################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2025-03-29 08:02:03 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-03-29 08:02:03", "1460914", "webmail.f.multi-canale.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+webmail.f.multi-canale.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 08:02:03", "1460915", "cpcontacts.b.ora-0-web.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpcontacts.b.ora-0-web.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 08:02:03", "1460916", "management.faleze.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/94.154.34.47+management.faleze.com", "AS210538,C2,censys,Gafgyt,KEYUBU,open-dir", "0", "DonPasci" "2025-03-29 08:02:02", "1460913", "cpanel.multi-canale.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpanel.multi-canale.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 08:01:44", "1460912", "18.116.31.108:3260", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.116.31.108", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-03-29 08:01:37", "1460910", "93.183.81.23:4433", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/93.183.81.23", "AS9123,C2,censys,Havoc,TIMEWEB-AS", "0", "DonPasci" "2025-03-29 08:01:37", "1460911", "78.135.93.218:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/78.135.93.218", "AS214036,C2,censys,Havoc,ULTAHOST-AS", "0", "DonPasci" "2025-03-29 08:01:23", "1460909", "156.238.237.180:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/156.238.237.180", "AS142032,C2,censys,HFTCL-AS-AP,Quasar,RAT", "0", "DonPasci" "2025-03-29 08:01:22", "1460908", "45.141.233.64:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/45.141.233.64", "AS214943,C2,censys,Hookbot,RAILNET", "0", "DonPasci" "2025-03-29 08:01:16", "1460907", "23.95.162.53:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/23.95.162.53", "AS19318,AsyncRAT,C2,censys,IS-AS-1,RAT", "0", "DonPasci" "2025-03-29 08:00:48", "1460906", "45.78.63.125:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "", "100", "https://search.censys.io/hosts/45.78.63.125", "AS25820,C2,censys,IT7NET,Pupy,RAT", "0", "DonPasci" "2025-03-29 08:00:47", "1460905", "173.225.102.145:5938", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/173.225.102.145", "AS19318,C2,censys,IS-AS-1,RAT,Remcos", "0", "DonPasci" "2025-03-29 08:00:46", "1460902", "176.65.143.147:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/176.65.143.147", "AS215208,C2,censys,DOLPHINNETWORKS,RAT,Remcos", "0", "DonPasci" "2025-03-29 08:00:46", "1460903", "206.123.152.106:2565", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/206.123.152.106", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2025-03-29 08:00:46", "1460904", "144.172.92.114:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/144.172.92.114", "AS14956,C2,censys,RAT,Remcos,ROUTERHOSTING", "0", "DonPasci" "2025-03-29 08:00:24", "1460900", "1.94.15.117:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/1.94.15.117", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-03-29 08:00:24", "1460901", "1.12.233.147:8085", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/1.12.233.147", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-03-29 07:53:58", "1460899", "https://check.zahyt.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-29 07:50:33", "1460897", "https://usesccapewz.run/ANSbwqy", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/bdf029830c1486c2aab8224efe162dc64f9c1e77940033e26fcdbf68a958f0b2/", "lumma", "0", "abuse_ch" "2025-03-29 07:50:15", "1460896", "https://5travewlio.shop/ZNxbHi", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/bdf029830c1486c2aab8224efe162dc64f9c1e77940033e26fcdbf68a958f0b2/", "lumma", "0", "abuse_ch" "2025-03-29 07:43:41", "1460822", "https://clickbit.cc/files/update.exe", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://x.com/ilikemalware71/status/1905750913345835295", "botnet,stealer", "0", "iLikeMalware" "2025-03-29 07:43:40", "1460894", "check.taxaq.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-29 07:33:30", "1460895", "https://check.taxaq.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-29 07:20:42", "1460893", "nebuxisn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-03-29 07:20:09", "1460889", "indian-alternate.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-29 07:20:09", "1460890", "resources-legacy.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-29 07:20:09", "1460891", "someone-manually.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-29 07:20:09", "1460892", "ticket90867-33014.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-29 07:19:50", "1460885", "ddffg-52874.portmap.host", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-03-29 07:19:50", "1460886", "game-glory.gl.at.ply.gg", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-03-29 07:19:50", "1460887", "swertyhgvcfrdewsquiplkjmnb.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-03-29 07:19:50", "1460888", "verynicepeopleswithgreatnessgivenmebestthings.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-03-29 07:19:31", "1460883", "chris1212-43098.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-03-29 07:19:31", "1460884", "quassar53-43603.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-03-29 07:19:17", "1460882", "77.96.238.78:8808", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "50", "", "c2,orcus", "0", "juroots" "2025-03-29 07:18:49", "1460881", "https://pastebin.com/raw/hwhSKDaJ", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-03-29 07:18:08", "1460880", "http://161.97.187.28/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/0195e0c3-e0a8-7000-9022-a7fb1d8a28ce", "c2,hookbot,urlscan", "0", "juroots" "2025-03-29 07:17:17", "1460879", "https://kick.moi/spycamlive", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0195e0c3-191e-7440-ab3b-1a5b6c6cd1e4", "fakecaptcha,urlscan", "0", "juroots" "2025-03-29 07:16:47", "1460878", "3.142.83.199:8406", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/3.142.83.199#8406", "c2,netbus,shodan", "0", "juroots" "2025-03-29 07:16:37", "1460877", "89.150.40.35:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/89.150.40.35#80", "c2,shodan,spicerat", "0", "juroots" "2025-03-29 07:16:23", "1460876", "23.227.203.148:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://www.shodan.io/host/23.227.203.148#443", "c2,havoc,shodan", "0", "juroots" "2025-03-29 07:16:10", "1460875", "114.96.88.155:50050", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "https://www.shodan.io/host/114.96.88.155#50050", "c2,quasar,shodan", "0", "juroots" "2025-03-29 07:15:57", "1460874", "35.183.112.54:12271", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/35.183.112.54#12271", "c2,netsupport,shodan", "0", "juroots" "2025-03-29 07:15:38", "1460873", "78.171.42.106:3001", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/78.171.42.106#3001", "asyncrat,c2,shodan", "0", "juroots" "2025-03-29 07:15:25", "1460872", "27.44.204.13:22001", "ip:port", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "", "50", "https://www.shodan.io/host/27.44.204.13#22001", "c2,shadowpad,shodan", "0", "juroots" "2025-03-29 07:14:57", "1460871", "107.158.128.43:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/107.158.128.43#31337", "c2,shodan,sliver", "0", "juroots" "2025-03-29 07:14:45", "1460869", "210.114.12.10:80", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "https://www.shodan.io/host/210.114.12.10#80", "c2,kimsuky,shodan", "0", "juroots" "2025-03-29 07:14:45", "1460870", "158.247.243.122:443", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "https://www.shodan.io/host/158.247.243.122#443", "c2,kimsuky,shodan", "0", "juroots" "2025-03-29 07:14:26", "1460868", "222.118.241.116:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/222.118.241.116#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2025-03-29 07:14:07", "1460867", "212.192.15.218:8848", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/212.192.15.218#8848", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:05", "1460862", "39.105.6.249:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/39.105.6.249#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:05", "1460863", "16.63.123.202:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/16.63.123.202#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:05", "1460864", "39.104.59.203:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/39.104.59.203#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:05", "1460865", "116.205.188.204:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/116.205.188.204#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:05", "1460866", "66.135.9.239:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/66.135.9.239#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:04", "1460857", "120.26.248.136:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/120.26.248.136#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:04", "1460858", "103.241.74.142:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/103.241.74.142#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:04", "1460859", "154.219.96.211:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/154.219.96.211#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:04", "1460860", "139.159.139.153:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/139.159.139.153#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:04", "1460861", "118.25.85.198:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/118.25.85.198#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:03", "1460853", "154.23.161.106:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/154.23.161.106#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:03", "1460854", "154.21.200.165:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/154.21.200.165#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:03", "1460855", "113.44.151.118:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/113.44.151.118#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:03", "1460856", "39.107.68.127:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/39.107.68.127#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:02", "1460850", "113.45.157.84:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/113.45.157.84#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:02", "1460851", "47.96.145.94:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.96.145.94#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:02", "1460852", "111.229.78.104:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/111.229.78.104#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:01", "1460847", "104.168.96.138:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/104.168.96.138#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:01", "1460848", "115.120.251.67:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/115.120.251.67#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:01", "1460849", "103.12.149.85:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/103.12.149.85#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:00", "1460842", "47.92.71.92:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.92.71.92#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:00", "1460843", "172.245.82.84:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/172.245.82.84#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:00", "1460844", "101.200.220.44:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/101.200.220.44#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:00", "1460845", "46.101.75.53:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/46.101.75.53#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:14:00", "1460846", "106.75.61.100:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/106.75.61.100#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:13:59", "1460838", "115.120.236.12:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/115.120.236.12#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:13:59", "1460839", "123.60.176.13:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/123.60.176.13#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:13:59", "1460840", "121.37.182.16:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/121.37.182.16#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:13:59", "1460841", "47.93.25.72:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.93.25.72#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:13:58", "1460834", "111.229.149.66:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/111.229.149.66#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:13:58", "1460835", "103.82.53.18:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/103.82.53.18#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:13:58", "1460836", "47.103.98.3:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.103.98.3#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:13:58", "1460837", "156.238.233.5:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/156.238.233.5#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:13:57", "1460833", "106.54.238.71:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/106.54.238.71#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-29 07:13:33", "1460832", "117.72.13.112:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/117.72.13.112#50050", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2025-03-29 07:13:14", "1460828", "111.170.148.151:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/111.170.148.151#18443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-03-29 07:13:14", "1460829", "154.9.25.218:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/154.9.25.218#18443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-03-29 07:13:14", "1460830", "107.172.140.197:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/107.172.140.197#18443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-03-29 07:13:14", "1460831", "118.178.187.223:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/118.178.187.223#18443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-03-29 07:13:13", "1460826", "23.95.193.207:9178", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/23.95.193.207#9178", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-03-29 07:13:13", "1460827", "101.126.87.67:8002", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/101.126.87.67#8002", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-03-29 07:12:47", "1460823", "154.9.254.157:10012", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/154.9.254.157#10012", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-03-29 07:12:47", "1460824", "154.12.39.134:10011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/154.12.39.134#10011", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-03-29 07:12:47", "1460825", "107.175.83.194:4400", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/107.175.83.194#4400", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-03-29 06:52:34", "1460820", "check.nagec.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-29 06:52:33", "1460819", "https://check.nagec.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-29 06:37:29", "1460815", "117.173.245.176:9205", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/117.173.245.176", "AS9808,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-29 06:37:29", "1460816", "200.91.114.57:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "100", "https://search.censys.io/hosts/200.91.114.57", "AS11830,C2,censys", "0", "dyingbreeds_" "2025-03-29 06:37:28", "1460812", "13.71.133.198:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.71.133.198", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-03-29 06:37:28", "1460814", "20.83.174.144:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/20.83.174.144", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-03-29 06:37:27", "1460813", "154.38.182.185:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.38.182.185", "AS40021,censys,GoPhish,NL-811-40021,Phishing", "0", "dyingbreeds_" "2025-03-29 06:37:26", "1460810", "20.222.176.207:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/20.222.176.207", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-03-29 06:37:26", "1460811", "159.69.3.57:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/159.69.3.57", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-03-29 06:37:25", "1460808", "156.59.152.18:8090", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/156.59.152.18", "AS21859,Botnet,byob,C2,censys,ZEN-ECN", "0", "dyingbreeds_" "2025-03-29 06:37:25", "1460809", "64.227.147.245:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/64.227.147.245", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-29 06:37:24", "1460789", "http://213.176.73.72/api/YTAsODYsODIsOWQsYTEsODgsOTAsOTUsNjUsN2Qs", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "75", "", "SmartLoader", "0", "tcains1" "2025-03-29 06:37:24", "1460807", "196.251.72.5:5555", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.72.5", "AS401120,C2,censys,CHEAPY-HOST,RAT", "0", "dyingbreeds_" "2025-03-29 06:37:23", "1460788", "http://89.169.12.78/api/YTAsODYsODIsOWQsYTEsODgsOTAsOTUsNjUsN2Qs", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "75", "", "SmartLoader", "0", "tcains1" "2025-03-29 06:37:20", "1460781", "http://111.231.144.231:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS45090,Shenzhen Tencent Computer Systems Company Limited,supershell", "0", "antiphishorg" "2025-03-29 06:37:19", "1460732", "94.156.177.6:1913", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://x.com/ilikemalware71/status/1905573727527731283", "botnet,crypto,stealer", "0", "iLikeMalware" "2025-03-29 06:37:19", "1460779", "check.ticyb.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-29 06:37:18", "1460714", "https://rednoticeice3.com/OGRmNmViNzM5ZGU2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-03-29 06:37:18", "1460731", "94.156.227.204:1913", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://x.com/ilikemalware71/status/1905573727527731283", "botnet,crypto,stealer", "0", "iLikeMalware" "2025-03-29 06:37:17", "1460717", "https://kahverengiayii3.com/OGRmNmViNzM5ZGU2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-03-29 06:37:17", "1460729", "check.nifom.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-29 06:37:16", "1460715", "https://mavibalina522.com/OGRmNmViNzM5ZGU2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-03-29 06:37:16", "1460716", "https://siyahpanpanter2.com/OGRmNmViNzM5ZGU2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-03-29 06:37:15", "1460701", "http://154.201.69.66:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS142032,High Family Technology Co. Limited,supershell", "0", "antiphishorg" "2025-03-29 06:37:15", "1460713", "https://kirmiziadim.com/OGRmNmViNzM5ZGU2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-03-29 06:37:11", "1460691", "104.234.168.3:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "c2,ssh,succubus", "0", "redrabytes" "2025-03-29 06:09:15", "1460817", "91.212.166.183:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "", "tier-1", "0", "Rony" "2025-03-29 06:09:15", "1460818", "91.212.166.184:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "", "tier-1", "0", "Rony" "2025-03-29 04:02:07", "1460806", "195.82.147.26:19000", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/195.82.147.26", "AS203834,C2,censys,DEDBROPRO-AS,rhadamanthys,stealer", "0", "DonPasci" "2025-03-29 04:02:06", "1460805", "195.82.147.36:19000", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/195.82.147.36", "AS203834,C2,censys,DEDBROPRO-AS,rhadamanthys,stealer", "0", "DonPasci" "2025-03-29 04:01:48", "1460801", "cpanel.aa.104-168-101-27.cprapid.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpanel.aa.104-168-101-27.cprapid.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 04:01:48", "1460802", "mail.c.ora-0-web.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+mail.c.ora-0-web.