b36422301058534be88c/", "Mirai", "0", "abuse_ch"
"2025-12-14 07:13:10", "1678595", "213.209.143.76:18129", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/d89594e6f9072780b3847372b7d1ea66407f2aa2c6f943e4d1f33f36db76839c/", "Mirai", "0", "abuse_ch"
"2025-12-14 07:07:24", "1678594", "16.163.15.152:5676", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "https://bazaar.abuse.ch/sample/00949bc1410a9bd508bfb5fa6723e64292a79557531745247bc9c72359a7d1c1/", "RAT,ValleyRAT", "0", "abuse_ch"
"2025-12-14 07:07:22", "1678593", "yminsgdb.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://bazaar.abuse.ch/sample/00949bc1410a9bd508bfb5fa6723e64292a79557531745247bc9c72359a7d1c1/", "RAT,ValleyRAT", "0", "abuse_ch"
"2025-12-14 07:06:44", "1678592", "9q.raincr5st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:10:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 07:03:24", "1678590", "clothcrib.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch"
"2025-12-14 07:03:24", "1678591", "ricestar.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch"
"2025-12-14 07:01:35", "1678588", "relays.buziopoasbubu.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://bazaar.abuse.ch/sample/8f19d0c3444439ed0550153d6c8943ca343154706e473cd7f3458f7f82880c7d/", "ConnectWise,ScreenConnect", "0", "abuse_ch"
"2025-12-14 07:01:35", "1678589", "app.buziopoasbubu.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://bazaar.abuse.ch/sample/8f19d0c3444439ed0550153d6c8943ca343154706e473cd7f3458f7f82880c7d/", "ConnectWise,ScreenConnect", "0", "abuse_ch"
"2025-12-14 06:59:00", "1678587", "https://romeroaktorpalimpsest.com/16836-NEAR-War-Veteran-Memorial-Park", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/e2754bc0876932908aaeecb3479ee8e8d42a298268e32fc096310c520b0c02ac/", "ClickFix,DeerStealer", "0", "abuse_ch"
"2025-12-14 06:58:58", "1678586", "romeroaktorpalimpsest.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/e2754bc0876932908aaeecb3479ee8e8d42a298268e32fc096310c520b0c02ac/", "ClickFix,DeerStealer", "0", "abuse_ch"
"2025-12-14 06:57:54", "1678585", "wave.raincr5st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 07:00:04", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:47:40", "1678584", "mizh.raincr5st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 06:48:07", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:45:08", "1678583", "62.146.175.106:60010", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch"
"2025-12-14 06:37:20", "1678582", "qtf.raincr5st.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 06:38:33", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:27:31", "1678581", "wkt.softmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 06:33:42", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:17:16", "1678580", "y4uhk.softmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 06:19:05", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:08:00", "1678578", "soft.softmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 06:09:42", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 06:02:03", "1678577", "hellober-62592.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251214-becfwacm6t", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-12-14 06:01:51", "1678576", "87.242.106.13:1488", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251214-cecmbavqcx", "AS50340,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-14 06:00:15", "1678575", "4tqikdkjp.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251214-anerxscj3w", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-14 05:57:13", "1678574", "84u.softmint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:58:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 05:48:06", "1678573", "repositorylinux.site", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "CVE-2025-55182", "0", "abuse_ch"
"2025-12-14 05:47:56", "1678572", "cloud.stormf0x.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:54:30", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 05:37:05", "1678571", "mint.stormf0x.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:39:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 05:26:13", "1678180", "https://exoduwallet.io/exodus.exe", "url", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "100", "", "None", "0", "ninjacatcher"
"2025-12-14 05:26:12", "1678181", "01dc573ef5281f437fc225ccb0b47e2b5a54802b6f43798137be90ca5ef3ca52", "sha256_hash", "payload", "unknown_rat", "None", "Unknown RAT", "", "100", "", "None", "0", "ninjacatcher"
"2025-12-14 05:26:12", "1678455", "https://sotavpn.shop/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/sotavpn.shop", "ClickFix", "0", "CarsonWilliams"
"2025-12-14 05:26:09", "1678532", "45.13.225.72:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "None", "mirai", "0", "seckle"
"2025-12-14 05:26:08", "1678535", "tvlounge.aw", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://analytics.dugganusa.com", "None", "0", "duggusa"
"2025-12-14 05:26:08", "1678536", "associacaodejudosi.org", "domain", "payload_delivery", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://analytics.dugganusa.com", "None", "0", "duggusa"
"2025-12-14 05:26:07", "1678537", "asos1.net", "domain", "payload_delivery", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://analytics.dugganusa.com", "None", "0", "duggusa"
"2025-12-14 05:26:07", "1678542", "microsoft.shopmzx.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-12-14 06:01:52", "100", "https://bazaar.abuse.ch/sample/e36f23a8fa59e0d256c28bb433e5e357fe43b5eb14651bc983ef9c043ed25cc2/", "botnet,c2,DcRAT", "1", "Aumeg"
"2025-12-14 05:26:05", "1678543", "verify.shopmzx.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://bazaar.abuse.ch/sample/e36f23a8fa59e0d256c28bb433e5e357fe43b5eb14651bc983ef9c043ed25cc2/", "botnet,c2,DcRAT", "1", "Aumeg"
"2025-12-14 05:26:05", "1678565", "https://smtp.xn--80adx0bza.xn--80aphgvco4b.xn--p1ai/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/smtp.xn--80adx0bza.xn--80aphgvco4b.xn--p1ai", "ClickFix", "0", "CarsonWilliams"
"2025-12-14 05:26:04", "1678566", "https://theinvestworthy.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/theinvestworthy.com", "ClickFix", "0", "CarsonWilliams"
"2025-12-14 05:22:41", "1678570", "storm.stormf0x.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:28:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 05:17:23", "1678569", "ch.stormf0x.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:19:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 05:10:03", "1678568", "91.238.104.82:1604", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch"
"2025-12-14 05:07:39", "1678567", "mix.kettle-wisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:14:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:58:23", "1678564", "fizz.kettle-wisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 05:04:02", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:47:03", "1678563", "odd.kettle-wisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 04:47:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:32:08", "1678562", "cask.kettle-wisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 04:34:43", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:27:59", "1678561", "ejt0w.kettlewisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 04:29:07", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:13:08", "1678560", "89pdo.kettlewisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 04:13:40", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:07:51", "1678559", "r2k.kettlewisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 04:10:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 04:01:36", "1678558", "139.59.116.230:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/139.59.116.230", "AS14061,C2,censys,clickfix,DIGITALOCEAN-ASN,first-stage", "0", "DonPasci"
"2025-12-14 04:01:29", "1678557", "199.101.109.57:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/199.101.109.57", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 04:00:58", "1678556", "54.169.194.248:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-14 15:47:32", "100", "https://search.censys.io/hosts/54.169.194.248", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci"
"2025-12-14 04:00:53", "1678554", "107.172.31.101:9918", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-14 15:43:30", "100", "https://search.censys.io/hosts/107.172.31.101", "AS-COLOCROSSING,AS36352,AsyncRAT,C2,censys,RAT", "0", "DonPasci"
"2025-12-14 04:00:53", "1678555", "178.16.53.119:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-14 15:45:11", "100", "https://search.censys.io/hosts/178.16.53.119", "AS214943,AsyncRAT,C2,censys,RAILNET,RAT", "0", "DonPasci"
"2025-12-14 04:00:51", "1678553", "154.222.18.152:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-14 11:00:51", "100", "https://search.censys.io/hosts/154.222.18.152", "AS401701,C2,censys,COGNETCLOUD-2,Supershell", "0", "DonPasci"
"2025-12-14 04:00:15", "1678552", "149.104.30.242:20443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 11:00:11", "100", "https://search.censys.io/hosts/149.104.30.242", "AS139659,C2,censys,CobaltStrike,cs-watermark-666666666,LUCID-AS-AP", "0", "DonPasci"
"2025-12-14 04:00:12", "1678551", "156.234.101.168:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:32", "100", "https://search.censys.io/hosts/156.234.101.168", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-14 04:00:11", "1678550", "156.234.145.52:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:39", "100", "https://search.censys.io/hosts/156.234.145.52", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-14 03:57:25", "1678549", "beta.kettlewisp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:59:42", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 03:46:41", "1678548", "ajpl.ripple-cask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:48:21", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 03:37:25", "1678547", "glitch.ripple-cask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:40:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 03:27:02", "1678546", "75z.ripple-cask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:28:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 03:17:19", "1678545", "d6gu.ripple-cask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:18:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 03:07:00", "1678544", "orbit.v0lticrum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:13:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:58:11", "1678541", "vjsjr.v0lticrum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 03:00:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:46:48", "1678540", "v7rg.v0lticrum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:48:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:37:31", "1678539", "nova.v0lticrum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:40:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:27:43", "1678538", "h4o.snare-plum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:29:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:17:29", "1678534", "qfbmr.snare-plum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:22:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 02:15:07", "1678533", "http://towerbingobongoboom.com:8080/updater?for=72CFA65519C25A05C2556FCC010387FC", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "GoProxy", "0", "abuse_ch"
"2025-12-14 02:07:09", "1678531", "paper.snare-plum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:08:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:55:17", "1678530", "trace.snare-plum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 02:00:52", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:48:04", "1678529", "fax.gl1tchloam.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 01:48:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:37:23", "1678528", "sp5.gl1tchloam.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 01:38:26", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:27:58", "1678527", "xc2i.gl1tchloam.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 01:28:23", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:17:01", "1678526", "pkxq.gl1tchloam.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 01:23:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 01:07:49", "1678525", "rfz.snareplum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 01:09:04", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:57:27", "1678524", "hth.snareplum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:59:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:47:37", "1678523", "patch.snareplum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:50:44", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:37:25", "1678522", "vx7.snareplum.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:38:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:27:02", "1678521", "bmz0.ripplecask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:32:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:14:08", "1678520", "omega.ripplecask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:16:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:06:58", "1678519", "crum.ripplecask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-14 00:09:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-14 00:03:35", "1678518", "13.213.128.58:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.213.128.58", "AMAZON-02,AS16509,C2,censys,clickfix,first-stage", "0", "DonPasci"
"2025-12-14 00:03:34", "1678517", "89.111.149.164:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/89.111.149.164", "AS48287,C2,censys,clickfix,first-stage,RU-CENTER", "0", "DonPasci"
"2025-12-14 00:03:27", "1678516", "199.101.111.88:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/199.101.111.88", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 00:03:26", "1678515", "3.85.108.239:465", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/3.85.108.239", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-14 00:02:21", "1678514", "31.56.27.19:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/31.56.27.19", "AS56971,C2,censys,RAT,Sectop", "0", "DonPasci"
"2025-12-14 00:02:03", "1678513", "109.123.227.146:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-14 15:43:37", "100", "https://search.censys.io/hosts/109.123.227.146", "AS141995,C2,CAPL-AS-AP,censys,RAT,Remcos", "0", "DonPasci"
"2025-12-13 23:57:09", "1678512", "ripple.ripplecask.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:59:07", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 23:47:49", "1678511", "33zy.quenchorbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:50:16", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 23:37:32", "1678510", "jd.quenchorbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:41:09", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 23:27:42", "1678509", "knurl.quenchorbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:33:21", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 23:17:23", "1678508", "gamma.quenchorbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:19:52", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 23:07:06", "1678507", "3mu0h.paper-knurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 23:10:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:58:18", "1678468", "94u4p.paper-knurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:59:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:43:58", "1678467", "pixel.paper-knurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:51:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:39:45", "1678466", "shift.paper-knurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:42:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:37:09", "1678465", "tkn.zigm0scope.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:37:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:27:49", "1678464", "tureq.zigm0scope.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:33:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:11:29", "1678463", "2df.zigm0scope.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:14:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 22:07:48", "1678462", "le2.zigm0scope.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 22:09:44", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:57:29", "1678461", "zig.quench-orbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:59:06", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:41:01", "1678460", "h7rl1.quench-orbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:42:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:37:22", "1678459", "alpha.quench-orbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:38:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:28:05", "1678458", "delta.quench-orbit.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:30:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:18:23", "1678457", "volt.m1xthatch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:20:24", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:07:57", "1678456", "5br.m1xthatch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 21:10:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 21:00:04", "1678454", "137.220.152.212:5178", "ip:port", "botnet_cc", "win.nworm", "nw0rm,NWorm", "N-W0rm", "", "100", "None", "N-W0rm", "0", "abuse_ch"