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 04:01:48", "1460803", "cpanel.i.web-app-on.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpanel.i.web-app-on.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 04:01:48", "1460804", "autodiscover.aaa.104-168-101-27.cprapid.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+autodiscover.aaa.104-168-101-27.cprapid.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 04:01:47", "1460797", "cpanel.adesso-online.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpanel.adesso-online.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 04:01:47", "1460798", "cpcalendars.eversioneweb.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpcalendars.eversioneweb.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 04:01:47", "1460799", "webdisk.d.ora-0-web.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+webdisk.d.ora-0-web.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 04:01:47", "1460800", "webmail.oraonweb.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+webmail.oraonweb.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 04:01:27", "1460795", "175.178.37.75:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/175.178.37.75", "AS45090,C2,censys,DcRAT,RAT,TENCENT-NET-AP", "0", "DonPasci" "2025-03-29 04:01:27", "1460796", "186.169.47.146:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/186.169.47.146", "AS3816,C2,censys,COLOMBIA,DcRAT,RAT", "0", "DonPasci" "2025-03-29 04:01:13", "1460794", "181.162.184.208:8080", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/181.162.184.208", "AS7418,C2,censys,Quasar,RAT,TELEFONICA", "0", "DonPasci" "2025-03-29 04:00:40", "1460793", "194.26.192.250:1000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/194.26.192.250", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2025-03-29 04:00:39", "1460792", "172.111.244.134:46167", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/172.111.244.134", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2025-03-29 02:54:18", "1460791", "148.66.2.196:8083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-29 02:53:07", "1460790", "1.92.96.35:8033", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-29 01:15:05", "1460780", "https://check.ticyb.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-29 00:40:07", "1460778", "http://182.119.62.111:47274/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf" "2025-03-29 00:01:52", "1460777", "api.faleze.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/94.154.34.47+api.faleze.com", "AS210538,C2,censys,Gafgyt,KEYUBU,open-dir", "0", "DonPasci" "2025-03-29 00:01:51", "1460776", "cpcalendars.e.ora-0-web.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpcalendars.e.ora-0-web.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-29 00:01:44", "1460775", "84.27.0.166:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/84.27.0.166", "AS33915,C2,censys,panel,TNF-AS,Unam", "0", "DonPasci" "2025-03-29 00:01:37", "1460774", "118.31.70.79:8082", "ip:port", "botnet_cc", "win.vshell", "None", "Vshell", "", "100", "https://search.censys.io/hosts/118.31.70.79", "ALIBABA-CN-NET,AS37963,C2,censys,Vshell", "0", "DonPasci" "2025-03-29 00:01:32", "1460772", "54.193.120.169:15927", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/54.193.120.169", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-03-29 00:01:32", "1460773", "54.193.120.169:59877", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/54.193.120.169", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-03-29 00:01:26", "1460769", "23.227.202.141:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.202.141", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-03-29 00:01:26", "1460770", "23.227.202.141:10443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.202.141", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-03-29 00:01:26", "1460771", "23.227.202.141:15443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.202.141", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-03-29 00:01:25", "1460766", "23.227.203.148:15443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.203.148", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-03-29 00:01:25", "1460767", "52.224.246.136:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/52.224.246.136", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-03-29 00:01:25", "1460768", "52.224.246.136:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/52.224.246.136", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-03-29 00:01:24", "1460765", "23.227.203.148:10443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.203.148", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-03-29 00:01:14", "1460763", "185.147.125.101:45051", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/185.147.125.101", "AS49505,C2,censys,Hookbot,SELECTEL", "0", "DonPasci" "2025-03-29 00:01:14", "1460764", "45.150.34.163:8082", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/45.150.34.163", "AS215826,C2,censys,Hookbot,PARTNER-HOSTING-LTD", "0", "DonPasci" "2025-03-29 00:01:08", "1460762", "198.23.227.175:8801", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/198.23.227.175", "AS-COLOCROSSING,AS36352,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-03-29 00:01:07", "1460760", "196.251.72.213:7777", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.72.213", "AS401115,AsyncRAT,C2,censys,EKABI,RAT", "0", "DonPasci" "2025-03-29 00:01:07", "1460761", "196.251.72.213:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.72.213", "AS401115,AsyncRAT,C2,censys,EKABI,RAT", "0", "DonPasci" "2025-03-29 00:01:06", "1460759", "193.233.254.124:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/193.233.254.124", "AS215826,AsyncRAT,C2,censys,PARTNER-HOSTING-LTD,RAT", "0", "DonPasci" "2025-03-29 00:01:05", "1460758", "66.103.194.37:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/66.103.194.37", "AS35916,C2,censys,MULTA-ASN1,Supershell", "0", "DonPasci" "2025-03-29 00:01:04", "1460757", "123.60.23.234:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/123.60.23.234", "AS55990,C2,censys,HWCSNET,Supershell", "0", "DonPasci" "2025-03-29 00:00:57", "1460756", "https://sysmeshm.run/GossaIO", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/e7ae90f816d8eeddad754d0d801e1eba9c49a4bd0cafecc2a7f3bc3acc03556b/", "lumma", "0", "abuse_ch" "2025-03-29 00:00:49", "1460754", "https://oweldorae.digital/geds", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/7f012c8c8b238b229456a83297019947c65dd14d8647bc4548f7d3f064fc4f70/", "lumma", "0", "abuse_ch" "2025-03-29 00:00:49", "1460755", "https://qweldorae.digital/geds", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/e7ae90f816d8eeddad754d0d801e1eba9c49a4bd0cafecc2a7f3bc3acc03556b/", "lumma", "0", "abuse_ch" "2025-03-29 00:00:43", "1460753", "134.199.223.40:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/134.199.223.40", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-03-29 00:00:42", "1460752", "92.112.53.174:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/92.112.53.174", "AS212238,C2,CDNEXT,censys,Sliver", "0", "DonPasci" "2025-03-29 00:00:38", "1460750", "194.59.31.18:2026", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/194.59.31.18", "AS399486,C2,censys,RAT,Remcos,VIRTUO", "0", "DonPasci" "2025-03-29 00:00:38", "1460751", "172.111.139.254:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/172.111.139.254", "AS212238,C2,CDNEXT,censys,RAT,Remcos", "0", "DonPasci" "2025-03-29 00:00:37", "1460749", "45.83.31.38:4000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/45.83.31.38", "AS23470,C2,censys,RAT,RELIABLESITE,Remcos", "0", "DonPasci" "2025-03-29 00:00:28", "1460748", "https://6steelixr.live/aguiz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/e7ae90f816d8eeddad754d0d801e1eba9c49a4bd0cafecc2a7f3bc3acc03556b/", "lumma", "0", "abuse_ch" "2025-03-29 00:00:23", "1460746", "207.180.235.180:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/207.180.235.180", "AS51167,C2,censys,CobaltStrike,CONTABO,cs-watermark-987654321", "0", "DonPasci" "2025-03-29 00:00:23", "1460747", "207.180.235.180:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/207.180.235.180", "AS51167,C2,censys,CobaltStrike,CONTABO,cs-watermark-987654321", "0", "DonPasci" "2025-03-29 00:00:22", "1460745", "120.26.248.136:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/120.26.248.136", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-03-28 23:55:33", "1460744", "https://forgeixv.digital/posaf", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/582594a6029cf9285ae00be9b5dfe82e95b9c6d1e6f3c6edff2b42425f9b69e7/", "lumma", "0", "abuse_ch" "2025-03-28 23:55:23", "1460743", "https://9castmaxw.run/ganzde", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/582594a6029cf9285ae00be9b5dfe82e95b9c6d1e6f3c6edff2b42425f9b69e7/", "lumma", "0", "abuse_ch" "2025-03-28 23:55:22", "1460741", "https://2advennture.top/GKsiio", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/582594a6029cf9285ae00be9b5dfe82e95b9c6d1e6f3c6edff2b42425f9b69e7/", "lumma", "0", "abuse_ch" "2025-03-28 23:55:22", "1460742", "https://7devcodeu.digital/ALksJK", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/7f012c8c8b238b229456a83297019947c65dd14d8647bc4548f7d3f064fc4f70/", "lumma", "0", "abuse_ch" "2025-03-28 23:55:21", "1460740", "https://1ferromny.digital/gwpd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/582594a6029cf9285ae00be9b5dfe82e95b9c6d1e6f3c6edff2b42425f9b69e7/", "lumma", "0", "abuse_ch" "2025-03-28 23:50:38", "1460739", "https://steelonb.live/jkasfz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/e71f1a3b5fa9efd9c6b2ef512902f852bf3b8e1cf9f395292f01d72753173062/", "lumma", "0", "abuse_ch" "2025-03-28 23:50:35", "1460738", "https://starjetv.run/GPazo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/1a3176c58188a6bf5a487d8f0278d2987871b09ce6c504b966db639d9637e91b/", "lumma", "0", "abuse_ch" "2025-03-28 23:50:29", "1460737", "https://gtargett.top/dsANGt", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/1a3176c58188a6bf5a487d8f0278d2987871b09ce6c504b966db639d9637e91b/", "lumma", "0", "abuse_ch" "2025-03-28 23:50:25", "1460736", "https://dsmeltingt.run/giiaus", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/e71f1a3b5fa9efd9c6b2ef512902f852bf3b8e1cf9f395292f01d72753173062/", "lumma", "0", "abuse_ch" "2025-03-28 23:45:33", "1460735", "https://oreformr.digital/iowrz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/25f70706aec815cd3c424729776f8e4e322409a1b14ab827e37522791481ba59/", "lumma", "0", "abuse_ch" "2025-03-28 23:45:32", "1460734", "https://melteryb.digital/oagniz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/c4c9bef134762d4b6081eda00509214ef46fa4ab97f2be8b17f8c23a69ec3ac5/", "lumma", "0", "abuse_ch" "2025-03-28 23:45:21", "1460733", "https://3advennture.top/GKsiio", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/c4c9bef134762d4b6081eda00509214ef46fa4ab97f2be8b17f8c23a69ec3ac5/", "lumma", "0", "abuse_ch" "2025-03-28 21:09:36", "1460730", "https://check.nifom.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 20:52:19", "1460728", "8.217.245.162:11601", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-03-28 20:51:40", "1460727", "61.182.130.83:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-03-28 20:51:03", "1460726", "47.117.146.230:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-03-28 20:49:42", "1460725", "31.130.150.13:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-03-28 20:49:18", "1460723", "219.229.81.200:8868", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-03-28 20:49:18", "1460724", "219.229.81.201:8868", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-03-28 20:48:57", "1460722", "206.71.148.110:80", "ip:port", "botnet_cc", "win.broomstick", "CLEANBOOST,CleanUp,CleanUpLoader,Oyster", "Broomstick", "", "75", "None", "Broomstick,drb-ra,Oyster", "0", "abuse_ch" "2025-03-28 20:47:37", "1460721", "190.31.201.122:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-03-28 20:47:19", "1460720", "185.223.207.107:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-03-28 20:47:15", "1460719", "185.196.8.217:80", "ip:port", "botnet_cc", "win.broomstick", "CLEANBOOST,CleanUp,CleanUpLoader,Oyster", "Broomstick", "", "75", "None", "Broomstick,drb-ra,Oyster", "0", "abuse_ch" "2025-03-28 20:44:02", "1460718", "118.178.184.126:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-03-28 20:01:59", "1460712", "doubleredstudio.doublered.co.uk", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/172.67.214.117+doubleredstudio.doublered.co.uk", "AS13335,C2,censys,CLOUDFLARENET,Gafgyt,open-dir", "0", "DonPasci" "2025-03-28 20:01:51", "1460711", "158.255.2.21:8088", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "", "100", "https://search.censys.io/hosts/158.255.2.21", "AS50867,censys,Chaos,ORG-LVA15-AS,panel", "0", "DonPasci" "2025-03-28 20:01:50", "1460710", "www.baker221.co.uk", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/20.83.181.241+www.baker221.co.uk", "AS8075,censys,EvilGinx,MICROSOFT-CORP-MSN-AS-BLOCK,panel,Phishing", "0", "DonPasci" "2025-03-28 20:01:18", "1460709", "191.17.93.14:5000", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/191.17.93.14", "AS27699,C2,censys,Quasar,RAT,TELEFONICA", "0", "DonPasci" "2025-03-28 20:01:16", "1460708", "37.60.254.174:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/37.60.254.174", "AS51167,C2,censys,CONTABO,Mythic", "0", "DonPasci" "2025-03-28 20:01:09", "1460707", "45.77.36.30:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.77.36.30", "AS-VULTR,AS20473,C2,censys,Supershell", "0", "DonPasci" "2025-03-28 20:00:40", "1460704", "musing-brown.185-38-142-181.plesk.page", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/185.38.142.181+musing-brown.185-38-142-181.plesk.page", "AS47674,C2,censys,NETSOLUTIONS,RAT,Remcos", "0", "DonPasci" "2025-03-28 20:00:40", "1460705", "3.99.173.173:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/3.99.173.173", "AMAZON-02,AS16509,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-03-28 20:00:40", "1460706", "54.39.19.186:47824", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/54.39.19.186", "AS16276,C2,censys,OVH,RAT,Remcos", "0", "DonPasci" "2025-03-28 20:00:22", "1460703", "115.120.251.67:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/115.120.251.67", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-03-28 20:00:21", "1460702", "41.143.215.45:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/41.143.215.45", "AS36903,C2,censys,CobaltStrike,cs-watermark-987654321,MT-MPLS", "0", "DonPasci" "2025-03-28 16:57:12", "1460690", "54.93.36.37:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-28 16:56:55", "1460689", "47.237.86.35:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-28 16:56:24", "1460688", "ru.ap.4t.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-03-28 16:56:12", "1460687", "https://ru.ap.4t.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-03-28 16:55:58", "1460686", "196.251.70.183:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-28 16:55:52", "1460685", "191.251.70.183:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-28 16:26:17", "1460678", "xrp-electrum.top", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/cd78e094-adc0-4cd8-934a-5dd079790c64", "c2", "0", "boruch" "2025-03-28 16:26:16", "1460679", "130.195.222.202:80", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/cd78e094-adc0-4cd8-934a-5dd079790c64", "c2", "0", "boruch" "2025-03-28 16:26:16", "1460680", "130.195.222.202:443", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/cd78e094-adc0-4cd8-934a-5dd079790c64", "c2", "0", "boruch" "2025-03-28 16:26:15", "1460681", "130.195.222.199:80", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/cd78e094-adc0-4cd8-934a-5dd079790c64", "c2", "0", "boruch" "2025-03-28 16:26:15", "1460682", "130.195.222.199:443", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/cd78e094-adc0-4cd8-934a-5dd079790c64", "c2", "0", "boruch" "2025-03-28 16:26:07", "1460073", "electrumxrp.org", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "infostealer,stealer", "0", "boruch" "2025-03-28 16:26:07", "1460074", "8f88ef7c7283a8114c3f06f8012cdfde9da9403a3a66ac9c690cf673e4f70732", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "infostealer,signed,stealer", "0", "boruch" "2025-03-28 16:26:06", "1460077", "a9623331ad45c1b3e4d0de7d126db5f11974ae39", "sha1_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "None", "0", "boruch" "2025-03-28 16:26:04", "1460075", "eb0724fdb713645b4e837d233667b0bc001986f0b3be42361b5eaf823c273d8a", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "infostealer,signed,stealer", "0", "boruch" "2025-03-28 16:26:04", "1460076", "8857d25514bdb0f72dee7d9a1684520b7ac68c9f4f3a9a7480b95e5b9bc45ccd", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "infostealer,signed,stealer", "0", "boruch" "2025-03-28 16:26:03", "1460078", "440ee31209289e0d9db982a4db75e6f04f2915a4", "sha1_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "None", "0", "boruch" "2025-03-28 16:26:03", "1460079", "9744710cfb7ab7a13cc010136bb6bf898dd91a0a", "sha1_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "None", "0", "boruch" "2025-03-28 16:10:34", "1460684", "https://metallery.run/jasfk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/62ec940b747e2c88e68bc63372145f3c5b735dccae1ff4600760363e796dfa51/", "lumma", "0", "abuse_ch" "2025-03-28 16:10:26", "1460683", "https://1oreheatq.live/gsopp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/62ec940b747e2c88e68bc63372145f3c5b735dccae1ff4600760363e796dfa51/", "lumma", "0", "abuse_ch" "2025-03-28 16:02:08", "1460677", "95.216.19.115:19000", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/95.216.19.115", "AS24940,C2,censys,HETZNER-AS,rhadamanthys,stealer", "0", "DonPasci" "2025-03-28 16:02:03", "1460676", "2.59.135.10:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/2.59.135.10", "AS58212,C2,censys,DATAFOREST,Nosviak,Panel", "0", "DonPasci" "2025-03-28 16:01:51", "1460675", "webmail.h.web-app-on.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+webmail.h.web-app-on.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-28 16:01:33", "1460674", "93.232.98.162:81", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/93.232.98.162", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci" "2025-03-28 16:01:32", "1460673", "3.127.145.44:1201", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/3.127.145.44", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-03-28 16:01:19", "1460669", "107.189.25.189:9010", "ip:port", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:19", "1460670", "95.181.164.107:15777", "ip:port", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:19", "1460671", "185.112.83.134:7772", "ip:port", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:19", "1460672", "45.33.120.118:8173", "ip:port", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460657", "key-child.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460658", "receive-probably.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460659", "below-threads.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460660", "rather-heather.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460661", "teaching-federation.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460662", "tel-mobile.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460663", "ads-cover.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460664", "hikitariko-60039.portmap.host", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460665", "shop-desperate.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460666", "length-chapel.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460667", "around-oxford.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:18", "1460668", "activities-summit.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:17", "1460654", "skillrox.no-ip.org", "domain", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:17", "1460655", "proturkey.no-ip.biz", "domain", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:17", "1460656", "ram.niekot.