"2025-12-13 20:57:44", "1678453", "kettle.m1xthatch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:58:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:47:50", "1678452", "thatch.m1xthatch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:49:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:37:34", "1678451", "psmds.br1stlefax.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:44:49", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:27:20", "1678450", "ped.br1stlefax.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:29:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:18:36", "1678449", "plum.br1stlefax.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:20:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:07:17", "1678448", "spark.br1stlefax.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:09:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 20:04:26", "1678447", "45.93.20.50:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.93.20.50", "AS57523,C2,censys,CHANGWAY-AS,clickfix,first-stage", "0", "DonPasci"
"2025-12-13 20:04:23", "1678446", "51.79.73.237:8081", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/51.79.73.237", "AS16276,C2,censys,OVH,Starkillerc2", "0", "DonPasci"
"2025-12-13 20:04:22", "1678445", "51.79.73.237:80", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/51.79.73.237", "AS16276,C2,censys,OVH,PowershellEmpire", "0", "DonPasci"
"2025-12-13 20:04:18", "1678443", "54.226.9.14:8443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.226.9.14", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 20:04:18", "1678444", "54.159.7.215:8013", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.159.7.215", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 20:04:17", "1678440", "3.89.30.186:50995", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/3.89.30.186", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 20:04:17", "1678441", "54.226.9.14:43", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.226.9.14", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 20:04:17", "1678442", "54.226.9.14:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.226.9.14", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 20:04:16", "1678438", "3.89.30.186:18245", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/3.89.30.186", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 20:04:16", "1678439", "3.89.30.186:41795", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/3.89.30.186", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 20:04:15", "1678437", "45.227.254.130:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/45.227.254.130", "AS267784,C2,censys,Flyservers,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 20:04:11", "1678435", "43.103.2.130:6443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/43.103.2.130", "AdaptixC2,ALIBABA-CN-NET,AS45102,C2,censys", "0", "DonPasci"
"2025-12-13 20:04:11", "1678436", "148.253.212.135:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/148.253.212.135", "AdaptixC2,AS216129,C2,censys,GUARDNETWORK-AS", "0", "DonPasci"
"2025-12-13 20:03:29", "1678434", "github.u9myanmar.store", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-13 23:01:48", "100", "https://search.censys.io/hosts/170.168.89.225+github.u9myanmar.store", "AS-GLOBALTELEHOST,AS63023,censys,EvilGinx,panel,Phishing", "0", "DonPasci"
"2025-12-13 20:03:27", "1678433", "193.233.202.239:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-12-13 23:01:40", "100", "https://search.censys.io/hosts/193.233.202.239", "ALEXHOST,AS200019,C2,censys,moobot", "0", "DonPasci"
"2025-12-13 20:03:24", "1678432", "92.63.106.145:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://search.censys.io/hosts/92.63.106.145", "AS29182,C2,censys,RU-JSCIOT,Stealc,Stealer", "0", "DonPasci"
"2025-12-13 20:02:44", "1678430", "credcoopbeneficios.shop", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-13 23:01:27", "100", "https://search.censys.io/hosts/185.208.159.162+credcoopbeneficios.shop", "AS42624,C2,censys,Havoc,SWISSNETWORK02", "0", "DonPasci"
"2025-12-13 20:02:44", "1678431", "176.117.107.175:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-14 15:45:04", "100", "https://search.censys.io/hosts/176.117.107.175", "AS208191,C2,censys,GOHOST,Havoc", "0", "DonPasci"
"2025-12-13 20:02:42", "1678429", "159.223.52.78:9899", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-13 23:01:25", "100", "https://search.censys.io/hosts/159.223.52.78", "AS14061,C2,censys,DIGITALOCEAN-ASN,Quasar,RAT", "0", "DonPasci"
"2025-12-13 20:02:41", "1678427", "80.66.72.158:8082", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-12-13 23:01:23", "100", "https://search.censys.io/hosts/80.66.72.158", "AS215540,C2,censys,GCS-AS,Hookbot", "0", "DonPasci"
"2025-12-13 20:02:41", "1678428", "80.66.72.158:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-12-13 23:01:23", "100", "https://search.censys.io/hosts/80.66.72.158", "AS215540,C2,censys,GCS-AS,Hookbot", "0", "DonPasci"
"2025-12-13 20:02:40", "1678426", "45.156.27.23:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-14 15:47:08", "100", "https://search.censys.io/hosts/45.156.27.23", "AS56971,C2,censys,Mythic", "0", "DonPasci"
"2025-12-13 20:02:33", "1678425", "107.175.159.252:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-13 23:01:17", "100", "https://search.censys.io/hosts/107.175.159.252", "AS-COLOCROSSING,AS36352,C2,censys,Supershell", "0", "DonPasci"
"2025-12-13 20:02:24", "1678424", "3.36.64.174:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/3.36.64.174", "AMAZON-02,AS16509,C2,censys,open-dir,payload,Sliver", "0", "DonPasci"
"2025-12-13 20:02:23", "1678422", "178.16.52.92:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:45:10", "100", "https://search.censys.io/hosts/178.16.52.92", "AS214943,C2,censys,RAILNET,Sliver", "0", "DonPasci"
"2025-12-13 20:02:23", "1678423", "13.247.77.239:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:43:49", "100", "https://search.censys.io/hosts/13.247.77.239", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci"
"2025-12-13 20:02:22", "1678419", "178.16.52.91:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:45:09", "100", "https://search.censys.io/hosts/178.16.52.91", "AS214943,C2,censys,RAILNET,Sliver", "0", "DonPasci"
"2025-12-13 20:02:22", "1678420", "178.16.52.94:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:45:10", "100", "https://search.censys.io/hosts/178.16.52.94", "AS214943,C2,censys,RAILNET,Sliver", "0", "DonPasci"
"2025-12-13 20:02:22", "1678421", "178.16.52.53:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:45:09", "100", "https://search.censys.io/hosts/178.16.52.53", "AS214943,C2,censys,RAILNET,Sliver", "0", "DonPasci"
"2025-12-13 20:01:26", "1678417", "45.121.50.136:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:35", "100", "https://search.censys.io/hosts/45.121.50.136", "AS31972,C2,censys,CobaltStrike,cs-watermark-666666666,EMGINECONCEPT-01", "0", "DonPasci"
"2025-12-13 20:01:26", "1678418", "154.219.109.205:849", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:01", "100", "https://search.censys.io/hosts/154.219.109.205", "AS401701,C2,censys,CobaltStrike,COGNETCLOUD-2,cs-watermark-666666666", "0", "DonPasci"
"2025-12-13 20:01:25", "1678416", "45.121.50.136:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:34", "100", "https://search.censys.io/hosts/45.121.50.136", "AS31972,C2,censys,CobaltStrike,cs-watermark-666666666,EMGINECONCEPT-01", "0", "DonPasci"
"2025-12-13 20:01:22", "1678414", "23.235.187.66:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:07", "100", "https://search.censys.io/hosts/23.235.187.66", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:22", "1678415", "23.235.188.26:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:06", "100", "https://search.censys.io/hosts/23.235.188.26", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:21", "1678410", "23.226.48.203:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:06", "100", "https://search.censys.io/hosts/23.226.48.203", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:21", "1678411", "156.234.145.41:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:37", "100", "https://search.censys.io/hosts/156.234.145.41", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:21", "1678412", "23.235.188.1:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:06", "100", "https://search.censys.io/hosts/23.235.188.1", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:21", "1678413", "156.234.101.183:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:34", "100", "https://search.censys.io/hosts/156.234.101.183", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:20", "1678407", "156.234.101.174:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:33", "100", "https://search.censys.io/hosts/156.234.101.174", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:20", "1678408", "23.248.237.43:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:07", "100", "https://search.censys.io/hosts/23.248.237.43", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:20", "1678409", "23.235.188.28:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:07", "100", "https://search.censys.io/hosts/23.235.188.28", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:19", "1678404", "23.248.214.17:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:21", "100", "https://search.censys.io/hosts/23.248.214.17", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:19", "1678405", "23.248.214.8:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:23", "100", "https://search.censys.io/hosts/23.248.214.8", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:19", "1678406", "156.234.145.36:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:36", "100", "https://search.censys.io/hosts/156.234.145.36", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:18", "1678401", "23.235.188.4:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:57", "100", "https://search.censys.io/hosts/23.235.188.4", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:18", "1678402", "23.235.188.29:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:19", "100", "https://search.censys.io/hosts/23.235.188.29", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:18", "1678403", "156.234.145.49:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:55", "100", "https://search.censys.io/hosts/156.234.145.49", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:17", "1678399", "156.234.101.184:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:34", "100", "https://search.censys.io/hosts/156.234.101.184", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:17", "1678400", "23.248.214.24:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:57", "100", "https://search.censys.io/hosts/23.248.214.24", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:16", "1678396", "23.235.188.25:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:49", "100", "https://search.censys.io/hosts/23.235.188.25", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:16", "1678397", "156.234.101.177:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:33", "100", "https://search.censys.io/hosts/156.234.101.177", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:16", "1678398", "23.248.214.7:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:23", "100", "https://search.censys.io/hosts/23.248.214.7", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:15", "1678392", "156.234.101.188:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:35", "100", "https://search.censys.io/hosts/156.234.101.188", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:15", "1678393", "23.226.48.197:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:01", "100", "https://search.censys.io/hosts/23.226.48.197", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:15", "1678394", "23.226.48.194:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:02", "100", "https://search.censys.io/hosts/23.226.48.194", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:15", "1678395", "23.248.214.27:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:48", "100", "https://search.censys.io/hosts/23.248.214.27", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:14", "1678389", "23.235.188.27:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:19", "100", "https://search.censys.io/hosts/23.235.188.27", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:14", "1678390", "156.234.101.190:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:35", "100", "https://search.censys.io/hosts/156.234.101.190", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:14", "1678391", "23.235.188.30:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:19", "100", "https://search.censys.io/hosts/23.235.188.30", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:13", "1678386", "156.234.145.61:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:40", "100", "https://search.censys.io/hosts/156.234.145.61", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:13", "1678387", "23.235.188.12:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:55", "100", "https://search.censys.io/hosts/23.235.188.12", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:13", "1678388", "156.234.145.53:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:39", "100", "https://search.censys.io/hosts/156.234.145.53", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:12", "1678383", "156.234.101.176:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:33", "100", "https://search.censys.io/hosts/156.234.101.176", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:12", "1678384", "23.226.48.207:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:11", "100", "https://search.censys.io/hosts/23.226.48.207", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:12", "1678385", "23.235.188.24:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:18", "100", "https://search.censys.io/hosts/23.235.188.24", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:11", "1678380", "23.248.214.30:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:03", "100", "https://search.censys.io/hosts/23.248.214.30", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:11", "1678381", "156.234.145.44:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:37", "100", "https://search.censys.io/hosts/156.234.145.44", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:11", "1678382", "23.235.188.18:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:17", "100", "https://search.censys.io/hosts/23.235.188.18", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:10", "1678378", "156.234.145.55:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:39", "100", "https://search.censys.io/hosts/156.234.145.55", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:10", "1678379", "156.234.252.94:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:49", "100", "https://search.censys.io/hosts/156.234.252.94", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:09", "1678375", "23.235.188.3:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:19", "100", "https://search.censys.io/hosts/23.235.188.3", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:09", "1678376", "23.226.48.215:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:11", "100", "https://search.censys.io/hosts/23.226.48.215", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:09", "1678377", "156.234.252.84:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:00", "100", "https://search.censys.io/hosts/156.234.252.84", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:08", "1678372", "23.226.48.200:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:59", "100", "https://search.censys.io/hosts/23.226.48.200", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:08", "1678373", "156.234.101.164:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:31", "100", "https://search.censys.io/hosts/156.234.101.164", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:08", "1678374", "156.234.252.80:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:46", "100", "https://search.censys.io/hosts/156.234.252.80", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:07", "1678368", "23.235.187.84:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:03", "100", "https://search.censys.io/hosts/23.235.187.84", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:07", "1678369", "23.248.214.28:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:02", "100", "https://search.censys.io/hosts/23.248.214.28", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:07", "1678370", "156.234.101.182:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:34", "100", "https://search.censys.io/hosts/156.234.101.182", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:07", "1678371", "23.235.187.82:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:14", "100", "https://search.censys.io/hosts/23.235.187.82", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:06", "1678365", "23.235.187.81:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:14", "100", "https://search.censys.io/hosts/23.235.187.81", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:06", "1678366", "156.234.101.189:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:35", "100", "https://search.censys.io/hosts/156.234.101.189", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:06", "1678367", "156.234.145.56:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:03", "100", "https://search.censys.io/hosts/156.234.145.56", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:05", "1678362", "23.235.188.7:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:20", "100", "https://search.censys.io/hosts/23.235.188.7", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:05", "1678363", "23.235.187.89:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:50", "100", "https://search.censys.io/hosts/23.235.187.89", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:05", "1678364", "23.248.237.45:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:49", "100", "https://search.censys.io/hosts/23.248.237.45", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:04", "1678359", "23.248.214.10:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:43", "100", "https://search.censys.io/hosts/23.248.214.10", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:04", "1678360", "23.226.48.218:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:12", "100", "https://search.censys.io/hosts/23.226.48.218", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:04", "1678361", "156.234.101.186:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:31", "100", "https://search.censys.io/hosts/156.234.101.186", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:03", "1678356", "23.226.48.216:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:52", "100", "https://search.censys.io/hosts/23.226.48.216", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:03", "1678357", "23.226.48.204:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:10", "100", "https://search.censys.io/hosts/23.226.48.204", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:03", "1678358", "23.235.187.77:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:14", "100", "https://search.censys.io/hosts/23.235.187.77", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:02", "1678354", "23.235.188.5:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:52", "100", "https://search.censys.io/hosts/23.235.188.5", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:02", "1678355", "23.235.188.15:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:52", "100", "https://search.censys.io/hosts/23.235.188.15", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:01", "1678353", "156.234.145.57:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:40", "100", "https://search.censys.io/hosts/156.234.145.57", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:00", "1678351", "23.235.188.22:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:18", "100", "https://search.censys.io/hosts/23.235.188.22", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:01:00", "1678352", "156.234.101.166:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:31", "100", "https://search.censys.io/hosts/156.234.101.166", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:59", "1678350", "23.235.188.13:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:26", "100", "https://search.censys.io/hosts/23.235.188.13", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:58", "1678348", "23.235.188.2:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:38", "100", "https://search.censys.io/hosts/23.235.188.2", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:58", "1678349", "23.226.48.199:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:10", "100", "https://search.censys.io/hosts/23.226.48.199", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:57", "1678345", "23.235.187.85:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:15", "100", "https://search.censys.io/hosts/23.235.187.85", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:57", "1678346", "23.248.214.11:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:21", "100", "https://search.censys.io/hosts/23.248.214.11", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:57", "1678347", "23.226.48.201:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:10", "100", "https://search.censys.io/hosts/23.226.48.201", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:56", "1678343", "156.234.145.39:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:47", "100", "https://search.censys.io/hosts/156.234.145.39", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:56", "1678344", "156.234.145.40:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:37", "100", "https://search.censys.io/hosts/156.234.145.40", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:55", "1678340", "156.234.145.43:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:37", "100", "https://search.censys.io/hosts/156.234.145.43", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:55", "1678341", "23.235.163.200:9812", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:39", "100", "https://search.censys.io/hosts/23.235.163.200", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:55", "1678342", "23.226.48.220:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:12", "100", "https://search.censys.io/hosts/23.226.48.220", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:54", "1678337", "23.248.214.9:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:23", "100", "https://search.censys.io/hosts/23.248.214.9", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:54", "1678338", "23.226.48.210:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:11", "100", "https://search.censys.io/hosts/23.226.48.210", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:54", "1678339", "23.235.187.74:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:53", "100", "https://search.censys.io/hosts/23.235.187.74", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:53", "1678335", "156.234.145.51:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:39", "100", "https://search.censys.io/hosts/156.234.145.51", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:53", "1678336", "23.248.237.44:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:46", "100", "https://search.censys.io/hosts/23.248.237.44", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:52", "1678332", "156.234.252.87:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:47", "100", "https://search.censys.io/hosts/156.234.252.87", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:52", "1678333", "23.235.188.6:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:20", "100", "https://search.censys.io/hosts/23.235.188.6", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:52", "1678334", "156.234.101.187:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:35", "100", "https://search.censys.io/hosts/156.234.101.187", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:51", "1678329", "156.234.101.172:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:32", "100", "https://search.censys.io/hosts/156.234.101.172", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:51", "1678330", "156.234.252.90:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:48", "100", "https://search.censys.io/hosts/156.234.252.90", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:51", "1678331", "23.235.187.68:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:27", "100", "https://search.censys.io/hosts/23.235.187.68", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:50", "1678326", "156.234.101.185:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:34", "100", "https://search.censys.io/hosts/156.234.101.185", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:50", "1678327", "156.234.252.81:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:40", "100", "https://search.censys.io/hosts/156.234.252.81", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:50", "1678328", "23.235.187.71:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:40", "100", "https://search.censys.io/hosts/23.235.187.71", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:49", "1678324", "156.234.101.162:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:30", "100", "https://search.censys.io/hosts/156.234.101.162", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:49", "1678325", "156.234.252.68:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:45", "100", "https://search.censys.io/hosts/156.234.252.68", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:48", "1678320", "156.234.252.72:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:45", "100", "https://search.censys.io/hosts/156.234.252.72", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:48", "1678321", "23.235.188.23:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:18", "100", "https://search.censys.io/hosts/23.235.188.23", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:48", "1678322", "23.235.188.9:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:20", "100", "https://search.censys.io/hosts/23.235.188.9", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:48", "1678323", "156.234.252.67:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:44", "100", "https://search.censys.io/hosts/156.234.252.67", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:47", "1678317", "23.235.187.67:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:13", "100", "https://search.censys.io/hosts/23.235.187.67", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:47", "1678318", "23.235.188.10:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:16", "100", "https://search.censys.io/hosts/23.235.188.10", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:47", "1678319", "156.234.101.175:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:33", "100", "https://search.censys.io/hosts/156.234.101.175", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:46", "1678314", "23.235.187.83:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:22", "100", "https://search.censys.io/hosts/23.235.187.83", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:46", "1678315", "23.235.187.86:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:15", "100", "https://search.censys.io/hosts/23.235.187.86", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:46", "1678316", "156.234.252.76:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:45", "100", "https://search.censys.io/hosts/156.234.252.76", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:45", "1678312", "23.248.214.6:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:18", "100", "https://search.censys.io/hosts/23.248.214.6", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:45", "1678313", "23.235.188.11:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:16", "100", "https://search.censys.io/hosts/23.235.188.11", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:44", "1678309", "23.235.188.19:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:32", "100", "https://search.censys.io/hosts/23.235.188.19", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:44", "1678310", "23.235.187.90:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:33", "100", "https://search.censys.io/hosts/23.235.187.90", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:44", "1678311", "23.235.187.72:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:13", "100", "https://search.censys.io/hosts/23.235.187.72", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:43", "1678307", "23.248.214.4:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:41", "100", "https://search.censys.io/hosts/23.248.214.4", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:43", "1678308", "23.226.48.208:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:36", "100", "https://search.censys.io/hosts/23.226.48.208", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:42", "1678304", "156.234.145.50:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:38", "100", "https://search.censys.io/hosts/156.234.145.50", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:42", "1678305", "23.235.188.21:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:17", "100", "https://search.censys.io/hosts/23.235.188.21", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:42", "1678306", "156.234.101.180:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:34", "100", "https://search.censys.io/hosts/156.234.101.180", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:41", "1678302", "23.248.214.2:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:21", "100", "https://search.censys.io/hosts/23.248.214.2", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:41", "1678303", "156.234.145.47:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:28", "100", "https://search.censys.io/hosts/156.234.145.47", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:40", "1678300", "156.234.252.79:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:48", "100", "https://search.censys.io/hosts/156.234.252.79", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:40", "1678301", "156.234.252.69:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:48", "100", "https://search.censys.io/hosts/156.234.252.69", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:39", "1678298", "23.226.48.217:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:12", "100", "https://search.censys.io/hosts/23.226.48.217", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:39", "1678299", "23.226.48.221:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:48", "100", "https://search.censys.io/hosts/23.226.48.221", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:38", "1678297", "156.234.101.161:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:21", "100", "https://search.censys.io/hosts/156.234.101.161", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:37", "1678295", "23.226.48.205:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:18", "100", "https://search.censys.io/hosts/23.226.48.205", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:37", "1678296", "23.248.214.16:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:28", "100", "https://search.censys.io/hosts/23.248.214.16", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:36", "1678294", "156.234.101.178:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:48", "100", "https://search.censys.io/hosts/156.234.101.178", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:35", "1678291", "156.234.145.54:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:39", "100", "https://search.censys.io/hosts/156.234.145.54", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:35", "1678292", "156.234.145.42:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:24", "100", "https://search.censys.io/hosts/156.234.145.42", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:35", "1678293", "23.248.214.29:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:23", "100", "https://search.censys.io/hosts/23.248.214.29", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:34", "1678289", "23.248.214.12:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:37", "100", "https://search.censys.io/hosts/23.248.214.12", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:34", "1678290", "23.248.214.5:