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460640", "os-update.serveftp.com", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460641", "decclanyo.no-ip.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460642", "windowsclean.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460643", "wio.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460644", "wowman112.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460645", "lilith.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460646", "genexsection.no-ip.info", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460647", "rawr123.no-ip.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460648", "myhost20.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460649", "vendetta32.myftp.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460650", "teammist.no-ip.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460651", "kyozaml.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460652", "octopus01.airdns.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:16", "1460653", "omfgitworks.no-ip.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460625", "37.59.186.230:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460626", "68.63.132.222:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460627", "46.228.199.142:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460628", "atteonpro.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460629", "ariesdevil2.no-ip.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460630", "edmosby.no-ip.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460631", "octopus01.ddns.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460632", "comets11.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460633", "avg007.zapto.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460634", "vendetta123.myftp.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460635", "fifou-rien.sytes.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460636", "gamber.zapto.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460637", "aimbot.no-ip.org", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460638", "dragons123.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:15", "1460639", "amira2011.no-ip.biz", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:14", "1460618", "http://ultramarketplace.eu/c", "url", "botnet_cc", "apk.trickmo", "None", "TrickMo", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:14", "1460619", "http://b-always-free.org/u3n6hcu6te3b46gc", "url", "botnet_cc", "apk.trickmo", "None", "TrickMo", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:14", "1460620", "http://techpoint.cn.com/c", "url", "botnet_cc", "apk.trickmo", "None", "TrickMo", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:14", "1460621", "http://monster-truck-mx.info/c", "url", "botnet_cc", "apk.trickmo", "None", "TrickMo", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:14", "1460622", "217.66.231.239:888", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:14", "1460623", "174.127.99.161:555", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:14", "1460624", "79.180.167.177:80", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:13", "1460614", "213.152.43.231:4258", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:13", "1460615", "45.11.229.181:606", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:13", "1460616", "45.135.194.39:5555", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:13", "1460617", "http://b-fulltime.org/u3n6hcu6te3b46gc", "url", "botnet_cc", "apk.trickmo", "None", "TrickMo", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:12", "1460607", "190.95.6.173:3460", "ip:port", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:12", "1460608", "88.28.37.138:80", "ip:port", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:12", "1460609", "24.208.80.10:82", "ip:port", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:12", "1460610", "85.17.136.169:2121", "ip:port", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:12", "1460611", "122.3.6.90:9000", "ip:port", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:12", "1460612", "194.180.158.53:23", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:12", "1460613", "185.121.13.205:4258", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:11", "1460605", "196.251.73.189:50", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.73.189", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-03-28 16:01:11", "1460606", "176.65.144.32:8008", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.65.144.32", "AS215240,AsyncRAT,C2,censys,NETRESEARCH,RAT", "0", "DonPasci" "2025-03-28 16:01:10", "1460586", "vobis.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460587", "monilecka.kicks-ass.net", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460588", "mixenshost.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460589", "5.78.134.229:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/5.78.134.229", "AS212317,AsyncRAT,C2,censys,HETZNER-CLOUD3-AS,RAT", "0", "DonPasci" "2025-03-28 16:01:10", "1460590", "pajoder.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460591", "prudv.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460592", "broski.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460593", "popipu.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460594", "connected.servegame.com", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460595", "imadez.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460596", "caliburx69.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460597", "delightss.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460598", "hacker900.zapto.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460599", "panteravt.no-ip.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460600", "updates-microsofts.3utilities.com", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460601", "softdiyers.vicp.net", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460602", "stringi.no-ip.info", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460603", "rattingpeople.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:10", "1460604", "susamen.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460565", "cleitonmaria.no-ip.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460566", "berocifss.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460567", "psycho-gfx.no-ip.info", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460568", "dnshost.no-ip.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460569", "boky2405.zapto.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460570", "nix.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460571", "rufino.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460572", "cynofield.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460573", "comp1.no-ip.info", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460574", "psyhooo.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460575", "cyber101.3utilities.com", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460576", "izjan.no-ip.info", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460577", "ipenguin.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460578", "mewtwo.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460579", "lololo.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460580", "69.dyndns.info", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460581", "methybut2c.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460582", "stray1.no-ip.info", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460583", "94.154.173.50:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/94.154.173.50", "1GSERVERS,AS14315,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-03-28 16:01:09", "1460584", "searchfordeath.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:09", "1460585", "adriano45.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:08", "1460554", "groovcerl.xyz", "domain", "botnet_cc", "win.gozi", "CRM,Gozi CRM,Papras,Snifula,Ursnif", "Gozi", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:08", "1460555", "154.201.69.66:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.201.69.66", "AS142032,C2,censys,HFTCL-AS-AP,Supershell", "0", "DonPasci" "2025-03-28 16:01:08", "1460556", "sf1.no-ip.info", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:08", "1460557", "langley.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:08", "1460558", "cftmoon.no-ip.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:08", "1460559", "nonshock45.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:08", "1460560", "baddiss972.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:08", "1460561", "amokianer.no-ip.info", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:08", "1460562", "bb77.no-ip.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:08", "1460563", "shahktargenio.no-ip.info", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:08", "1460564", "cyberserver.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:07", "1460546", "193.42.96.15:12434", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:07", "1460547", "ichbincool.ddns.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:07", "1460548", "reftel.ddns.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:07", "1460549", "googlehost-main.onthewifi.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:07", "1460550", "lilytest1.ddns.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:07", "1460551", "georgestephensfurry.ddns.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:07", "1460552", "ichbin1337.ddns.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:07", "1460553", "ts61.duckdns.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:06", "1460543", "167.71.56.116:22364", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:06", "1460544", "188.92.191.202:1177", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:06", "1460545", "37.46.211.91:80", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460526", "aali13212.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460527", "tibeve7951.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460528", "we404.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460529", "ssssss.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460530", "ufd1.no-ip.biz", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460531", "paodequeijo.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460532", "if-contest.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460533", "lol2018.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460534", "mrtorrent32.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460535", "mhzlh3dev.hopto.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460536", "sniper30.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460537", "saint8951.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460538", "3bada.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460539", "ghwls44.codns.com", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460540", "frifra.hopto.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460541", "fortoriko.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:04", "1460542", "karar.zapto.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460507", "kamel-hacker.no-ip.biz", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460508", "z88.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460509", "dawid10666-47477.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460510", "gdgdfgs.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460511", "taskeng.sytes.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460512", "rayz511.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460513", "wso22.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460514", "z5ao.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460515", "azrail.myftp.biz", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460516", "sun-jpeg.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460517", "tnaktfik.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460518", "moumenmehdi.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460519", "cloni.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460520", "holyfuckingshit.zapto.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460521", "dedekond33.zapto.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460522", "vncdz213.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460523", "disha2024.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460524", "marseille64.jumpingcrab.com", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:03", "1460525", "alfaz-24806.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:02", "1460499", "googlescholar.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:02", "1460500", "nickiwhicki-39201.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:02", "1460501", "error86eg.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:02", "1460502", "xpalhack.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:02", "1460503", "rantu.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:02", "1460504", "basmtrke00.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:02", "1460505", "love50.no-ip.biz", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:01:02", "1460506", "match-monte.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:59", "1460495", "217.138.212.60:53956", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:59", "1460496", "45.61.136.244:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:59", "1460497", "45.61.136.244:7070", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:59", "1460498", "196.251.90.107:44839", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:58", "1460491", "45.61.136.244:7777", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:58", "1460492", "196.251.83.79:7812", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:58", "1460493", "176.65.144.143:5800", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:58", "1460494", "37.1.207.4:1708", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:57", "1460490", "45.61.136.244:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460477", "hftook7lmaroutsg2.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460478", "hajouts8koumis4.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460479", "hajouts8koumis2.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460480", "valromeximsrl.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460481", "hftook7lmaroutsg4.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460482", "jlonjaretsartvonrohr.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460483", "brugallant.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460484", "goodthingswithgreathappinescomingsoon.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460485", "hajouts8koumis3.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460486", "computador12.ddns-ip.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460487", "amuselabs.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460488", "gugrant11bk.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:56", "1460489", "hftook7lmaroutsg5.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460463", "www.wv-as.de", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460464", "dyndico.from-il.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460465", "dr.is-gone.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460466", "hftook7lmaroutsg1.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460467", "latestrem.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460468", "backup212.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460469", "gugrant-gu.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460470", "hftook7lmaroutsg3.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460471", "hajouts8koumis1.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460472", "odumagamba.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460473", "newstartofthisyearforrichmillionairegoodfordream.ydns.eu", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460474", "funky333.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460475", "dico.on-the-web.tv", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:55", "1460476", "gugrant-gubk.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:54", "1460461", "nvdiemozess.broke-it.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:54", "1460462", "www.tla-auto.fr", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:53", "1460458", "147.185.221.26:4444", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:53", "1460459", "77.83.242.113:2020", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:53", "1460460", "195.177.94.6:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:52", "1460447", "185.84.160.71:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:52", "1460448", "89.190.158.149:6666", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:52", "1460449", "147.185.221.26:60364", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:52", "1460450", "147.185.221.27:7605", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:52", "1460451", "45.139.104.175:3703", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:52", "1460452", "193.161.193.99:24267", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:52", "1460453", "94.159.113.64:4411", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:52", "1460454", "147.185.221.27:9999", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:52", "1460455", "31.166.229.37:1252", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:52", "1460456", "147.185.221.27:7252", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:52", "1460457", "212.224.93.247:5605", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:51", "1460436", "107.172.44.175:4489", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:51", "1460437", "176.65.134.217:7011", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:51", "1460438", "174.89.92.252:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:51", "1460439", "147.185.221.27:10546", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:51", "1460440", "176.65.143.140:7232", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:51", "1460441", "192.3.101.149:3535", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:51", "1460442", "196.251.92.5:1111", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:51", "1460443", "45.141.27.117:1919", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:51", "1460444", "147.185.221.26:58041", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:51", "1460445", "45.125.216.17:7888", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:51", "1460446", "80.76.49.46:1000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:50", "1460426", "89.39.121.169:9000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:50", "1460427", "216.250.251.96:49916", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:50", "1460428", "109.61.108.85:8848", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:50", "1460429", "147.185.221.26:20448", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:50", "1460430", "196.251.113.41:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:50", "1460431", "196.251.70.206:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:50", "1460432", "147.185.221.23:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:50", "1460433", "147.185.221.25:27380", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:50", "1460434", "147.185.221.26:29882", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:50", "1460435", "195.177.94.1:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460414", "147.185.221.2:5123", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460415", "92.255.85.2:4372", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460416", "147.185.221.26:14704", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460417", "147.30.233.79:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460418", "83.147.240.230:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460419", "174.89.92.252:5123", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460420", "195.62.48.222:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460421", "46.197.220.52:1000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460422", "147.185.221.27:5300", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460423", "84.67.89.127:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460424", "103.78.0.137:5151", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:49", "1460425", "142.147.96.74:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:48", "1460405", "82.21.151.21:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:48", "1460406", "154.201.68.225:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:48", "1460407", "37.48.64.102:3960", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:48", "1460408", "217.195.153.81:50002", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:48", "1460409", "147.185.221.23:26347", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:48", "1460410", "147.185.221.27:2926", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:48", "1460411", "45.141.215.86:5823", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:48", "1460412", "147.185.221.26:6222", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:48", "1460413", "142.202.240.81:7232", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:46", "1460394", "september-wireless.