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:23", "100", "https://search.censys.io/hosts/23.248.214.5", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:33", "1678287", "23.226.48.206:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:10", "100", "https://search.censys.io/hosts/23.226.48.206", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:33", "1678288", "23.226.48.219:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:47", "100", "https://search.censys.io/hosts/23.226.48.219", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:32", "1678285", "23.248.237.46:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:24", "100", "https://search.censys.io/hosts/23.248.237.46", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:32", "1678286", "23.248.214.20:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:22", "100", "https://search.censys.io/hosts/23.248.214.20", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:31", "1678283", "23.248.237.42:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:24", "100", "https://search.censys.io/hosts/23.248.237.42", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:31", "1678284", "23.248.214.14:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:24", "100", "https://search.censys.io/hosts/23.248.214.14", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:30", "1678281", "23.235.187.87:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:22", "100", "https://search.censys.io/hosts/23.235.187.87", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:30", "1678282", "156.234.101.165:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:31", "100", "https://search.censys.io/hosts/156.234.101.165", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:29", "1678279", "23.235.188.8:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:29", "100", "https://search.censys.io/hosts/23.235.188.8", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:29", "1678280", "23.235.187.93:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:22", "100", "https://search.censys.io/hosts/23.235.187.93", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:28", "1678278", "156.234.145.62:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:17", "100", "https://search.censys.io/hosts/156.234.145.62", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:27", "1678277", "156.234.101.169:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:32", "100", "https://search.censys.io/hosts/156.234.101.169", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:26", "1678275", "23.235.187.80:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:50", "100", "https://search.censys.io/hosts/23.235.187.80", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:26", "1678276", "156.234.145.38:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:36", "100", "https://search.censys.io/hosts/156.234.145.38", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:25", "1678273", "23.248.214.26:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:22", "100", "https://search.censys.io/hosts/23.248.214.26", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:25", "1678274", "156.234.252.70:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:14", "100", "https://search.censys.io/hosts/156.234.252.70", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:24", "1678271", "156.234.145.48:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:38", "100", "https://search.censys.io/hosts/156.234.145.48", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:24", "1678272", "23.235.188.16:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:15", "100", "https://search.censys.io/hosts/23.235.188.16", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:23", "1678269", "23.235.187.91:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:35", "100", "https://search.censys.io/hosts/23.235.187.91", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:23", "1678270", "23.248.214.22:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:24", "100", "https://search.censys.io/hosts/23.248.214.22", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:22", "1678266", "156.234.252.82:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:45", "100", "https://search.censys.io/hosts/156.234.252.82", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:22", "1678267", "23.226.48.214:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:16", "100", "https://search.censys.io/hosts/23.226.48.214", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:22", "1678268", "156.234.252.73:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:17", "100", "https://search.censys.io/hosts/156.234.252.73", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:21", "1678263", "156.234.145.33:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:36", "100", "https://search.censys.io/hosts/156.234.145.33", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:21", "1678264", "23.248.214.15:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:18", "100", "https://search.censys.io/hosts/23.248.214.15", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:21", "1678265", "23.248.214.25:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:45", "100", "https://search.censys.io/hosts/23.248.214.25", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:20", "1678261", "156.234.252.89:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:48", "100", "https://search.censys.io/hosts/156.234.252.89", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:20", "1678262", "156.234.252.65:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:33", "100", "https://search.censys.io/hosts/156.234.252.65", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:19", "1678259", "23.235.188.17:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:17", "100", "https://search.censys.io/hosts/23.235.188.17", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:19", "1678260", "156.234.145.58:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:40", "100", "https://search.censys.io/hosts/156.234.145.58", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:18", "1678256", "156.234.101.181:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:32", "100", "https://search.censys.io/hosts/156.234.101.181", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:18", "1678257", "156.234.145.59:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:40", "100", "https://search.censys.io/hosts/156.234.145.59", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:18", "1678258", "23.226.48.212:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:34", "100", "https://search.censys.io/hosts/23.226.48.212", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:17", "1678254", "156.234.252.85:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:47", "100", "https://search.censys.io/hosts/156.234.252.85", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:17", "1678255", "23.235.187.88:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:21", "100", "https://search.censys.io/hosts/23.235.187.88", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:16", "1678251", "23.248.214.21:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:22", "100", "https://search.censys.io/hosts/23.248.214.21", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:16", "1678252", "23.235.187.76:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:11", "100", "https://search.censys.io/hosts/23.235.187.76", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:16", "1678253", "23.248.214.23:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:20", "100", "https://search.censys.io/hosts/23.248.214.23", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:15", "1678248", "156.234.252.71:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:45", "100", "https://search.censys.io/hosts/156.234.252.71", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:15", "1678249", "156.234.252.88:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:48", "100", "https://search.censys.io/hosts/156.234.252.88", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:15", "1678250", "107.175.242.93:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:12", "100", "https://search.censys.io/hosts/107.175.242.93", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-12-13 20:00:14", "1678245", "156.234.252.83:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:47", "100", "https://search.censys.io/hosts/156.234.252.83", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:14", "1678246", "23.248.214.3:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:14", "100", "https://search.censys.io/hosts/23.248.214.3", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:14", "1678247", "23.235.187.69:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:12", "100", "https://search.censys.io/hosts/23.235.187.69", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:13", "1678243", "23.248.214.19:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:15", "100", "https://search.censys.io/hosts/23.248.214.19", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:13", "1678244", "23.248.214.18:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:10", "100", "https://search.censys.io/hosts/23.248.214.18", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:12", "1678242", "23.226.48.211:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:18", "100", "https://search.censys.io/hosts/23.226.48.211", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:11", "1678240", "156.234.252.78:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:08", "100", "https://search.censys.io/hosts/156.234.252.78", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:11", "1678241", "156.234.252.75:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:09", "100", "https://search.censys.io/hosts/156.234.252.75", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 20:00:10", "1678239", "23.235.187.94:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:00:09", "100", "https://search.censys.io/hosts/23.235.187.94", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 19:57:51", "1678238", "warp.paperknurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 20:00:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 19:48:11", "1678237", "wisp.paperknurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:49:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 19:32:51", "1678236", "4zx.paperknurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:36:20", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 19:25:42", "1678235", "6rr5.paperknurl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:32:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 19:13:53", "1678234", "silk.ciears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:16:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 19:07:42", "1678233", "hush2.ciears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:08:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:57:21", "1678232", "plush.ciears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 19:04:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:48:44", "1678231", "95.112.104.52:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-14 15:48:22", "75", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2025-12-13 18:48:29", "1678230", "satin.ciears0ft.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 18:48:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:48:22", "1678228", "80.78.22.110:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:47:59", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-12-13 18:48:22", "1678229", "80.82.77.204:58489", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:47:59", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-12-13 18:48:08", "1678227", "72.61.224.183:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-14 15:47:46", "75", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2025-12-13 18:47:50", "1678226", "54.244.83.113:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:47:32", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-12-13 18:45:15", "1678225", "176.65.148.96:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:45:07", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-12-13 18:43:25", "1678224", "104.168.190.139:6566", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:24", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:24", "1678219", "104.140.197.43:30146", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:23", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:24", "1678220", "104.140.197.54:30140", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:23", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:24", "1678221", "104.140.197.59:30028", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:23", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:24", "1678222", "104.140.197.73:30191", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:23", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:24", "1678223", "104.140.197.81:30028", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:24", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:23", "1678214", "104.140.197.237:30145", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:22", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:23", "1678215", "104.140.197.251:30139", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:22", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:23", "1678216", "104.140.197.251:30146", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:23", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:23", "1678217", "104.140.197.3:30023", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:23", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:23", "1678218", "104.140.197.34:30146", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:23", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:22", "1678208", "104.140.197.201:30028", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:21", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:22", "1678209", "104.140.197.205:30028", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:22", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:22", "1678210", "104.140.197.212:30140", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:22", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:22", "1678211", "104.140.197.219:30191", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:22", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:22", "1678212", "104.140.197.229:30178", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:22", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:22", "1678213", "104.140.197.231:30145", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:22", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:21", "1678204", "104.140.197.172:30146", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:21", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:21", "1678205", "104.140.197.19:30146", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:21", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:21", "1678206", "104.140.197.193:30145", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:21", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:21", "1678207", "104.140.197.194:30146", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:21", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:20", "1678200", "104.140.197.130:30140", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:20", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:20", "1678201", "104.140.197.162:30146", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:20", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:20", "1678202", "104.140.197.164:30139", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:20", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:20", "1678203", "104.140.197.172:30028", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:21", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:19", "1678198", "104.140.197.100:30145", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:19", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:43:19", "1678199", "104.140.197.107:30139", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:43:20", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-13 18:37:16", "1678197", "haze.hiiistorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 18:39:51", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:26:57", "1678196", "squall2.hiiistorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 18:28:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:18:09", "1678195", "thunder.hiiistorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 18:20:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:01:40", "1678194", "surge.hiiistorm.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 18:08:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 18:01:25", "1678193", "87.123.240.169:9848", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251213-qkqm1svjek", "AS8881,C2,quasar,rat,triage", "0", "DonPasci"