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:46", "1460395", "resources-sleeve.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:46", "1460396", "hp-aggressive.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:46", "1460397", "fuckall11.zapto.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:46", "1460398", "authors-fitting.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:46", "1460399", "buinhatduy.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:46", "1460400", "partners-threads.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:46", "1460401", "third-gained.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:46", "1460402", "bo56ab-21516.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:46", "1460403", "bin14.ydns.eu", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:46", "1460404", "firsthiter-29408.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460378", "my-yet.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460379", "september-liverpool.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460380", "laleja4780-32500.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460381", "renzik-62271.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460382", "introduction-notre.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460383", "necessary-homepage.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460384", "remember-gene.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460385", "xyxebet-60479.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460386", "iemaiema-49611.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460387", "rexxontop-21196.portmap.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460388", "blog-inter.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460389", "secure-whilst.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460390", "fixed-uh.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460391", "however-canada.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460392", "church-converted.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:45", "1460393", "de-shopzilla.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460365", "china-limit.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460366", "bad-collector.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460367", "left-exceptional.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460368", "lukka-22869.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460369", "days-locations.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460370", "term-infrastructure.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460371", "tuesday-losses.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460372", "consider-sensors.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460373", "looking-brings.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460374", "php-saver.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460375", "hour-adidas.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460376", "floor-steam.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:44", "1460377", "nov-assumes.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460352", "chat-poster.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460353", "me-loud.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460354", "external-thanks.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460355", "expected-sega.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460356", "hair-realtor.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460357", "al-attached.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460358", "working-drain.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460359", "club-request.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460360", "adult-acquired.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460361", "digital-powerful.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460362", "many-bolivia.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:43", "1460363", "118.178.57.137:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/118.178.57.137", "ALIBABA-CN-NET,AS37963,C2,censys,Sliver", "0", "DonPasci" "2025-03-28 16:00:43", "1460364", "probably-giants.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:42", "1460347", "medicine-sports.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:42", "1460348", "inc-subdivision.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:42", "1460349", "pu9sher-60638.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:42", "1460350", "questions-when.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:42", "1460351", "support-available.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:40", "1460342", "viniterov1-24267.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:40", "1460343", "master-decor.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:40", "1460344", "availability-caution.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:40", "1460345", "nvdiemosole.broke-it.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:40", "1460346", "172.94.17.217:26076", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/172.94.17.217", "AS3223,C2,censys,RAT,Remcos,VOXILITY", "0", "DonPasci" "2025-03-28 16:00:39", "1460331", "looking-page.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:39", "1460332", "feylins-36255.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:39", "1460333", "108.171.192.252:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/108.171.192.252", "AS18450,C2,censys,RAT,Remcos,WEBNX", "0", "DonPasci" "2025-03-28 16:00:39", "1460334", "smfcs3.ydns.eu", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:39", "1460335", "santifzm-51521.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:39", "1460336", "associated-assessment.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:39", "1460337", "picture-horn.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:39", "1460338", "216.9.225.163:57090", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/216.9.225.163", "AS44382,C2,censys,FIBA,RAT,Remcos", "0", "DonPasci" "2025-03-28 16:00:39", "1460339", "function-orlando.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:39", "1460340", "bo56ab-34628.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:39", "1460341", "request-busy.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460317", "funds-zoning.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460318", "cartomen-31558.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460319", "common-interviews.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460320", "computers-copied.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460321", "or-city.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460322", "trashy123-20554.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460323", "vdtihjde7oo-57882.portmap.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460324", "exchange-grade.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460325", "face-projected.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460326", "buinhatduy01.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460327", "216.9.225.168:7070", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/216.9.225.168", "AS44382,C2,censys,FIBA,RAT,Remcos", "0", "DonPasci" "2025-03-28 16:00:38", "1460328", "would-portland.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460329", "anonymoususer0101-42054.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:38", "1460330", "short-distances.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460305", "est-explore.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460306", "puppyluv3r20091-62866.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460307", "she-signals.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460308", "fact-standings.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460309", "panpoppo-25236.portmap.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460310", "on-donors.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460311", "red-ps.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460312", "hours-rwanda.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460313", "general-marriott.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460314", "necessary-sit.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460315", "merkurez-64035.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:37", "1460316", "girls-res.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460291", "ring-staffing.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460292", "16.ip.eu.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460293", "quotes-method.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460294", "unthinkable1.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460295", "centre-health.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460296", "included-ram.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460297", "father-deck.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460298", "activity-fraser.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460299", "christmas-correlation.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460300", "mac-visit.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460301", "search-prediction.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460302", "forum-management.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460303", "t-savings.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:36", "1460304", "bo56ab-45126.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:35", "1460280", "spring-ieee.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:35", "1460281", "design-shipped.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:35", "1460282", "visoxc-36626.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:35", "1460283", "larger-pose.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:35", "1460284", "cartomen-43567.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:35", "1460285", "tech-charitable.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:35", "1460286", "phone-officer.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:35", "1460287", "kingsbkup1.ydns.eu", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:35", "1460288", "gas-representative.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:35", "1460289", "neverdiedico.mypets.ws", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:35", "1460290", "activity-majority.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:34", "1460271", "blog-s.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:34", "1460272", "plant-ever.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:34", "1460273", "additional-sunset.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:34", "1460274", "front-recommend.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:34", "1460275", "unthinkable.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:34", "1460276", "past-protected.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:34", "1460277", "markl.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:34", "1460278", "wrong-observations.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:34", "1460279", "xyxebet-37690.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:33", "1460262", "https://api.telegram.org/bot7375914494:AAFg7abzayPkXsZ-aOwL0bNzXG_Do7nWn34/sendMessage", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:33", "1460263", "discussion-temp.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:33", "1460264", "smfcs1.ydns.eu", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:33", "1460265", "win423.top", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:33", "1460266", "direct-accepting.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:33", "1460267", "even-angel.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:33", "1460268", "evenkry75-23751.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:33", "1460269", "love-illegal.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:33", "1460270", "sets-fatty.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:32", "1460259", "https://api.telegram.org/bot7552210369:AAGOe83VIQXWkppjzFCQkkZxhmaRRArf0EQ/sendMessage", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:32", "1460260", "https://api.telegram.org/bot7669111686:AAGwV2TJlmpc77uHxwagdTMFUZhwQj3RZD0/sendMessage", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:32", "1460261", "https://api.telegram.org/bot7555588489:AAHw7-a3svAwJ6LV5_fEyImOVVLFri7GJNU/sendMessage", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:30", "1460256", "176.65.134.178:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:30", "1460257", "164.92.194.184:8213", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:30", "1460258", "104.245.240.66:6661", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:29", "1460251", "45.137.70.108:6125", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:29", "1460252", "103.125.217.116:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:29", "1460253", "82.68.20.104:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:29", "1460254", "185.246.113.247:10788", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:29", "1460255", "139.224.164.225:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:28", "1460246", "139.59.240.97:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:28", "1460247", "104.245.240.66:6662", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:28", "1460248", "147.185.221.27:3368", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:28", "1460249", "82.68.20.104:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:28", "1460250", "69.197.174.136:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:27", "1460241", "195.88.218.126:3232", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:27", "1460242", "82.68.20.104:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:27", "1460243", "185.246.113.247:8088", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:27", "1460244", "147.185.221.27:5050", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:27", "1460245", "212.64.201.61:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:26", "1460235", "45.133.247.28:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:26", "1460236", "45.133.247.28:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:26", "1460237", "151.243.81.87:4400", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:26", "1460238", "147.185.221.27:12362", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:26", "1460239", "201.14.241.58:1120", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:26", "1460240", "164.92.194.184:2298", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:25", "1460232", "74.248.137.135:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:25", "1460233", "85.235.74.114:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:25", "1460234", "147.185.221.25:45714", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:24", "1460231", "194.105.5.199:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:23", "1460227", "levodsf.ddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:23", "1460228", "daansayajintj.ddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:23", "1460229", "blue-r.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:23", "1460230", "theochar.ddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:22", "1460216", "asdasdasdf-28668.portmap.host", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:22", "1460217", "47.113.229.136:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.113.229.136", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-03-28 16:00:22", "1460218", "oficioselemental.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:22", "1460219", "moahmed2002.mywire.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:22", "1460220", "hghdhsdbxcvb.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:22", "1460221", "ansy1303.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:22", "1460222", "windowsdrivers.accesscam.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:22", "1460223", "are-typing.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:22", "1460224", "sulumansorumsuz.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:22", "1460225", "goodsvibes.dynuddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:22", "1460226", "zeldr1s-44130.portmap.host", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:21", "1460207", "mooonskj.ddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:21", "1460208", "get-rick.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:21", "1460209", "envio20-03.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:21", "1460210", "medoohh22.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:21", "1460211", "family-advertisements.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:21", "1460212", "health-eddie.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:21", "1460213", "according-asks.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:21", "1460214", "microdns2025bk.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:21", "1460215", "ansy1703.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:20", "1460197", "mark009.kozow.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:20", "1460198", "specialw.is-found.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:20", "1460199", "trgfvc.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:20", "1460200", "medooo.ddnsgeek.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:20", "1460201", "newservice.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:20", "1460202", "agency-failure.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:20", "1460203", "skin-madness.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:20", "1460204", "m-blocking.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:20", "1460205", "sdjdnsajnc-61234.portmap.host", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:20", "1460206", "38.55.199.146:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/38.55.199.146", "AS139659,C2,censys,CobaltStrike,cs-watermark-987654321,LUCID-AS-AP", "0", "DonPasci" "2025-03-28 16:00:19", "1460194", "ramadan-kareem.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:19", "1460195", "purpleb.kozow.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:19", "1460196", "proposed-madagascar.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:18", "1460184", "fotisdouk-31684.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:18", "1460185", "movies-concerning.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:18", "1460186", "things-therapist.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:18", "1460187", "everything-records.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:18", "1460188", "dsadasdsw-35353.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:18", "1460189", "case-drag.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:18", "1460190", "pluhohio-58857.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:18", "1460191", "skidderonthewaytoskid243-26149.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:18", "1460192", "and-src.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:18", "1460193", "fall-alberta.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:17", "1460174", "manseurange-47473.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:17", "1460175", "weeks-ranger.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:17", "1460176", "armorrat.ddns.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:17", "1460177", "kerlndawg-31838.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:17", "1460178", "minecraft.frslink.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:17", "1460179", "marcellosdns.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:17", "1460180", "free.svipss.top", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:17", "1460181", "go-dramatically.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:17", "1460182", "lesillygoober-23934.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:17", "1460183", "thelightpower.info", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:16", "1460170", "5.178.111.227:1604", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:16", "1460171", "193.161.193.99:41287", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:16", "1460172", "213.209.150.112:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:16", "1460173", "185.246.113.135:1604", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:15", "1460161", "212.102.63.147:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:15", "1460162", "159.196.23.241:2021", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:15", "1460163", "77.79.6.57:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:15", "1460164", "212.56.35.232:101", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:15", "1460165", "172.221.202.55:2222", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:15", "1460166", "195.211.191.164:4783", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:15", "1460167", "137.184.183.22:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:15", "1460168", "216.38.7.246:1616", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:15", "1460169", "185.231.252.213:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:14", "1460158", "94.31.108.129:52427", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:14", "1460159", "147.185.221.26:12171", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:14", "1460160", "194.59.31.106:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:13", "1460155", "https://gcaliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:13", "1460156", "https://gbugildbett.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:13", "1460157", "https://8blastikcn.com/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:12", "1460152", "https://m2loadoutle.life/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:12", "1460153", "https://yfcaliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:12", "1460154", "https://0jowinjoinery.icu/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:11", "1460148", "https://0subawhipnator.life/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:11", "1460149", "https://6pistolpra.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:11", "1460150", "https://carmoryarch.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:11", "1460151", "https://zpistolpra.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:08", "1460146", "https://varmoryarch.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:08", "1460147", "https://iarmoryarch.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:07", "1460145", "https://ovbugildbett.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:06", "1460142", "https://0actiothreaz.com/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:06", "1460143", "https://lcaliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:06", "1460144", "https://m1targett.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:05", "1460138", "https://zselfdefens.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:05", "1460139", "https://7armoryarch.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:05", "1460140", "https://ulblackeblast.run/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:05", "1460141", "https://6armamenti.world/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:04", "1460136", "https://5kselfdefens.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:04", "1460137", "https://hazperjurke.world/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:03", "1460133", "https://karmoryarch.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:03", "1460134", "https://ekzfurrycomp.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:03", "1460135", "https://bpistolpra.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:01", "1460132", "https://bcaliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:00", "1460127", "https://yweaponrywo.digital/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:00", "1460128", "https://rcaliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:00", "1460129", "https://icrosshairc.life/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:00", "1460130", "https://eyertacric.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 16:00:00", "1460131", "https://bjowinjoinery.icu/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:59", "1460119", "https://qcaliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:59", "1460120", "https://dpausedcritiaca.fun/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:59", "1460121", "https://barmamenti.world/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:59", "1460122", "https://rloadoutle.life/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:59", "1460123", "https://pgunhandl.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:59", "1460124", "https://8blackeblast.run/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:59", "1460125", "https://r5caliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:59", "1460126", "https://jblackeblast.run/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:58", "1460112", "https://cityesca.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:58", "1460113", "https://bpenetratebatt.pw/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:58", "1460114", "https://xcaliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:58", "1460115", "https://gorangemyther.live/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:58", "1460116", "https://sloadoutle.life/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:58", "1460117", "https://ecaliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:58", "1460118", "https://4selfdefens.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:57", "1460107", "https://ocaliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:57", "1460108", "https://bfeatureccus.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:57", "1460109", "https://kblackeblast.run/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:57", "1460110", "https://egunhandl.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:57", "1460111", "https://qselfdefens.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:56", "1460103", "https://aarmoryarch.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:56", "1460104", "https://e8selfdefens.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:56", "1460105", "https://4weaponwo.life/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:56", "1460106", "https://cweaponwo.life/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:55", "1460096", "https://1shiningrstars.help/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:55", "1460097", "https://4blackeblast.run/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:55", "1460098", "https://wdeaddereaste.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:55", "1460099", "https://pcrosshairc.life/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:55", "1460100", "https://sehtardwarehu.icu/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:55", "1460101", "https://fselfdefens.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:55", "1460102", "https://52selfdefens.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:54", "1460089", "https://0legenassedk.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:54", "1460090", "https://3weaponwo.life/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:54", "1460091", "https://8loadoutle.life/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:54", "1460092", "https://dweaponwo.life/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:54", "1460093", "https://pcjlaspcorne.icu/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:54", "1460094", "https://4pistolpra.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:54", "1460095", "https://pdpistolpra.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:53", "1460083", "https://7voicesharped.com/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:53", "1460084", "https://apistolpra.bet/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:53", "1460085", "https://icaliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:53", "1460086", "https://alegenassedk.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:53", "1460087", "https://vdefaulemot.run/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:53", "1460088", "https://etargett.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:52", "1460080", "https://firearmsv.digital/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:52", "1460081", "https://zblackeblast.run/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 15:59:52", "1460082", "https://7caliberc.today/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "28March2025,iocbottest", "0", "Gi7w0rm" "2025-03-28 14:50:37", "1460072", "https://xzaxistechw.live/GOaOAp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8ad7d3398953f2badce1a7bc40900e18303f0e42f43c543355caead37aeaa930/", "lumma", "0", "abuse_ch" "2025-03-28 14:50:30", "1460071", "https://m9advennture.top/GKsiio", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/b4d67fe310716191996f65c78eff2594c23dd1bbb076ad22be9c3513179c78a6/", "lumma", "0", "abuse_ch" "2025-03-28 14:50:29", "1460070", "https://ftargett.top/dsANGt", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8ad7d3398953f2badce1a7bc40900e18303f0e42f43c543355caead37aeaa930/", "lumma", "0", "abuse_ch" "2025-03-28 14:50:27", "1460069", "https://eoreheatq.live/gsopp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/b4d67fe310716191996f65c78eff2594c23dd1bbb076ad22be9c3513179c78a6/", "lumma", "0", "abuse_ch" "2025-03-28 14:50:25", "1460068", "https://axistechw.live/GOaOAp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/b4d67fe310716191996f65c78eff2594c23dd1bbb076ad22be9c3513179c78a6/", "lumma", "0", "abuse_ch" "2025-03-28 14:45:43", "1460063", "https://woreheatq.live/gsopp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/a61d0524eb7a1749bb20253e78cc20f946506ec4804f18763042519a7b87c8d8/", "lumma", "0", "abuse_ch" "2025-03-28 14:45:41", "1460062", "https://tripperxe.live/LSLkao", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/6a4188c8517890210a357a427264d5f451f416150e2c9a772e5884709fcd1bdf/", "lumma", "0", "abuse_ch" "2025-03-28 14:45:32", "1460061", "https://ironproe.live/FLsapz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/a61d0524eb7a1749bb20253e78cc20f946506ec4804f18763042519a7b87c8d8/", "lumma", "0", "abuse_ch" "2025-03-28 14:45:28", "1460060", "https://aoreheatq.live/gsopp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/6a4188c8517890210a357a427264d5f451f416150e2c9a772e5884709fcd1bdf/", "lumma", "0", "abuse_ch" "2025-03-28 14:45:26", "1460059", "https://8smeltingt.run/giiaus", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/6b1d1a19c6c43e2a3fd4fd9ea74edf7f57b889ddf70d66ab8bb028af33f14bfa/", "lumma", "0", "abuse_ch" "2025-03-28 14:45:25", "1460058", "https://7usteelixr.live/aguiz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/a61d0524eb7a1749bb20253e78cc20f946506ec4804f18763042519a7b87c8d8/", "lumma", "0", "abuse_ch" "2025-03-28 14:40:26", "1460057", "https://wxayfarer.live/ALosnz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/6008a327c690c1e3108442c30d4e5fc1d2c4abea5b985144462f38b9406810b7/", "lumma", "0", "abuse_ch" "2025-03-28 14:40:25", "1460056", "https://triplooqp.world/APowko", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/0994eb7ee6f09c7f26b148f34e4a7edbc23059bba3f2e72f88ad6953c41f701c/", "lumma", "0", "abuse_ch" "2025-03-28 14:40:22", "1460055", "https://lunapixu.top/GzkJSIo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/0994eb7ee6f09c7f26b148f34e4a7edbc23059bba3f2e72f88ad6953c41f701c/", "lumma", "0", "abuse_ch" "2025-03-28 14:35:27", "1460053", "https://vtargett.top/dsANGt", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/0ed03a9e4d26f8555750ec5de6b806804ce6248bee30a9a118e7bfedaf2218ad/", "lumma", "0", "abuse_ch" "2025-03-28 14:35:27", "1460054", "https://weldorae.digital/geds", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/0ed03a9e4d26f8555750ec5de6b806804ce6248bee30a9a118e7bfedaf2218ad/", "lumma", "0", "abuse_ch" "2025-03-28 14:35:26", "1460051", "https://smeltingt.run/giiaus", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/0ed03a9e4d26f8555750ec5de6b806804ce6248bee30a9a118e7bfedaf2218ad/", "lumma", "0", "abuse_ch" "2025-03-28 14:35:26", "1460052", "https://steelixr.live/aguiz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/0ed03a9e4d26f8555750ec5de6b806804ce6248bee30a9a118e7bfedaf2218ad/", "lumma", "0", "abuse_ch" "2025-03-28 14:35:25", "1460049", "https://oreheatq.live/gsopp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/0ed03a9e4d26f8555750ec5de6b806804ce6248bee30a9a118e7bfedaf2218ad/", "lumma", "0", "abuse_ch" "2025-03-28 14:35:25", "1460050", "https://pwxayfarer.live/ALosnz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/0ed03a9e4d26f8555750ec5de6b806804ce6248bee30a9a118e7bfedaf2218ad/", "lumma", "0", "abuse_ch" "2025-03-28 14:35:24", "1460047", "https://castmaxw.run/ganzde", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/0ed03a9e4d26f8555750ec5de6b806804ce6248bee30a9a118e7bfedaf2218ad/", "lumma", "0", "abuse_ch" "2025-03-28 14:35:24", "1460048", "https://ferromny.digital/gwpd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/0ed03a9e4d26f8555750ec5de6b806804ce6248bee30a9a118e7bfedaf2218ad/", "lumma", "0", "abuse_ch" "2025-03-28 13:45:01", "1460038", "check.canez.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 13:44:58", "1460043", "46.203.233.30:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "c2,ssh,succubus", "0", "redrabytes" "2025-03-28 13:44:57", "1460044", "46.203.233.30:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "c2,ssh,succubus", "0", "redrabytes" "2025-03-28 13:44:57", "1460045", "check.ligaz.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 13:34:33", "1460046", "https://check.ligaz.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 12:53:38", "1460039", "https://check.canez.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 12:40:03", "1460037", "http://69.165.131.129:50689/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf" "2025-03-28 12:02:07", "1460036", "178.224.123.45:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/178.224.123.45", "AS50266,C2,censys,CobaltStrike,ODIDO,open-dir", "0", "DonPasci" "2025-03-28 12:01:51", "1460035", "mail.ora-0-web.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+mail.ora-0-web.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-28 12:01:50", "1460034", "cpcalendars.a.ora-0-web.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpcalendars.a.ora-0-web.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-28 12:01:24", "1460033", "78.128.112.209:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/78.128.112.209", "AS_4MEDIA,AS202325,C2,censys,Havoc", "0", "DonPasci" "2025-03-28 12:01:13", "1460032", "196.221.48.72:8081", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/196.221.48.72", "AS24835,C2,censys,Quasar,RAT,RAYA-AS", "0", "DonPasci" "2025-03-28 12:01:11", "1460031", "84.32.190.92:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/84.32.190.92", "AS59642,C2,censys,CHERRYSERVERS2-AS,Mythic", "0", "DonPasci" "2025-03-28 12:01:04", "1460030", "163.172.125.253:405", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/163.172.125.253", "AS12876,AsyncRAT,C2,censys,Online,RAT", "0", "DonPasci" "2025-03-28 12:00:59", "1460021", "check.tisof.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 12:00:40", "1460029", "47.117.146.230:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/47.117.146.230", "ALIBABA-CN-NET,AS37963,C2,censys,Sliver", "0", "DonPasci" "2025-03-28 12:00:37", "1460027", "193.142.146.35:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/193.142.146.35", "AS213438,C2,censys,COLOCATEL-INC,RAT,Remcos", "0", "DonPasci" "2025-03-28 12:00:37", "1460028", "ip251.ip-15-204-130.us", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/15.204.130.251+ip251.ip-15-204-130.us", "AS16276,C2,censys,OVH,RAT,Remcos", "0", "DonPasci" "2025-03-28 12:00:34", "1460026", "4.231.238.232:80", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/4.231.238.232", "AS8075,C2,censys,DarkComet,MICROSOFT-CORP-MSN-AS-BLOCK,RAT", "0", "DonPasci" "2025-03-28 12:00:25", "1460025", "42.51.44.204:8019", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/42.51.44.204", "AS56005,C2,censys,CobaltStrike,FASTIDC", "0", "DonPasci" "2025-03-28 12:00:22", "1460024", "43.138.54.95:8070", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.138.54.95", "AS45090,C2,censys,CobaltStrike,cs-watermark-1234567890,TENCENT-NET-AP", "0", "DonPasci" "2025-03-28 11:52:35", "1460023", "renxinguo.com", "domain", "botnet_cc", "win.doplugs", "None", "DOPLUGS", "", "100", "", "166.88.132.172", "0", "Rony" "2025-03-28 11:52:16", "1460022", "https://check.tisof.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 11:49:09", "1460014", "http://eirtjzo3i4ec.top/f22.svg", "url", "payload_delivery", "js.mints_loader", "None", "MintsLoader", "", "100", "", "mintsloader,TA582", "0", "Gusty_Dusty" "2025-03-28 11:49:09", "1460015", "http://naybvyzvemm.top/f22.svg", "url", "payload_delivery", "js.mints_loader", "None", "MintsLoader", "", "100", "", "mintsloader,TA582", "0", "Gusty_Dusty" "2025-03-28 11:49:08", "1460016", "check.mydiw.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 11:44:37", "1460019", "166.88.132.172:443", "ip:port", "botnet_cc", "win.doplugs", "None", "DOPLUGS", "", "100", "None", "DarkPeony,Operation ControlPlug", "0", "Rony" "2025-03-28 10:56:00", "1460017", "https://check.mydiw.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 10:43:16", "1460012", "naybvyzvemm.top", "domain", "payload_delivery", "js.mints_loader", "None", "MintsLoader", "", "100", "https://app.any.run/tasks/59ea6d08-0d78-46dc-879f-2585a28366d8", "mintsloader,TA582", "0", "Gusty_Dusty" "2025-03-28 10:43:16", "1460013", "gkbjkdfghilekfn.top", "domain", "payload_delivery", "js.mints_loader", "None", "MintsLoader", "", "100", "https://app.any.run/tasks/59ea6d08-0d78-46dc-879f-2585a28366d8", "mintsloader,TA582", "0", "Gusty_Dusty" "2025-03-28 10:41:48", "1460003", "check.wigiz.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 10:41:47", "1460005", "check.dolav.