"2025-12-13 18:01:00", "1678192", "80.211.137.34:4370", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251213-qtvnbsf17d", "AS31034,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-13 18:00:58", "1678191", "80.211.137.34:2000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251213-qtvnbsf17d", "AS31034,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-13 18:00:57", "1678189", "78.173.80.26:4370", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251213-qtvnbsf17d", "AS9121,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-13 18:00:57", "1678190", "80.211.137.34:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251213-qtvnbsf17d", "AS31034,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-13 18:00:55", "1678188", "78.173.80.26:2000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251213-qtvnbsf17d", "AS9121,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-13 18:00:54", "1678187", "78.173.80.26:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251213-qtvnbsf17d", "AS9121,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-13 18:00:53", "1678186", "78.163.105.131:2000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251213-q3rb9sfm9t", "AS9121,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-13 18:00:52", "1678185", "78.163.105.131:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251213-q3rb9sfm9t", "AS9121,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-13 18:00:14", "1678184", "nightmare6732-46415.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251213-qlcgsafz8d", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-13 17:58:00", "1678183", "glare3.m1stycl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:59:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 17:45:27", "1678182", "zenith.m1stycl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:47:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 17:37:29", "1678179", "azur.m1stycl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:38:41", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 17:27:53", "1678178", "wisp5.m1stycl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:32:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 17:17:17", "1678177", "mist.m1stycl0ud.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:19:02", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 17:07:03", "1678176", "rime.fr0stgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:07:57", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:58:13", "1678175", "hoar2.fr0stgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 17:04:33", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:42:41", "1678174", "firn.fr0stgate.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:44:16", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:38:03", "1678173", "basin2.rockfieid.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:40:05", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:35:36", "1678171", "38.55.115.177:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:36", "1678172", "38.55.115.179:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:35", "1678169", "38.55.115.160:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:35", "1678170", "38.55.115.163:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:34", "1678166", "38.55.115.137:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:34", "1678167", "38.55.115.138:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:34", "1678168", "38.55.115.146:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:33", "1678164", "38.55.114.166:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:33", "1678165", "38.55.114.169:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:32", "1678162", "38.55.114.154:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:32", "1678163", "38.55.114.165:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:31", "1678160", "38.55.114.142:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:31", "1678161", "38.55.114.152:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:30", "1678158", "38.55.114.131:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:30", "1678159", "38.55.114.133:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:29", "1678157", "38.55.113.50:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:28", "1678156", "38.55.113.29:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:27", "1678155", "38.55.112.62:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:26", "1678154", "38.55.112.40:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:25", "1678152", "38.55.112.38:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:25", "1678153", "38.55.112.3:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:24", "1678151", "209.145.58.156:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:20", "1678150", "154.12.243.202:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:19", "1678149", "144.126.143.84:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:35:18", "1678148", "144.126.130.180:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6/", "quasar", "0", "abuse_ch"
"2025-12-13 16:26:53", "1678147", "quarry.rockfieid.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:28:10", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:14:23", "1678146", "ledge.rockfieid.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:20:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:07:36", "1678145", "delta.deepbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:09:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 16:01:26", "1678142", "38.242.252.4:7990", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/38.242.252.4", "AS51167,C2,censys,clickfix,CONTABO,first-stage", "0", "DonPasci"
"2025-12-13 16:01:26", "1678143", "193.57.33.115:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.57.33.115", "AS213848,C2,censys,clickfix,first-stage,NAVICOSOFT", "0", "DonPasci"
"2025-12-13 16:01:26", "1678144", "193.57.33.115:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.57.33.115", "AS213848,C2,censys,clickfix,first-stage,NAVICOSOFT", "0", "DonPasci"
"2025-12-13 16:01:15", "1678141", "38.46.155.27:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/38.46.155.27", "AdaptixC2,AS174,C2,censys,COGENT-174", "0", "DonPasci"
"2025-12-13 16:01:04", "1678140", "3.122.51.207:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-12-14 15:46:36", "100", "https://search.censys.io/hosts/3.122.51.207", "AMAZON-02,AS16509,censys,Chaos,panel", "0", "DonPasci"
"2025-12-13 16:00:53", "1678139", "41.250.214.29:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-12-14 15:46:58", "100", "https://search.censys.io/hosts/41.250.214.29", "AS36903,C2,censys,MT-MPLS,Netsupport,RAT", "0", "DonPasci"
"2025-12-13 16:00:47", "1678138", "102.117.164.94:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-14 15:43:05", "100", "https://search.censys.io/hosts/102.117.164.94", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci"
"2025-12-13 16:00:09", "1678137", "175.178.83.231:31303", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 23:01:00", "100", "https://search.censys.io/hosts/175.178.83.231", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2025-12-13 15:57:17", "1678136", "fjord1.deepbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 16:03:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 15:47:01", "1678135", "zephyr.deepbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 15:47:41", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 15:44:29", "1677835", "https://simaalborg.dk/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/simaalborg.dk", "ClickFix", "0", "CarsonWilliams"
"2025-12-13 15:38:13", "1678134", "grove.deepbreeze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 15:38:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 15:27:53", "1677838", "noct.n1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 15:18:14", "1677837", "swell4.n1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 15:07:45", "1677836", "crest.n1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:59:34", "1677834", "nimbus3.stormpixei.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 15:00:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:51:50", "1677833", "aurora.stormpixei.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:53:52", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:48:10", "1677832", "drift2.stormpixei.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:49:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:36:18", "1677831", "glint.stormpixei.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:37:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:34:28", "1677830", "https://jqueryapihelpers.com/ZRk5hZRslW1-tkY60uruimakLJ1zQfozs9hIZwdPPcb", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch"
"2025-12-13 14:27:31", "1677829", "squall.stormpixei.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:33:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 14:18:41", "1677828", "weft.tangleflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:20:32", "100", "None", "clearfake", "1", "ttakvam"
"2025-12-13 14:07:53", "1677827", "snarl.tangleflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 14:08:30", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:57:06", "1677826", "eddy.tangleflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:58:09", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:47:49", "1677825", "whip.tangleflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:49:31", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:45:13", "1677824", "202.79.171.143:55131", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch"
"2025-12-13 13:33:57", "1677823", "braid.tangleflux.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:37:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:23:41", "1677822", "spar.plume-anchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:26:57", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:20:08", "1677821", "193.161.193.99:46415", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch"
"2025-12-13 13:17:28", "1677820", "boom.plume-anchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:22:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 13:07:34", "1677819", "rope.plume-anchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 13:08:36", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:58:19", "1677818", "dock.plume-anchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:59:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:55:05", "1677817", "161.248.87.19:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2025-12-13 12:46:59", "1677816", "maw.c1rclefang.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:53:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:37:12", "1677815", "prong.c1rclefang.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:39:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:27:54", "1677814", "gnash.c1rclefang.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:34:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:17:34", "1677813", "orbit.c1rclefang.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:20:49", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:07:51", "1677812", "seal.hollow-zip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 12:13:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 12:03:21", "1677811", "13.213.128.58:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.213.128.58", "AMAZON-02,AS16509,C2,censys,clickfix,first-stage", "0", "DonPasci"
"2025-12-13 12:02:49", "1677810", "93.232.102.47:82", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-12-14 15:48:20", "100", "https://search.censys.io/hosts/93.232.102.47", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci"
"2025-12-13 12:02:38", "1677809", "147.50.253.72:8443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-14 15:44:11", "100", "https://search.censys.io/hosts/147.50.253.72", "AS142299,AsyncRAT,C2,censys,CLOUDFORESTCOLTD-AS-AP,RAT", "0", "DonPasci"
"2025-12-13 12:01:53", "1677808", "23.94.80.162:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-14 15:46:31", "100", "https://search.censys.io/hosts/23.94.80.162", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci"
"2025-12-13 12:01:31", "1677807", "minedonate10.waizerfly.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251213-ldpd6adz6h", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-12-13 12:01:15", "1677806", "login.10x.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-13 12:01:16", "100", "https://tria.ge/251213-g5mbnads2a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-12-13 12:01:13", "1677805", "version3.spc.jp.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-13 12:01:14", "100", "https://tria.ge/251213-dj7hxsck5w", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-12-13 12:00:47", "1677801", "atthewr.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-13 17:40:09", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-12-13 12:00:47", "1677802", "injecto.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-13 17:40:09", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-12-13 12:00:47", "1677803", "phytonr.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-13 17:40:09", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-12-13 12:00:47", "1677804", "proselw.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-13 17:40:09", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-12-13 12:00:46", "1677800", "peshmef.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-12-13 17:40:09", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2025-12-13 12:00:18", "1677799", "dedefoenumnigga-44957.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251213-h2f6xa1nbp", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-13 11:58:33", "1677798", "twine.hollow-zip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:59:16", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 11:47:14", "1677797", "vault.hollow-zip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:53:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 11:37:26", "1677796", "thrust.r0bintorque.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:39:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 11:27:11", "1677795", "shear.r0bintorque.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:28:27", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 11:26:28", "1677766", "http://107.174.115.101:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS36352,HostPapa,supershell", "0", "antiphishorg"
"2025-12-13 11:26:27", "1677755", "https://travellerschoice.ae/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/travellerschoice.ae", "ClickFix", "0", "CarsonWilliams"
"2025-12-13 11:26:26", "1677730", "176.65.148.116:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "None", "mirai", "0", "seckle"
"2025-12-13 11:26:26", "1677731", "103.77.241.135:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "None", "mirai", "0", "seckle"
"2025-12-13 11:26:26", "1677754", "https://ace-batiment.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/ace-batiment.com", "ClickFix", "0", "CarsonWilliams"
"2025-12-13 11:18:23", "1677794", "axle.r0bintorque.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:20:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 11:08:04", "1677793", "bind.hollowzip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:09:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:57:44", "1677765", "pouch.hollowzip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 11:04:45", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:43:48", "1677764", "wrap.hollowzip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:46:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:37:33", "1677763", "crypt.hollowzip.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:43:05", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:28:19", "1677762", "chain.plumeanchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:29:24", "100", "None", "clearfake", "1", "ttakvam"
"2025-12-13 10:11:22", "1677761", "reef.plumeanchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:12:26", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:06:12", "1677760", "moor.plumeanchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:08:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 10:01:25", "1677759", "port.plumeanchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 10:02:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:57:18", "1677758", "keel.plumeanchor.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:59:04", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:48:16", "1677757", "lid.sn0cklejar.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:49:40", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:38:12", "1677756", "cask.sn0cklejar.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:45:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:28:53", "1677753", "pickle.sn0cklejar.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:32:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:25:25", "1677751", "198.211.110.208:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:25:25", "1677752", "178.128.163.243:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:25:24", "1677750", "144.126.238.186:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:25:23", "1677749", "138.197.36.135:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:25:22", "1677748", "138.197.210.216:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:25:21", "1677747", "178.128.7.117:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:25:20", "1677746", "159.89.236.120:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:25:19", "1677745", "67.205.172.222:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:25:18", "1677744", "165.22.166.59:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:25:17", "1677743", "134.122.107.122:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:17:38", "1677742", "snare.sn0cklejar.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:28:15", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 09:10:05", "1677741", "138.68.47.167:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:10:04", "1677740", "68.183.149.106:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:10:03", "1677739", "159.89.156.10:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:10:00", "1677738", "67.205.186.162:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:09:59", "1677737", "209.97.177.41:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:09:58", "1677736", "137.184.134.128:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:09:57", "1677735", "206.189.169.149:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:09:56", "1677734", "64.225.11.220:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:09:49", "1677733", "138.197.78.216:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:09:42", "1677732", "162.243.166.162:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-13 09:07:48", "1677729", "scrape.gravel-whisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 09:08:40", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:57:29", "1677728", "swirl.gravel-whisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:58:47", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:52:04", "1677727", "45.94.47.154:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:42", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-12-13 08:48:53", "1677726", "91.200.101.43:5231", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-14 15:48:13", "75", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2025-12-13 08:47:46", "1677725", "45.236.130.44:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:47:09", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-12-13 08:47:30", "1677724", "quarry.gravel-whisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:48:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:47:19", "1677723", "31.57.228.25:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:46:40", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-12-13 08:46:28", "1677722", "192.3.187.89:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:45:50", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-12-13 08:46:02", "1677720", "181.214.100.109:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:45:23", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-12-13 08:46:02", "1677721", "181.214.100.216:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:45:23", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-12-13 08:44:32", "1677719", "glow.b1tcascade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:45:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:43:59", "1677718", "130.94.14.242:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:43:51", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-12-13 08:37:13", "1677717", "rill.b1tcascade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:39:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:32:13", "1677716", "delta.b1tcascade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:35:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:28:21", "1677715", "byte.b1tcascade.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:30:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:18:44", "1677714", "lathe.vex-timber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:20:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:07:50", "1677713", "join.vex-timber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:09:50", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 08:03:10", "1676965", "ity.keyzsoft.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://bazaar.abuse.ch/sample/8d9d18fb397ea5ae52f56dc47e7336bb88d781e26b4a109a4ce5cfa728771655/", "c2,domain,vidar", "0", "burger"
"2025-12-13 08:02:09", "1677711", "18.140.146.3:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.140.146.3", "AMAZON-02,AS16509,C2,censys,clickfix,first-stage", "0", "DonPasci"
"2025-12-13 08:02:09", "1677712", "13.212.0.221:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.212.0.221", "AMAZON-02,AS16509,C2,censys,clickfix,first-stage", "0", "DonPasci"
"2025-12-13 08:02:08", "1677710", "167.235.150.179:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/167.235.150.179", "AS24940,C2,censys,clickfix,first-stage,HETZNER-AS", "0", "DonPasci"
"2025-12-13 08:02:02", "1677709", "54.160.155.68:19905", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.160.155.68", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 08:02:01", "1677707", "152.42.241.7:8010", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/152.42.241.7", "AS14061,C2,censys,DIGITALOCEAN-ASN,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 08:02:01", "1677708", "196.75.231.84:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/196.75.231.84", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci"
"2025-12-13 08:02:00", "1677705", "103.177.47.36:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.36", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 08:02:00", "1677706", "103.177.47.35:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.35", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 08:01:59", "1677702", "103.177.47.34:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.34", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 08:01:59", "1677703", "103.177.47.12:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.12", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 08:01:59", "1677704", "103.177.47.38:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.38", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 08:01:58", "1677700", "103.177.47.19:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.19", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 08:01:58", "1677701", "54.221.160.173:54933", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.221.160.173", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 08:01:57", "1677698", "103.177.47.31:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.31", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 08:01:57", "1677699", "103.177.46.121:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.121", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 08:01:26", "1677697", "161.248.200.24:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-12-13 11:00:34", "100", "https://search.censys.io/hosts/161.248.200.24", "AS153528,C2,censys,ESL-AS-AP,Hookbot", "0", "DonPasci"
"2025-12-13 08:01:20", "1677696", "41.142.94.71:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-14 15:46:56", "100", "https://search.censys.io/hosts/41.142.94.71", "AS36903,AsyncRAT,C2,censys,MT-MPLS,RAT", "0", "DonPasci"
"2025-12-13 08:01:05", "1677695", "196.251.100.95:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-14 15:46:02", "100", "https://search.censys.io/hosts/196.251.100.95", "AS214967,C2,censys,OPTIBOUNCE,RAT,Remcos", "0", "DonPasci"
"2025-12-13 08:00:58", "1676773", "ace-batiment.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "clickfix,validin", "0", "DaveLikesMalwre"
"2025-12-13 08:00:51", "1677471", "http://23.95.148.136:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS36352,HostPapa,supershell", "0", "antiphishorg"
"2025-12-13 08:00:50", "1677472", "77.105.161.133:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-14 12:00:51", "100", "None", "loader,StealC,stealer", "0", "Bitsight"
"2025-12-13 08:00:50", "1677475", "http://77.110.114.11/ce369e7324834845.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-13 06:04:07", "100", "https://bazaar.abuse.ch/sample/14703a96c5eb7b454998ee60a5effbedc43436486bf3b70355fcccce92dacc8e/", "c2,stealc", "0", "burger"
"2025-12-13 08:00:50", "1677479", "http://77.105.161.133/1ea995999d91ca21.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://bazaar.abuse.ch/sample/8f16da672b72afa99e534d022b945bdc8a4ea1083d09ba7930df2dd163eb3bb8", "c2,stealc,url", "0", "burger"
"2025-12-13 08:00:49", "1677515", "80.64.19.148:4441", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "None", "0", "tanner"
"2025-12-13 08:00:48", "1677518", "renviox.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/72e8e71d1592778c338a9a458a1f35b08e722139dfb59b4f1ba0fd7aa099a6b7/", "None", "0", "burger"
"2025-12-13 08:00:48", "1677523", "39.86.248.188:50401", "ip:port", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "https://threatquery.com/engines/ip.html?value=39.86.248.188&type=ip", "AS4837,c2,LokiBot,threatquery", "0", "threatquery"
"2025-12-13 08:00:48", "1677536", "instance-p3rfvx-relay.screenconnect.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "FraudulentUse,Screenconnect", "0", "Gi7w0rm"
"2025-12-13 08:00:47", "1677537", "effinghampodiatriclore.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "DeerStealer,DonutLoader,HijackLoader", "0", "Gi7w0rm"
"2025-12-13 08:00:43", "1677549", "77.110.114.11:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-14 04:00:14", "100", "None", "loader,StealC,stealer", "0", "Bitsight"
"2025-12-13 08:00:41", "1677611", "89.45.13.184:8080", "ip:port", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "https://threatquery.com/engines/ip.html?value=89.45.13.184&type=ip", "AS62390,c2,LokiBot,threatquery", "0", "threatquery"
"2025-12-13 08:00:40", "1677653", "91.212.150.246:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-14 09:00:31", "100", "None", "loader,StealC,stealer", "0", "Bitsight"
"2025-12-13 08:00:40", "1677658", "www.10x.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-13 12:01:15", "100", "https://www.virustotal.com/gui/file/d3c04371fa3aceeaf08182349f912d1a0265fbed122388391ac4b836fac88cdd", "AsyncRAT,botnet,c2", "0", "Amethyste"
"2025-12-13 08:00:13", "1677693", "156.234.216.179:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:42", "100", "https://search.censys.io/hosts/156.234.216.179", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 08:00:13", "1677694", "156.234.216.169:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:41", "100", "https://search.censys.io/hosts/156.234.216.169", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 08:00:12", "1677690", "156.234.216.167:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:41", "100", "https://search.censys.io/hosts/156.234.216.167", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 08:00:12", "1677691", "156.234.216.178:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-13 11:00:15", "100", "https://search.censys.io/hosts/156.234.216.178", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 08:00:12", "1677692", "156.234.216.174:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:42", "100", "https://search.censys.io/hosts/156.234.216.174", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 08:00:11", "1677689", "156.234.216.190:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:44", "100", "https://search.censys.io/hosts/156.234.216.190", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 08:00:10", "1677687", "156.234.216.181:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:43", "100", "https://search.censys.io/hosts/156.234.216.181", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 08:00:10", "1677688", "156.234.216.176:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:42", "100", "https://search.censys.io/hosts/156.234.216.176", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 08:00:09", "1677686", "156.234.216.183:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:43", "100", "https://search.censys.io/hosts/156.234.216.183", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 08:00:08", "1677685", "156.234.216.180:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:43", "100", "https://search.censys.io/hosts/156.234.216.180", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 08:00:07", "1677684", "156.234.216.163:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:40", "100", "https://search.censys.io/hosts/156.234.216.163", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-13 07:57:56", "1677683", "pine.vex-timber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 08:00:20", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 07:53:30", "1677682", "8.134.167.150:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 11:00:10", "100", "None", "CobaltStrike", "0", "abuse_ch"
"2025-12-13 07:53:21", "1677681", "117.72.56.12:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 11:00:08", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2025-12-13 07:53:18", "1677680", "101.126.137.83:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch"
"2025-12-13 07:53:14", "1677679", "8.145.35.238:8111", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-305419896", "0", "abuse_ch"
"2025-12-13 07:53:13", "1677678", "119.45.250.8:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:12", "100", "None", "CobaltStrike,cs-watermark-1", "0", "abuse_ch"
"2025-12-13 07:53:11", "1677677", "47.98.62.41:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch"
"2025-12-13 07:53:10", "1677676", "151.243.95.233:1234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 07:45:00", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-12-13 07:53:09", "1677675", "83.229.125.47:8090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 07:45:14", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-12-13 07:51:05", "1676765", "https://193.233.126.16/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://bazaar.abuse.ch/sample/e3d8c94bbd231d89d9c0fce27f25d0c5c9b99722f21305cce9f0fefc845e80a4/", "c2,url,vidar", "0", "burger"
"2025-12-13 07:51:05", "1676769", "69.5.189.119:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-14 10:00:07", "100", "https://bazaar.abuse.ch/sample/702252b74d927a5c5ef712dfb1931e2d9093a63950505ca2f887e520eeaef7e2/", "c2,ip,stealc", "0", "burger"
"2025-12-13 07:51:04", "1676768", "http://69.5.189.119/ca181e88d271449b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://bazaar.abuse.ch/sample/702252b74d927a5c5ef712dfb1931e2d9093a63950505ca2f887e520eeaef7e2/", "c2,stealc,url", "0", "burger"
"2025-12-13 07:51:03", "1676760", "http://91.92.243.254/kelly/five/PvqDq929BSx_A_D_M1n_a.php", "url", "botnet_cc", "apk.lokibot", "None", "LokiBot", "", "100", "None", "AS214943,lokibot,Railnet LLC", "0", "antiphishorg"
"2025-12-13 07:51:03", "1676764", "193.233.126.16:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://bazaar.abuse.ch/sample/e3d8c94bbd231d89d9c0fce27f25d0c5c9b99722f21305cce9f0fefc845e80a4/", "c2,ip,vidar", "0", "burger"
"2025-12-13 07:48:14", "1677670", "stathub.quest", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/", "PureHVNC", "0", "abuse_ch"
"2025-12-13 07:48:14", "1677671", "stategiq.quest", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/", "PureHVNC", "0", "abuse_ch"
"2025-12-13 07:48:14", "1677672", "mktblend.monster", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/", "PureHVNC", "0", "abuse_ch"