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 10:41:45", "1460010", "dgemmiailgjdlde.top", "domain", "payload_delivery", "js.mints_loader", "None", "MintsLoader", "", "100", "https://app.any.run/tasks/dac5843e-c0bd-42fc-80e9-a895e5d1c491", "mintsloader,TA582", "0", "Gusty_Dusty" "2025-03-28 10:41:45", "1460011", "eirtjzo3i4ec.top", "domain", "payload_delivery", "js.mints_loader", "None", "MintsLoader", "", "100", "https://app.any.run/tasks/dac5843e-c0bd-42fc-80e9-a895e5d1c491", "mintsloader,TA582", "0", "Gusty_Dusty" "2025-03-28 09:54:36", "1460006", "https://check.dolav.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 09:44:21", "1460004", "https://check.wigiz.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 09:36:32", "1459986", "check.zywig.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 09:36:32", "1459998", "check.peqah.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 09:15:00", "1460001", "arthurshelby.click", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.elastic.co/security-labs/the-shelby-strategy", "c2,REF8685,ShelbyC2,TA452", "0", "juroots" "2025-03-28 09:15:00", "1460002", "speed-test.click", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.elastic.co/security-labs/the-shelby-strategy", "c2,REF8685,ShelbyC2,TA452", "0", "juroots" "2025-03-28 08:58:18", "1460000", "https://check.peqah.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 08:56:01", "1459999", "38.114.103.150:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-03-28 08:49:57", "1459997", "37.56.106.1:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-03-28 08:49:53", "1459996", "35.93.209.149:4840", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "75", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2025-03-28 08:49:15", "1459995", "217.61.60.69:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "75", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2025-03-28 08:48:08", "1459994", "195.158.82.221:8081", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "75", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2025-03-28 08:32:23", "1459993", "154.204.35.215:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-03-28 08:32:08", "1459991", "27.106.116.66:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2025-03-28 08:32:08", "1459992", "105.158.175.70:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-03-28 08:32:07", "1459990", "198.12.121.86:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-03-28 08:32:05", "1459989", "159.138.34.52:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-03-28 08:32:04", "1459988", "122.51.162.169:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-03-28 08:07:08", "1459987", "https://check.zywig.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 08:01:47", "1459985", "cpanel.c.multi-canale.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+cpanel.c.multi-canale.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-28 08:01:46", "1459984", "webmail.gfjd.104-168-101-27.cprapid.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+webmail.gfjd.104-168-101-27.cprapid.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-28 08:01:31", "1459982", "43.200.254.212:13384", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/43.200.254.212", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-03-28 08:01:31", "1459983", "54.82.229.132:1098", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/54.82.229.132", "AMAZON-AES,AS14618,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-03-28 08:01:25", "1459981", "vds2309970.my-ihor.ru", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/45.89.66.107+vds2309970.my-ihor.ru", "AS35196,C2,censys,Havoc,IH-TRANSIT-AS", "0", "DonPasci" "2025-03-28 08:01:24", "1459979", "3.36.95.115:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/3.36.95.115", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-03-28 08:01:24", "1459980", "146.70.113.133:40090", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/146.70.113.133", "AS9009,C2,censys,Havoc,M247", "0", "DonPasci" "2025-03-28 08:01:15", "1459977", "196.251.72.201:7007", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/196.251.72.201", "AS401115,C2,censys,EKABI,Quasar,RAT", "0", "DonPasci" "2025-03-28 08:01:15", "1459978", "79.32.224.230:8484", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/79.32.224.230", "AS3269,ASN-IBSNAZ,C2,censys,Quasar,RAT", "0", "DonPasci" "2025-03-28 08:01:14", "1459975", "212.67.17.157:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/212.67.17.157", "AS56694,C2,censys,Hookbot,SMARTAPE", "0", "DonPasci" "2025-03-28 08:01:14", "1459976", "161.97.187.28:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/161.97.187.28", "AS51167,C2,censys,CONTABO,Hookbot", "0", "DonPasci" "2025-03-28 08:01:09", "1459974", "185.7.214.25:15747", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/185.7.214.25", "AS207566,C2,censys,LD007-AS,RAT,Sectop", "0", "DonPasci" "2025-03-28 08:01:08", "1459972", "196.251.72.213:5555", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.72.213", "AS401115,AsyncRAT,C2,censys,EKABI,RAT", "0", "DonPasci" "2025-03-28 08:01:08", "1459973", "196.251.72.213:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.72.213", "AS401115,AsyncRAT,C2,censys,EKABI,RAT", "0", "DonPasci" "2025-03-28 08:01:07", "1459970", "128.90.113.185:2000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/128.90.113.185", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-03-28 08:01:07", "1459971", "196.251.72.213:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.72.213", "AS401115,AsyncRAT,C2,censys,EKABI,RAT", "0", "DonPasci" "2025-03-28 08:01:06", "1459969", "103.201.24.165:41205", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.201.24.165", "AS133115,C2,censys,HKKFGL-AS-AP,Supershell", "0", "DonPasci" "2025-03-28 08:01:04", "1459968", "158.247.192.122:443", "ip:port", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "", "90", "https://search.censys.io/hosts/158.247.192.122", "AS-VULTR,AS20473,C2,censys,RAT,ShadowPad", "0", "DonPasci" "2025-03-28 08:00:37", "1459965", "160.30.192.52:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/160.30.192.52", "AS150862,C2,censys,MAYTINHVPSTTT-VN,RAT,Remcos", "0", "DonPasci" "2025-03-28 08:00:37", "1459966", "173.225.102.145:8172", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/173.225.102.145", "AS19318,C2,censys,IS-AS-1,RAT,Remcos", "0", "DonPasci" "2025-03-28 08:00:37", "1459967", "173.214.166.105:5525", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/173.214.166.105", "AS19318,C2,censys,IS-AS-1,RAT,Remcos", "0", "DonPasci" "2025-03-28 08:00:24", "1459964", "154.12.47.131:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/154.12.47.131", "AS979,C2,censys,CobaltStrike,cs-watermark-426352781,NETLAB-SDN", "0", "DonPasci" "2025-03-28 08:00:20", "1459963", "8.134.98.235:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.134.98.235", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-03-28 08:00:19", "1459962", "113.46.145.222:83", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/113.46.145.222", "AS55990,C2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2025-03-28 07:56:13", "1459961", "re.ap.4t.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-03-28 07:55:59", "1459960", "https://re.ap.4t.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-03-28 07:49:21", "1459955", "check.wypyq.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 06:34:58", "1459956", "https://check.wypyq.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 06:27:10", "1459953", "galactad.world", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-03-28 06:27:10", "1459954", "saturnoy.life", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-03-28 06:26:18", "1459952", "fjs95.shop", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "50", "", "zphp", "0", "juroots" "2025-03-28 06:26:06", "1459950", "lkcharles.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "50", "", "landupdate808", "0", "juroots" "2025-03-28 06:26:06", "1459951", "iplantit.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "50", "", "landupdate808", "0", "juroots" "2025-03-28 06:25:24", "1459948", "its-jam.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-28 06:25:24", "1459949", "via-driving.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-03-28 06:25:05", "1459947", "punanemarps-61910.portmap.host", "domain", "botnet_cc", "win.xenorat", "None", "XenoRAT", "", "50", "", "c2,xenorat", "0", "juroots" "2025-03-28 06:24:51", "1459946", "esteesnuevo2025.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-03-28 06:24:36", "1459945", "longvusro.com", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-03-28 06:24:22", "1459935", "www.s-slay-slay.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:22", "1459936", "www.s-sugardumplinkids.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:22", "1459937", "www.t38asc.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:22", "1459938", "www.terpsofcjzcf.life", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:22", "1459939", "www.tylescanner.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:22", "1459940", "www.uadapack.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:22", "1459941", "www.uyer.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:22", "1459942", "www.xoticgirldrip.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:22", "1459943", "www.xpr.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:22", "1459944", "www.ykerconfg.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459916", "www.impiezasvalladolid.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459917", "www.inidnarenartp.autos", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459918", "www.jxhttlgbx.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459919", "www.nlockpremiumquotemail.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459920", "www.novifo.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459921", "www.ntalyaescortking.site", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459922", "www.nxivki.digital", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459923", "www.odhipoteke.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459924", "www.om-dt02.cyou", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459925", "www.ona88.skin", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459926", "www.ookinghealth.online", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459927", "www.oranrbenedek.store", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459928", "www.pilirplink.fun", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459929", "www.pmgo.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459930", "www.provados.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459931", "www.qynja.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459932", "www.reteon.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459933", "www.rojectdigitalkn.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:21", "1459934", "www.romanagementpro.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459897", "www.edeliva.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459898", "www.eetfyxerworks.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459899", "www.emoeuro.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459900", "www.enbou-memberpage.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459901", "www.enerator-bcq.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459902", "www.enjandbeth.site", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459903", "www.eometricdesigns.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459904", "www.ersinfiltro.store", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459905", "www.fwsafuyfwq-fwqhufwqhfw.icu", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459906", "www.grexiuy.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459907", "www.gsfxqt.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459908", "www.h0onueu.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459909", "www.hared-office-4198379.zone", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459910", "www.heseareafew.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459911", "www.hn6.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459912", "www.hot.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459913", "www.ibnllc.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459914", "www.igua.one", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:20", "1459915", "www.ilezjan.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459882", "www.001.app", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459883", "www.13b.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459884", "www.18y6s10s.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459885", "www.2livegames.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459886", "www.64784p6.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459887", "www.64gy.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459888", "www.ackomania.website", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459889", "www.adnames.art", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459890", "www.atch-making.fun", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459891", "www.athryncarter.art", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459892", "www.aulinien.studio", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459893", "www.axfcw.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459894", "www.aytolljqp.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459895", "www.ckdv.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:19", "1459896", "www.ealfyxerlink.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:08", "1459874", "http://www.t38asc.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:08", "1459875", "http://www.terpsofcjzcf.life/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:08", "1459876", "http://www.tylescanner.vip/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:08", "1459877", "http://www.uadapack.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:08", "1459878", "http://www.uyer.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:08", "1459879", "http://www.xoticgirldrip.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:08", "1459880", "http://www.xpr.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:08", "1459881", "http://www.ykerconfg.info/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:07", "1459864", "http://www.pilirplink.fun/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:07", "1459865", "http://www.pmgo.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:07", "1459866", "http://www.provados.shop/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:07", "1459867", "http://www.qynja.top/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:07", "1459868", "http://www.reteon.xyz/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:07", "1459869", "http://www.rojectdigitalkn.info/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:07", "1459870", "http://www.romanagementpro.pro/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:07", "1459871", "http://www.s-slay-slay.shop/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:07", "1459872", "http://www.s-sugardumplinkids.shop/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:07", "1459873", "http://www.s94ngz.pro/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:06", "1459854", "http://www.jxhttlgbx.xyz/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:06", "1459855", "http://www.nlockpremiumquotemail.xyz/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:06", "1459856", "http://www.novifo.top/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:06", "1459857", "http://www.ntalyaescortking.site/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:06", "1459858", "http://www.nxivki.digital/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:06", "1459859", "http://www.odhipoteke.online/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:06", "1459860", "http://www.om-dt02.cyou/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:06", "1459861", "http://www.ona88.skin/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:06", "1459862", "http://www.ookinghealth.online/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:06", "1459863", "http://www.oranrbenedek.store/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:05", "1459844", "http://www.h0onueu.top/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:05", "1459845", "http://www.hared-office-4198379.zone/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:05", "1459846", "http://www.heseareafew.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:05", "1459847", "http://www.hn6.vip/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:05", "1459848", "http://www.hot.pro/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:05", "1459849", "http://www.ibnllc.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:05", "1459850", "http://www.igua.one/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:05", "1459851", "http://www.ilezjan.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:05", "1459852", "http://www.impiezasvalladolid.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:05", "1459853", "http://www.inidnarenartp.autos/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:04", "1459835", "http://www.emoeuro.xyz/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:04", "1459836", "http://www.enbou-memberpage.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:04", "1459837", "http://www.enerator-bcq.xyz/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:04", "1459838", "http://www.enjandbeth.site/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:04", "1459839", "http://www.eometricdesigns.shop/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:04", "1459840", "http://www.ersinfiltro.store/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:04", "1459841", "http://www.fwsafuyfwq-fwqhufwqhfw.icu/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:04", "1459842", "http://www.grexiuy.xyz/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:04", "1459843", "http://www.gsfxqt.top/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:03", "1459825", "http://www.adnames.art/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:03", "1459826", "http://www.atch-making.fun/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:03", "1459827", "http://www.athryncarter.art/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:03", "1459828", "http://www.aulinien.studio/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:03", "1459829", "http://www.axfcw.top/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:03", "1459830", "http://www.aytolljqp.vip/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:03", "1459831", "http://www.ckdv.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:03", "1459832", "http://www.ealfyxerlink.info/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:03", "1459833", "http://www.edeliva.net/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:03", "1459834", "http://www.eetfyxerworks.info/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:02", "1459821", "http://www.2livegames.live/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:02", "1459822", "http://www.64784p6.top/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:02", "1459823", "http://www.64gy.top/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:02", "1459824", "http://www.ackomania.website/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:01", "1459818", "http://www.001.app/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:01", "1459819", "http://www.13b.xyz/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:24:01", "1459820", "http://www.18y6s10s.top/ts49/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-03-28 06:23:16", "1459815", "asasac313v.work.gd", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-03-28 06:23:16", "1459816", "born-me.gl.at.ply.gg", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-03-28 06:23:16", "1459817", "wednesday-classified.gl.at.ply.gg", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-03-28 06:22:53", "1459812", "26.68.29.70:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-03-28 06:22:53", "1459813", "26.68.29.70:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-03-28 06:22:53", "1459814", "26.68.29.70:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-03-28 06:22:33", "1459811", "roxtroxshop.