"2025-12-13 07:48:14", "1677673", "dsgnfwd.xyz", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/", "PureHVNC", "0", "abuse_ch"
"2025-12-13 07:48:14", "1677674", "dndhub.xyz", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/", "PureHVNC", "0", "abuse_ch"
"2025-12-13 07:47:40", "1677669", "axle.vextimber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 07:55:02", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 07:37:48", "1677668", "grain.vextimber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 07:40:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 07:27:28", "1677667", "mill.vextimber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 07:29:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 07:20:24", "1677666", "bulinco.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/94e6cf4122215224008285277ee1f4df61a7739c8c85ed569f112d70ce8b998f/", "xworm", "0", "abuse_ch"
"2025-12-13 07:17:15", "1677665", "fir.vextimber.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 07:17:39", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 07:08:26", "1677664", "rumble.murmurplex.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 07:14:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:57:14", "1677663", "hum.murmurplex.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:58:50", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:46:54", "1677662", "loom.murmurplex.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:49:30", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:42:14", "1677661", "whorl.murmurplex.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:46:08", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:39:00", "1677660", "echo.murmurplex.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:39:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:27:41", "1677659", "ridge.gravelwhisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:29:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:17:52", "1677657", "spur.gravelwhisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:19:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:07:36", "1677656", "silt.gravelwhisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 06:13:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 06:01:31", "1677655", "v2.91clubgamez.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-13 06:01:32", "100", "https://tria.ge/251213-bcztdsykcl", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2025-12-13 06:00:18", "1677654", "107.174.34.143:5432", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251213-dpnm1azjgr", "AS36352,C2,triage,xworm", "0", "DonPasci"
"2025-12-13 05:57:21", "1677652", "harrow.gravelwhisk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:58:24", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 05:48:34", "1677651", "2yri.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:49:46", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 05:38:10", "1677650", "m18.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:39:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 05:26:53", "1677649", "oel6h.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:27:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 05:18:06", "1677648", "mwqkv.d7mbbmer1d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:19:05", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 05:07:59", "1677647", "gqs5d.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:10:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:57:59", "1677646", "t1i.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 05:00:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:47:39", "1677645", "gamma.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:48:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:37:18", "1677644", "gwe.ac0rnrepr0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:38:43", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:27:36", "1677643", "soft.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:29:26", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:18:57", "1677642", "a0a.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:19:05", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:08:02", "1677641", "h819.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:09:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 04:01:34", "1677638", "43.163.201.222:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/43.163.201.222", "AS132203,C2,censys,clickfix,first-stage,TENCENT-NET-AP-CN", "0", "DonPasci"
"2025-12-13 04:01:34", "1677639", "178.210.92.124:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/178.210.92.124", "AS48287,C2,censys,clickfix,first-stage,RU-CENTER", "0", "DonPasci"
"2025-12-13 04:01:34", "1677640", "216.92.153.103:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/216.92.153.103", "AS7859,C2,censys,clickfix,first-stage,PAIR-NETWORKS", "0", "DonPasci"
"2025-12-13 04:01:27", "1677635", "103.177.46.46:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.46", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:27", "1677636", "103.177.46.123:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.123", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:27", "1677637", "103.177.46.59:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.59", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:26", "1677632", "103.177.46.69:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.69", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:26", "1677633", "103.177.46.65:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.65", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:26", "1677634", "103.177.46.70:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.70", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:25", "1677629", "103.177.46.79:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.79", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:25", "1677630", "103.177.46.48:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.48", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:25", "1677631", "103.177.46.66:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.66", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:24", "1677626", "103.177.46.56:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.56", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:24", "1677627", "103.177.46.89:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.89", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:24", "1677628", "103.177.46.43:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.43", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:23", "1677624", "103.177.46.42:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.42", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:01:23", "1677625", "103.177.46.45:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.45", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 04:00:51", "1677622", "80.66.72.158:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-12-14 15:47:58", "100", "https://search.censys.io/hosts/80.66.72.158", "AS215540,C2,censys,GCS-AS,Hookbot", "0", "DonPasci"
"2025-12-13 04:00:51", "1677623", "62.60.158.9:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-12-14 15:47:37", "100", "https://search.censys.io/hosts/62.60.158.9", "AEZA-AS,AS210644,C2,censys,Hookbot", "0", "DonPasci"
"2025-12-13 04:00:45", "1677621", "41.142.94.71:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-14 15:46:57", "100", "https://search.censys.io/hosts/41.142.94.71", "AS36903,AsyncRAT,C2,censys,MT-MPLS,RAT", "0", "DonPasci"
"2025-12-13 04:00:30", "1677619", "107.189.24.49:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-14 15:43:35", "100", "https://search.censys.io/hosts/107.189.24.49", "AS14956,C2,censys,RAT,Remcos,ROUTERHOSTING", "0", "DonPasci"
"2025-12-13 04:00:30", "1677620", "172.111.139.186:2405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-14 15:44:50", "100", "https://search.censys.io/hosts/172.111.139.186", "AS212238,C2,CDNEXT,censys,RAT,Remcos", "0", "DonPasci"
"2025-12-13 04:00:18", "1677618", "106.53.0.150:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-12-13 04:05:05", "100", "https://search.censys.io/hosts/106.53.0.150", "AS45090,C2,censys,Latrodectus,TENCENT-NET-AP", "0", "DonPasci"
"2025-12-13 03:58:09", "1677617", "nx.hi8hmu1berry.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 04:00:18", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 03:42:46", "1677616", "i5xu.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:49:00", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 03:38:02", "1677615", "flare.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:40:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 03:28:41", "1677614", "iyp61.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:30:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 03:17:23", "1677613", "deep.sc2ntrepid2t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:19:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 03:07:34", "1677612", "w10ok.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 03:12:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:57:21", "1677610", "yxvgh.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:59:22", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:49:09", "1677609", "156.234.216.161:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:40", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-12-13 02:47:03", "1677608", "champ.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:52:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:36:11", "1677607", "zh8qj.f1ercen1ivin.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:39:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:28:01", "1677606", "fh9.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:28:42", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:17:40", "1677605", "blood.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:23:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 02:07:50", "1677604", "8y.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:09:47", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:57:37", "1677603", "dsav5.f0undst2rve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 02:00:06", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:47:45", "1677602", "crest.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:49:49", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:37:35", "1677601", "book.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:43:03", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:27:38", "1677600", "di.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:33:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:17:24", "1677599", "dz4y1.p2rabpr0nos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:24:19", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:07:06", "1677598", "lqd.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 01:08:37", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 01:00:10", "1677597", "45.133.180.154:6677", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch"
"2025-12-13 00:55:44", "1677596", "wy1.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:57:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:48:02", "1677595", "ocean.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:49:14", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:38:11", "1677594", "shadow.champm2loma1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:39:12", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:27:20", "1677593", "z6.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:28:07", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:17:33", "1677592", "bridge.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:23:54", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:07:20", "1677591", "light.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-13 00:09:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-13 00:05:19", "1677590", "13.212.0.221:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.212.0.221", "AMAZON-02,AS16509,C2,censys,clickfix,first-stage", "0", "DonPasci"
"2025-12-13 00:04:45", "1677587", "72.62.60.228:8080", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/72.62.60.228", "AS-HOSTINGER,AS47583,C2,censys,Starkillerc2", "0", "DonPasci"
"2025-12-13 00:04:41", "1677586", "54.145.191.161:623", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.145.191.161", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-13 00:04:36", "1677585", "103.231.174.35:6443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/103.231.174.35", "AdaptixC2,AS45753,C2,censys,NETSEC-HK", "0", "DonPasci"
"2025-12-13 00:04:34", "1677584", "3.226.247.149:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/3.226.247.149", "AMAZON-AES,AS14618,C2,censys,hacktool,Mimikatz,open-dir", "0", "DonPasci"
"2025-12-12 23:57:27", "1677583", "yzmbi.neur0l5uptn.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:58:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 23:47:09", "1677582", "storm.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:49:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 23:36:51", "1677581", "wild.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:40:03", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 23:22:00", "1677580", "guard.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:25:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 23:17:00", "1677579", "trace.c0nju8maraf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:21:23", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 23:07:47", "1677578", "spark.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 23:09:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:57:26", "1677542", "jtp4r.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:59:13", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:47:44", "1677541", "ember.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:49:48", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:37:50", "1677540", "2ic.f1fthudde7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:40:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:29:05", "1677538", "neuro.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:31:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:19:11", "1677535", "byte.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:23:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 22:07:57", "1677534", "zeq3.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:09:50", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:57:40", "1677533", "mint.b0okca7niv.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 22:00:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:47:52", "1677532", "sabr6.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:51:35", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:44:45", "1677531", "epfe.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:45:51", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:37:31", "1677530", "p8.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:38:50", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:30:11", "1677529", "http://towerbingobongoboom.com:8080/updater?for=81D1B730207B50BC16231686B723B33F", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "GoProxy", "0", "abuse_ch"
"2025-12-12 21:28:39", "1677528", "field.b1o0dmanneq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:35:06", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:25:25", "1677527", "m9dbmhskb.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/ee28b64d4e17826527e6ee7bdf9ac22f8adb5d2c06ed533e8206f9fceecdcd8c/", "xworm", "0", "abuse_ch"
"2025-12-12 21:17:21", "1677526", "q1.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:19:25", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 21:15:10", "1677525", "80.211.137.34:4230", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch"
"2025-12-12 21:07:31", "1677524", "bbpa.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 21:10:33", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:58:44", "1677522", "dndhub.xyz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClickFix,PureHVNC", "0", "threatcat_ch"