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-03-28 06:22:13", "1459810", "https://www.rwsfixadores.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0195db6a-5477-7000-b295-9a104482a37a", "fakecaptcha,urlscan", "0", "juroots" "2025-03-28 06:22:12", "1459654", "idguestres72346.click", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:12", "1459809", "https://www.bilaxy-exchange-login.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0195db6a-4d8a-7000-9923-418761debe6f", "fakecaptcha,urlscan", "0", "juroots" "2025-03-28 06:22:11", "1459655", "idguestres72346.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:11", "1459656", "idguestres72346.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:11", "1459808", "https://berachain-community.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0195db6a-4af0-7000-a266-f500c68951e9", "fakecaptcha,urlscan", "0", "juroots" "2025-03-28 06:22:10", "1459657", "idguestres72346.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:10", "1459658", "idguestreserva12462.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:09", "1459659", "idguestreserva12462.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:09", "1459660", "idguestreserva12462.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:08", "1459661", "idguestreserva12462.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:08", "1459662", "idguestreserva12462.shop", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:07", "1459663", "idguestreserva995231.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:06", "1459664", "idguestreservation634812.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:06", "1459665", "idguset64325643.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:04", "1459666", "idhuman-49865967.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:03", "1459667", "idres123.click", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:03", "1459668", "idres123.live", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:03", "1459669", "idres123.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:02", "1459670", "idreserv7323.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:02", "1459671", "idreserv7323.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:01", "1459672", "idreservaguest1.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:22:01", "1459673", "idreservaguest52341.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:58", "1459674", "idreservaguset124634.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:58", "1459675", "idreserverationguest967234.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:58", "1459677", "idverefication1.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:57", "1459676", "idreserverationguest967234.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:56", "1459678", "idvereficaton3.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:56", "1459679", "imhuman-49129293.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:56", "1459680", "imhuman-97421521.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:55", "1459681", "important-confiirm.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:55", "1459682", "important-confirmation.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:54", "1459683", "inhuman-274718381.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:54", "1459684", "inhuman-38382850.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:53", "1459685", "issueguesrfd.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:52", "1459686", "issueguest423239.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:51", "1459687", "other-errorreserw.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:51", "1459688", "payment-comfirmation.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:50", "1459689", "policy-consume.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:47", "1459690", "policy-consumer.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:47", "1459691", "reportingreserv512658.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:46", "1459692", "reservagusetid645234.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:46", "1459693", "reservagusetid645234.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:46", "1459694", "reservagusetid645234.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:45", "1459695", "reservagusetid645234.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:45", "1459696", "reserveratinguestid662233.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:44", "1459697", "reserveratinguestid662233.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:44", "1459698", "reserveratinguestid662233.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:44", "1459699", "reserveratinguestid662233.shop", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:43", "1459700", "review4167-boking.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:43", "1459701", "review7289.info", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:42", "1459702", "reviews-57391.info", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:42", "1459703", "userguestid18956.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:41", "1459704", "userguestid28956.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:41", "1459705", "userguestid38956.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:40", "1459706", "vereficatin6124.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:40", "1459707", "vereficatin6124.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:39", "1459708", "vereficatin6124.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:39", "1459709", "verefication731346.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:37", "1459747", "23.254.226.59:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/23.254.226.59", "AS54290,censys,GoPhish,HOSTWINDS,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:37", "1459748", "3.110.175.188:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.110.175.188", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:36", "1459749", "51.91.98.68:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/51.91.98.68", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:36", "1459750", "1.234.53.84:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/1.234.53.84", "AS9318,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:35", "1459751", "175.178.210.153:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/175.178.210.153", "AS45090,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:34", "1459752", "217.77.10.47:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/217.77.10.47", "AS40021,censys,GoPhish,NL-811-40021,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:34", "1459753", "57.152.53.24:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/57.152.53.24", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:34", "1459755", "159.65.128.101:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/159.65.128.101", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:33", "1459754", "57.128.224.32:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/57.128.224.32", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:31", "1459756", "23.254.227.248:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/23.254.227.248", "AS54290,censys,GoPhish,HOSTWINDS,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:31", "1459757", "80.147.22.137:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/80.147.22.137", "AS3320,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:30", "1459758", "188.166.167.90:1724", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/188.166.167.90", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:30", "1459759", "3.96.52.62:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.96.52.62", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:29", "1459760", "213.209.129.104:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/213.209.129.104", "AS214943,censys,GoPhish,Phishing,RAILNET", "0", "dyingbreeds_" "2025-03-28 06:21:29", "1459761", "34.72.13.80:10443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.72.13.80", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:29", "1459762", "161.35.141.82:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.35.141.82", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:28", "1459763", "103.127.136.86:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.127.136.86", "AS133800,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:28", "1459764", "52.237.129.18:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.237.129.18", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:27", "1459765", "15.207.72.211:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/15.207.72.211", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:27", "1459766", "38.137.234.19:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/38.137.234.19", "AS263767,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:27", "1459767", "34.148.215.191:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.148.215.191", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:26", "1459768", "45.162.207.20:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.162.207.20", "AS267692,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:26", "1459769", "54.196.225.206:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.196.225.206", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:25", "1459770", "155.138.214.214:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/155.138.214.214", "AS-VULTR,AS20473,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:24", "1459771", "13.51.121.129:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.51.121.129", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:24", "1459772", "103.150.93.29:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.150.93.29", "AS133800,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:24", "1459773", "184.82.96.109:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/184.82.96.109", "AS133481,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-03-28 06:21:23", "1459775", "check.bybur.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 06:21:13", "1459746", "38.60.253.53:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/38.60.253.53", "AS138915,censys,Viper", "0", "dyingbreeds_" "2025-03-28 06:21:12", "1459744", "18.188.74.173:5000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.188.74.173", "AMAZON-02,AS16509,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-03-28 06:21:12", "1459745", "38.55.194.229:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/38.55.194.229", "AS139659,censys,Viper", "0", "dyingbreeds_" "2025-03-28 06:21:10", "1459741", "113.44.139.241:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/113.44.139.241", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-03-28 06:21:10", "1459742", "172.200.208.236:80", "ip:port", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "100", "https://search.censys.io/hosts/172.200.208.236", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "dyingbreeds_" "2025-03-28 06:21:10", "1459743", "141.98.11.95:5000", "ip:port", "botnet_cc", "win.ares", "None", "Ares", "", "90", "https://search.censys.io/hosts/141.98.11.95", "AS209605,C2,censys,HOSTBALTIC,RAT", "0", "dyingbreeds_" "2025-03-28 06:21:09", "1459739", "www.amanigroup.co.in", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/68.183.93.106+www.amanigroup.co.in", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2025-03-28 06:21:09", "1459740", "pendlipilupu.in", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/68.183.93.106+pendlipilupu.in", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2025-03-28 06:21:08", "1459737", "http://fixtool.cc/testtest", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://x.com/ilikemalware71/status/1905471589665403206", "exe,rat,stealer", "0", "iLikeMalware" "2025-03-28 06:21:08", "1459738", "doc.amazehome.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.93.28.103+doc.amazehome.xyz", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-03-28 06:21:06", "1459710", "verefication731346.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:21:05", "1459711", "verefication731346.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 06:20:51", "1459807", "http://43.224.227.246/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/0195db69-10bd-7003-8c2e-73b26a7271db", "c2,hookbot,urlscan", "0", "juroots" "2025-03-28 06:20:46", "1459507", "https://ypp-update.com", "url", "payload_delivery", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "ClickFix,FakeCaptcha,Rhadamanthys", "0", "RacWatchin8872" "2025-03-28 06:20:46", "1459508", "https://ypp-studio.com", "url", "payload_delivery", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "ClickFix,FakeCaptcha,Rhadamanthys", "0", "RacWatchin8872" "2025-03-28 06:20:45", "1459509", "btcpayserver.io", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,FakeCaptcha", "0", "RacWatchin8872" "2025-03-28 06:20:45", "1459510", "payserver.pages.dev", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,FakeCaptcha", "0", "RacWatchin8872" "2025-03-28 06:20:44", "1459511", "198.98.51.68:1302", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2025-03-28 06:20:43", "1459512", "46.203.233.30:9931", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2025-03-28 06:20:43", "1459535", "check.femar.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 06:20:40", "1459462", "cryptixex.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-03-28 06:20:40", "1459463", "check.nawym.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 06:20:40", "1459476", "check.hequf.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 06:20:40", "1459482", "check.pipyq.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 06:20:39", "1459484", "check.tyzof.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 06:20:39", "1459486", "check.cofat.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-28 06:20:23", "1459806", "13.247.61.214:902", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/13.247.61.214#902", "c2,netbus,shodan", "0", "juroots" "2025-03-28 06:20:08", "1459805", "77.83.198.35:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/77.83.198.35#80", "c2,shodan,spicerat", "0", "juroots" "2025-03-28 06:19:52", "1459804", "52.34.205.214:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://www.shodan.io/host/52.34.205.214#443", "c2,havoc,shodan", "0", "juroots" "2025-03-28 06:19:42", "1459803", "3.26.57.58:15", "ip:port", "botnet_cc", "win.blackshades", "None", "BlackShades", "", "50", "https://www.shodan.io/host/3.26.57.58#15", "blackshades,c2,shodan", "0", "juroots" "2025-03-28 06:19:18", "1459802", "149.210.40.144:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "50", "https://www.shodan.io/host/149.210.40.144#443", "c2,gh0st,shodan", "0", "juroots" "2025-03-28 06:19:04", "1459801", "41.109.246.219:1177", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "https://www.shodan.io/host/41.109.246.219#1177", "c2,njrat,shodan", "0", "juroots" "2025-03-28 06:18:49", "1459800", "84.46.239.239:5986", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/84.46.239.239#5986", "bruteratel,c2,shodan", "0", "juroots" "2025-03-28 06:18:32", "1459798", "158.247.199.105:80", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "https://www.shodan.io/host/158.247.199.105#80", "c2,kimsuky,shodan", "0", "juroots" "2025-03-28 06:18:32", "1459799", "158.247.242.169:80", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "https://www.shodan.io/host/158.247.242.169#80", "c2,kimsuky,shodan", "0", "juroots" "2025-03-28 06:17:55", "1459796", "159.203.148.17:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/159.203.148.17#31337", "c2,shodan,sliver", "0", "juroots" "2025-03-28 06:17:55", "1459797", "196.251.72.233:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/196.251.72.233#31337", "c2,shodan,sliver", "0", "juroots" "2025-03-28 06:17:35", "1459794", "91.228.113.199:9031", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/91.228.113.199#9031", "c2,netsupport,shodan", "0", "juroots" "2025-03-28 06:17:35", "1459795", "24.112.49.153:5150", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/24.112.49.153#5150", "c2,netsupport,shodan", "0", "juroots" "2025-03-28 06:17:34", "1459793", "13.56.159.44:5858", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/13.56.159.44#5858", "c2,netsupport,shodan", "0", "juroots" "2025-03-28 06:17:16", "1459792", "85.217.170.214:7777", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/85.217.170.214#7777", "asyncrat,c2,shodan", "0", "juroots" "2025-03-28 06:17:15", "1459790", "157.20.182.31:7777", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/157.20.182.31#7777", "asyncrat,c2,shodan", "0", "juroots" "2025-03-28 06:17:15", "1459791", "72.167.40.98:7777", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/72.167.40.98#7777", "asyncrat,c2,shodan", "0", "juroots" "2025-03-28 06:16:58", "1459788", "45.32.36.91:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/45.32.36.91#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-28 06:16:58", "1459789", "198.12.73.140:22001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/198.12.73.140#22001", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-28 06:16:57", "1459785", "45.157.148.200:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/45.157.148.200#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-28 06:16:57", "1459786", "42.186.17.183:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/42.186.17.183#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-28 06:16:57", "1459787", "47.121.138.97:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.121.138.97#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-28 06:16:56", "1459784", "45.157.148.200:4499", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/45.157.148.200#4499", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-28 06:16:55", "1459783", "62.234.27.146:3307", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/62.234.27.146#3307", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-28 06:16:37", "1459782", "8.152.194.88:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/8.152.194.88#8443", "c2,cobaltstrike,cs-watermark-100000,shodan", "0", "juroots" "2025-03-28 06:16:36", "1459781", "42.51.44.204:8488", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/42.51.44.204#8488", "c2,cobaltstrike,cs-watermark-100000,shodan", "0", "juroots" "2025-03-28 06:15:59", "1459780", "148.66.2.198:8083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/148.66.2.198#8083", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-03-28 06:15:58", "1459779", "148.66.2.195:8083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/148.66.2.195#8083", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-03-28 06:15:57", "1459778", "148.66.2.194:8083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/148.66.2.194#8083", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-03-28 06:15:56", "1459777", "113.45.7.54:3141", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/113.45.7.54#3141", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-03-28 05:48:26", "1459776", "https://check.bybur.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 05:40:23", "1459774", "196.251.86.105:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/2edffaa16ba62436a4744e31d76dfaba8748534e4d6c752ca5b11949c25a4a7a/", "remcos", "0", "abuse_ch" "2025-03-28 04:01:42", "1459736", "autodiscover.eversioneweb.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+autodiscover.eversioneweb.