"2025-12-12 20:57:17", "1677521", "vdf.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:59:28", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:47:00", "1677520", "core.interk2ts2v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:47:55", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:38:08", "1677519", "3w.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:39:53", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:27:53", "1677517", "z4l.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:29:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:17:33", "1677516", "lq.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:19:32", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:07:47", "1677514", "yl90o.sh0rtwe5ter.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:14:23", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 20:03:42", "1677511", "162.215.130.152:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/162.215.130.152", "AS46606,C2,censys,clickfix,first-stage,UNIFIEDLAYER-AS-1", "0", "DonPasci"
"2025-12-12 20:03:38", "1677510", "72.62.60.228:443", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/72.62.60.228", "AS-HOSTINGER,AS47583,C2,censys,PowershellEmpire", "0", "DonPasci"
"2025-12-12 20:03:34", "1677507", "54.82.226.86:80", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.82.226.86", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-12 20:03:34", "1677508", "54.82.226.86:2380", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.82.226.86", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-12 20:03:34", "1677509", "54.82.226.86:8880", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.82.226.86", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-12 20:03:33", "1677505", "34.238.116.93:1317", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/34.238.116.93", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-12 20:03:33", "1677506", "199.101.111.188:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/199.101.111.188", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-12 20:03:32", "1677504", "199.101.111.205:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/199.101.111.205", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-12-12 20:03:26", "1677503", "89.58.41.159:443", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/89.58.41.159", "AS197540,C2,censys,hacktool,Mimikatz,NETCUP-AS,open-dir", "0", "DonPasci"
"2025-12-12 20:03:25", "1677502", "89.58.41.159:80", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/89.58.41.159", "AS197540,C2,censys,hacktool,Mimikatz,NETCUP-AS,open-dir", "0", "DonPasci"
"2025-12-12 20:03:02", "1677501", "fpt.dfp.abdullah-sharif.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-12 23:01:33", "100", "https://search.censys.io/hosts/45.32.154.228+fpt.dfp.abdullah-sharif.com", "AS-VULTR,AS20473,C2,censys,Havoc", "0", "DonPasci"
"2025-12-12 20:03:01", "1677499", "arabsea.testingweblink.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-12 23:01:33", "100", "https://search.censys.io/hosts/188.166.156.56+arabsea.testingweblink.com", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci"
"2025-12-12 20:03:01", "1677500", "adfs.abdullah-sharif.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-12 23:01:33", "100", "https://search.censys.io/hosts/45.32.154.228+adfs.abdullah-sharif.com", "AS-VULTR,AS20473,C2,censys,Havoc", "0", "DonPasci"
"2025-12-12 20:02:59", "1677498", "1.52.28.182:443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-12 23:01:31", "100", "https://search.censys.io/hosts/1.52.28.182", "AS18403,C2,censys,FPT-AS-AP,Quasar,RAT", "0", "DonPasci"
"2025-12-12 20:02:42", "1677497", "83.136.254.247:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-14 15:48:02", "100", "https://search.censys.io/hosts/83.136.254.247", "AS202053,C2,censys,Sliver,UPCLOUD", "0", "DonPasci"
"2025-12-12 20:02:37", "1677495", "186.169.56.216:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-14 15:45:40", "100", "https://search.censys.io/hosts/186.169.56.216", "AS3816,C2,censys,COLOMBIA,RAT,Remcos", "0", "DonPasci"
"2025-12-12 20:02:37", "1677496", "158.94.210.63:9090", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-14 15:44:27", "100", "https://search.censys.io/hosts/158.94.210.63", "AS214943,C2,censys,RAILNET,RAT,Remcos", "0", "DonPasci"
"2025-12-12 20:02:36", "1677494", "31.97.76.25:30303", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-14 15:46:41", "100", "https://search.censys.io/hosts/31.97.76.25", "AS-HOSTINGER,AS47583,C2,censys,RAT,Remcos", "0", "DonPasci"
"2025-12-12 20:02:15", "1677493", "38.246.245.82:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 07:45:10", "100", "https://search.censys.io/hosts/38.246.245.82", "AS979,C2,censys,CobaltStrike,cs-watermark-426352781,NETLAB-SDN", "0", "DonPasci"
"2025-12-12 20:02:13", "1677490", "39.104.81.39:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 07:44:58", "100", "https://search.censys.io/hosts/39.104.81.39", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-12-12 20:02:13", "1677491", "47.92.196.59:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 07:45:11", "100", "https://search.censys.io/hosts/47.92.196.59", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-12-12 20:02:13", "1677492", "43.255.30.4:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-12 23:01:12", "100", "https://search.censys.io/hosts/43.255.30.4", "AS133199,C2,censys,CobaltStrike,cs-watermark-666666666,SONDERCLOUDLIMITED-AS-AP", "0", "DonPasci"
"2025-12-12 20:02:10", "1677489", "156.234.252.86:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:47", "100", "https://search.censys.io/hosts/156.234.252.86", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-12 20:02:09", "1677485", "156.234.101.173:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:32", "100", "https://search.censys.io/hosts/156.234.101.173", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-12 20:02:09", "1677486", "156.234.145.34:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:36", "100", "https://search.censys.io/hosts/156.234.145.34", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-12 20:02:09", "1677487", "119.91.141.52:31303", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-12 23:01:13", "100", "https://search.censys.io/hosts/119.91.141.52", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2025-12-12 20:02:09", "1677488", "156.234.216.171:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:41", "100", "https://search.censys.io/hosts/156.234.216.171", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-12 20:02:08", "1677484", "156.234.252.66:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:44", "100", "https://search.censys.io/hosts/156.234.252.66", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-12 20:02:07", "1677483", "156.234.145.35:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:36", "100", "https://search.censys.io/hosts/156.234.145.35", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-12 20:02:05", "1677481", "195.177.94.233:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:50:05", "100", "https://search.censys.io/hosts/195.177.94.233", "AS214961,C2,censys,CobaltStrike,cs-watermark-987654321,STELLARGROUPSAS", "0", "DonPasci"
"2025-12-12 20:02:05", "1677482", "156.234.145.45:8712", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:38", "100", "https://search.censys.io/hosts/156.234.145.45", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2025-12-12 19:57:28", "1677480", "short.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 20:02:41", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 19:47:50", "1677478", "6xy2.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:53:42", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 19:35:18", "1677477", "fdvfr.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:41:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 19:27:04", "1677476", "hill.n0uvpu7itan.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:27:56", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 19:17:16", "1677474", "dur71.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:19:44", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 19:07:59", "1677473", "flame.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:10:36", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:54:15", "1677469", "157.230.131.89:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 18:54:15", "1677470", "167.172.56.254:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 18:54:14", "1677468", "167.99.207.16:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 18:54:13", "1677467", "165.22.156.232:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 18:54:12", "1677466", "143.110.168.110:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 18:54:11", "1677465", "192.241.141.249:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 18:54:02", "1677464", "147.182.138.189:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 18:54:01", "1677463", "206.189.66.166:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 18:54:00", "1677462", "64.227.55.187:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 18:52:35", "1677461", "beta.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 19:02:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:47:22", "1677460", "31.220.89.71:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-14 15:46:40", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-12 18:46:50", "1677459", "k5i.pr2ctsu7v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:48:30", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:46:11", "1677458", "184.174.32.240:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-14 15:45:26", "75", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2025-12-12 18:44:08", "1677457", "136.0.157.158:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-14 15:43:53", "75", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2025-12-12 18:43:44", "1677456", "109.145.252.9:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-12-14 15:43:37", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch"
"2025-12-12 18:38:53", "1677165", "165.227.234.4:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 18:38:03", "1677009", "omega.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:39:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:35:10", "1676976", "80.211.137.34:3413", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch"
"2025-12-12 18:27:14", "1676975", "6t5.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:28:38", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:17:26", "1676974", "river.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:19:24", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:07:12", "1676973", "au.1nju5tred.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 18:09:21", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 18:02:58", "1676972", "sodendick-39162.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251212-vd96astldy", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2025-12-12 18:02:13", "1676970", "1.tcp.clar.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-qwd4csdm2w", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-12 18:02:12", "1676968", "2.56.165.27:9111", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-rafwhasnes", "AS204914,C2,triage,xworm", "0", "DonPasci"
"2025-12-12 18:02:12", "1676969", "8.tcp.clar.top", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-qzd8ja1qbq", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-12 18:02:11", "1676966", "entire-so.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-wdyypstnaq", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-12 18:02:11", "1676967", "dad9idois-44752.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251212-tnvypatjdz", "C2,domain,triage,xworm", "0", "DonPasci"
"2025-12-12 17:58:28", "1676771", "xk8.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:59:47", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:48:03", "1676770", "hdbg.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:49:11", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:34:40", "1676767", "sdsu.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:35:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:28:01", "1676766", "2vv6.adm1rep1ay.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:28:58", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:17:44", "1676763", "inter.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:19:01", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:07:26", "1676762", "wind.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:08:34", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 17:05:28", "1676761", "leqdger.click", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake,ClickFix", "0", "threatcat_ch"
"2025-12-12 16:57:48", "1676759", "8cu.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 17:04:03", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 16:54:31", "1676758", "124.220.231.155:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:49:19", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-12-12 16:52:46", "1676757", "9vq0tzgx64793.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-14 15:48:28", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-12-12 16:47:23", "1676756", "i6.co0perport5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:49:17", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 16:43:32", "1676755", "138.68.136.84:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 16:38:05", "1676754", "1tza.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:39:21", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 16:36:02", "1676753", "91.92.243.254:80", "ip:port", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "2025-12-14 16:00:04", "50", "https://tracker.viriback.com/index.php?q=91.92.243.254", "Lokibot,ViriBack", "0", "abuse_ch"
"2025-12-12 16:27:43", "1676751", "188.166.181.135:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 16:27:43", "1676752", "164.90.203.98:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 16:27:42", "1676750", "139.59.78.96:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 16:27:41", "1676749", "209.97.182.186:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 16:27:40", "1676748", "139.59.125.228:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 16:27:38", "1676747", "143.110.188.80:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 16:27:37", "1676746", "157.245.146.209:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 16:27:36", "1676745", "139.59.39.130:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 16:27:34", "1676744", "206.189.127.228:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 16:27:33", "1676743", "68.183.176.122:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "None", "AISURU", "0", "abuse_ch"
"2025-12-12 16:27:15", "1676742", "mouc.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:32:59", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 16:24:08", "1676724", "http://77.105.161.133", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "stealc", "0", "amznemu"
"2025-12-12 16:24:07", "1676702", "intercttp.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/ffd46048b8ead14d5bd8c05d340fe00b6695093dac18ad55eda6d74457fe29ae/", "c2", "0", "burger"
"2025-12-12 16:24:07", "1676706", "italy-divine.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu"
"2025-12-12 16:24:06", "1676708", "147.185.221.31:63171", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu"
"2025-12-12 16:24:05", "1676709", "185.91.127.175:1330", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "", "xworm", "0", "amznemu"
"2025-12-12 16:24:05", "1676721", "content-v2-verisoiu.icu", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-14 15:00:40", "100", "", "stealc", "0", "amznemu"
"2025-12-12 16:24:04", "1676722", "joyeriatauro.com", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "stealc", "0", "amznemu"
"2025-12-12 16:21:17", "1676741", "208.123.119.235:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-12-13 00:53:44", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch"
"2025-12-12 16:21:13", "1676740", "216.189.145.14:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-12-13 00:23:27", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch"
"2025-12-12 16:21:12", "1676739", "208.123.119.236:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-12-13 00:53:34", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch"
"2025-12-12 16:21:11", "1676738", "208.123.119.198:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-12-13 00:53:33", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch"
"2025-12-12 16:18:01", "1676737", "alpha.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:20:15", "100", "None", "ClearFake", "0", "threatcat_ch"
"2025-12-12 16:07:45", "1676736", "z9s.starl1tewave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-12 16:09:59", "100", "None", "ClearFake", "0", "threatcat_ch"
# Number of entries: 910