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-28 04:01:28", "1459735", "38.180.188.172:8080", "ip:port", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "100", "https://search.censys.io/hosts/38.180.188.172", "AS9009,C2,censys,Ermac,M247,panel", "0", "DonPasci" "2025-03-28 04:01:25", "1459733", "146.70.49.42:8080", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/146.70.49.42", "AS9009,C2,censys,DcRAT,M247,RAT", "0", "DonPasci" "2025-03-28 04:01:25", "1459734", "18.138.230.180:41964", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.138.230.180", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-03-28 04:01:11", "1459731", "172.105.74.13:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/172.105.74.13", "AKAMAI-LINODE-AP,AS63949,C2,censys,Hookbot", "0", "DonPasci" "2025-03-28 04:01:11", "1459732", "176.65.138.82:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/176.65.138.82", "AS215462,BUGGZ-HOSTING,C2,censys,Hookbot", "0", "DonPasci" "2025-03-28 04:01:05", "1459728", "128.90.113.185:4000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/128.90.113.185", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-03-28 04:01:05", "1459729", "128.90.113.185:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/128.90.113.185", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-03-28 04:01:05", "1459730", "78.171.42.106:2003", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/78.171.42.106", "AS9121,AsyncRAT,C2,censys,RAT,TTNET", "0", "DonPasci" "2025-03-28 04:01:04", "1459726", "115.79.198.51:6000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/115.79.198.51", "AS7552,AsyncRAT,C2,censys,RAT,VIETEL-AS-AP", "0", "DonPasci" "2025-03-28 04:01:04", "1459727", "45.88.186.85:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/45.88.186.85", "AS23470,AsyncRAT,C2,censys,RAT,RELIABLESITE", "0", "DonPasci" "2025-03-28 04:01:03", "1459725", "94.158.247.5:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/94.158.247.5", "AS39798,C2,censys,MIVOCLOUD,Supershell", "0", "DonPasci" "2025-03-28 04:00:36", "1459723", "80.76.49.131:5900", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/80.76.49.131", "AS399486,C2,censys,RAT,Remcos,VIRTUO", "0", "DonPasci" "2025-03-28 04:00:36", "1459724", "68.168.223.108:30330", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/68.168.223.108", "AS19318,C2,censys,IS-AS-1,RAT,Remcos", "0", "DonPasci" "2025-03-28 04:00:35", "1459721", "176.65.141.138:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/176.65.141.138", "AS215240,C2,censys,NETRESEARCH,RAT,Remcos", "0", "DonPasci" "2025-03-28 04:00:35", "1459722", "193.142.146.70:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/193.142.146.70", "AS213438,C2,censys,COLOCATEL-INC,RAT,Remcos", "0", "DonPasci" "2025-03-28 04:00:34", "1459720", "185.244.29.219:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/185.244.29.219", "AS214366,C2,censys,PRIVACYFIRST,RAT,Remcos", "0", "DonPasci" "2025-03-28 04:00:22", "1459719", "47.104.246.77:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.104.246.77", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-426352781", "0", "DonPasci" "2025-03-28 04:00:20", "1459718", "205.198.65.161:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/205.198.65.161", "AS138997,C2,censys,CobaltStrike,cs-watermark-666666666,EDCL-AS-AP", "0", "DonPasci" "2025-03-28 03:35:22", "1459717", "176.65.142.14:6060", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/2f423571a318924318504db10008bc4cc48afd550c59caf89b40a04c94a890f7/", "remcos", "0", "abuse_ch" "2025-03-28 02:54:10", "1459712", "140.143.249.143:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-28 01:19:10", "1459651", "idguestres1.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:10", "1459652", "idguestres3.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:10", "1459653", "idguestres72346.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459623", "guestid734523.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459624", "guestid734523.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459625", "guestid734523.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459626", "guestid734523.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459627", "guestid734523.shop", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459628", "iamhuman-2394991.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459629", "id-120199821.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459630", "id-reservation.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459631", "id3315.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459632", "id5512.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459633", "id723467.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459634", "idbookingreserva1123.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459635", "idcomlreserva3527.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459636", "idcomplaint1.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459637", "idcomplaint2.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459638", "idcomplaint3.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459639", "idcomplaint4.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459640", "idguest2.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459641", "idguest44215.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459642", "idguest44215.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459643", "idguest44215.shop", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459644", "idguest5647352.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459645", "idguest7325.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459646", "idguest99366623.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459647", "idguest99366623.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459648", "idguest99366623.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459649", "idguestbooking623tsd.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:09", "1459650", "idguestbooking623tsd.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459594", "complaints99831.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459595", "complaints99831.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459596", "complaintsidguest1.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459597", "complaintsidguest3.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459598", "complaintsidguest4.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459599", "compliteguest5215.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459600", "compliteguest5215.live", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459601", "compliteguest5215.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459602", "compliteguest5215.shop", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459603", "compliteguest5215.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459604", "compliteguestid2.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459605", "compliteguestid3.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459606", "complte62346743.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459607", "complte62346743.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459608", "confirmation-reserv.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459609", "consume-policy.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459610", "consumer-policy.info", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459611", "darwinstownhouse5335.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459612", "dlmparis623.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459613", "feedbackguest48594821.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459614", "guestcomplaint1.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459615", "guestcomplaint2.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459616", "guesterrorid612353.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459617", "guestid3329912.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459618", "guestid3329912.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459619", "guestid3329912.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459620", "guestid3329912.shop", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459621", "guestid73436.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:08", "1459622", "guestid73436.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459565", "book-lang-adm-de.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459566", "book-lang-adm-eng.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459567", "booking-accept-reserv-en.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459568", "booking-assistance-march9931.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459569", "booking-captcha-109583941.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459570", "booking-captcha-88392064.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459571", "booking-human-captha.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459572", "booking-human-verify47898935.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459573", "booking-human-verify8593890532.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459574", "booking-sup-march4154.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459575", "booking-supports.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459576", "booking.complaints99831.shop", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459577", "booking.id-1888213.info", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459578", "booking.reservations-id.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459579", "booking.sales-id-4021.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459580", "check-errorguestis.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459581", "com-id39199.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459582", "com-review2815.info", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459583", "comlpt7721.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459584", "comlpt7721.cyou", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459585", "comlpt7721.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459586", "complaint.digital", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459587", "complaintguest3.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459588", "complaintguest5.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459589", "complaintidguest1.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459590", "complaintreservaid1.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459591", "complaintreservaid2.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459592", "complaintreservaid3.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:07", "1459593", "complaints99831.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:06", "1459561", "1xbookidient-4981.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:06", "1459562", "allseasonsinn5235.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:06", "1459563", "attendesvstrms952.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:19:06", "1459564", "bedingfeldarms634.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "ClickFix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:23", "1459558", "compliteguest5215.top", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:23", "1459559", "idreserverationguest72353456.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:23", "1459560", "idreserverationguest72353456.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459537", "consumer-policy.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459538", "guesterror23125.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459539", "idguestres72346.shop", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459540", "imhuman-0491921.world", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459541", "complaintsidguest2.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459542", "idreservguest2622748.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459543", "error-reserwisgusta.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459544", "reservation-id.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459545", "booking-human-verify9658843.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459546", "guestid3329912.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459547", "idguest44215.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459548", "reserveratinid991.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459549", "complaintreservaid4.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459550", "idguest99366623.sbs", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459551", "idreserverationguest72353456.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459552", "idguest44215.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459553", "guestcomplaint3.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459554", "guestid73436.cfd", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459555", "reserveratinguestid662233.icu", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459556", "booking-captcha-54367.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 01:02:22", "1459557", "complaintguest2.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "booking.com,Clickfix,FakeCaptcha", "0", "DaveLikesMalwre" "2025-03-28 00:46:45", "1459536", "https://check.femar.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-28 00:01:55", "1459534", "195.82.147.21:19000", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/195.82.147.21", "AS203834,C2,censys,DEDBROPRO-AS,rhadamanthys,stealer", "0", "DonPasci" "2025-03-28 00:01:40", "1459533", "94.154.34.47:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/94.154.34.47", "AS210538,C2,censys,Gafgyt,KEYUBU,open-dir", "0", "DonPasci" "2025-03-28 00:01:35", "1459532", "167.88.164.138:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/167.88.164.138", "AS14956,censys,EvilGoPhish,panel,Phishing,ROUTERHOSTING", "0", "DonPasci" "2025-03-28 00:01:34", "1459531", "34.58.136.79:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "", "100", "https://search.censys.io/hosts/34.58.136.79", "AS396982,censys,Chaos,GOOGLE-CLOUD-PLATFORM,panel", "0", "DonPasci" "2025-03-28 00:01:33", "1459530", "20.83.181.241:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/20.83.181.241", "AS8075,censys,EvilGinx,MICROSOFT-CORP-MSN-AS-BLOCK,panel,Phishing", "0", "DonPasci" "2025-03-28 00:01:22", "1459529", "195.82.146.32:4444", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/195.82.146.32", "AS47105,C2,censys,DcRAT,DEDBROPRO,RAT", "0", "DonPasci" "2025-03-28 00:01:19", "1459528", "74.248.137.135:4444", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/74.248.137.135", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT,Venom", "0", "DonPasci" "2025-03-28 00:01:08", "1459527", "144.123.101.10:60001", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/144.123.101.10", "AS4134,C2,censys,CHINANET-BACKBONE,Quasar,RAT", "0", "DonPasci" "2025-03-28 00:01:07", "1459525", "43.224.227.246:8082", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/43.224.227.246", "AROSS-AS,AS400619,C2,censys,Hookbot", "0", "DonPasci" "2025-03-28 00:01:07", "1459526", "43.224.227.246:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/43.224.227.246", "AROSS-AS,AS400619,C2,censys,Hookbot", "0", "DonPasci" "2025-03-28 00:01:06", "1459523", "176.65.138.82:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/176.65.138.82", "AS215462,BUGGZ-HOSTING,C2,censys,Hookbot", "0", "DonPasci" "2025-03-28 00:01:06", "1459524", "45.33.122.33:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/45.33.122.33", "AKAMAI-LINODE-AP,AS63949,C2,censys,Hookbot", "0", "DonPasci" "2025-03-28 00:01:05", "1459522", "185.126.82.230:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.126.82.230", "AS63473,C2,censys,HOSTHATCH,Mythic", "0", "DonPasci" "2025-03-28 00:01:00", "1459521", "78.171.42.106:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/78.171.42.106", "AS9121,AsyncRAT,C2,censys,RAT,TTNET", "0", "DonPasci" "2025-03-28 00:00:36", "1459520", "195.114.193.239:48876", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/195.114.193.239", "AS212238,C2,CDNEXT,censys,Sliver", "0", "DonPasci" "2025-03-28 00:00:34", "1459519", "142.93.15.10:5000", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "", "100", "https://search.censys.io/hosts/142.93.15.10", "AS14061,C2,censys,DIGITALOCEAN-ASN,Pupy,RAT", "0", "DonPasci" "2025-03-28 00:00:23", "1459518", "106.54.238.71:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/106.54.238.71", "AS45090,C2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2025-03-28 00:00:20", "1459517", "196.251.86.168:8090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/196.251.86.168", "AS401120,C2,censys,CHEAPY-HOST,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-03-28 00:00:18", "1459515", "101.37.31.139:5376", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.37.31.139", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-03-28 00:00:18", "1459516", "121.37.189.77:9010", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/121.37.189.77", "AS55990,C2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2025-03-28 00:00:17", "1459514", "113.45.11.103:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/113.45.11.103", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-03-28 00:00:16", "1459513", "8.137.38.111:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.137.38.111", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-03-27 21:52:50", "1459487", "https://check.cofat.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-27 21:37:28", "1459485", "https://check.tyzof.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-27 21:16:59", "1459483", "https://check.pipyq.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-27 20:49:13", "1459481", "222.126.140.44:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-03-27 20:47:32", "1459480", "188.49.62.65:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-03-27 20:44:05", "1459479", "119.23.189.216:7443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-03-27 20:43:57", "1459478", "114.132.166.230:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-03-27 20:03:00", "1459477", "https://check.hequf.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-27 20:01:07", "1459475", "83.147.53.67:8808", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/83.147.53.67", "AS399486,C2,censys,Quasar,RAT,VIRTUO", "0", "DonPasci" "2025-03-27 20:01:06", "1459474", "43.224.227.246:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/43.224.227.246", "AROSS-AS,AS400619,C2,censys,Hookbot", "0", "DonPasci" "2025-03-27 20:01:00", "1459472", "78.171.42.106:2004", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/78.171.42.106", "AS9121,AsyncRAT,C2,censys,RAT,TTNET", "0", "DonPasci" "2025-03-27 20:01:00", "1459473", "193.42.36.133:2000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/193.42.36.133", "AS59711,AsyncRAT,C2,censys,HZ-EU-AS,RAT", "0", "DonPasci" "2025-03-27 20:00:36", "1459471", "13.229.224.94:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/13.229.224.94", "AMAZON-02,AS16509,C2,censys,open-dir,payload,Sliver", "0", "DonPasci" "2025-03-27 20:00:32", "1459470", "188.93.233.42:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/188.93.233.42", "AS47674,C2,censys,NETSOLUTIONS,RAT,Remcos", "0", "DonPasci" "2025-03-27 20:00:31", "1459468", "192.227.168.165:1070", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/192.227.168.165", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-03-27 20:00:31", "1459469", "192.227.168.165:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/192.227.168.165", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-03-27 20:00:16", "1459467", "39.106.15.73:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/39.106.15.73", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-03-27 20:00:15", "1459465", "75.127.89.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/75.127.89.194", "AS979,C2,censys,CobaltStrike,cs-watermark-987654321,NETLAB-SDN", "0", "DonPasci" "2025-03-27 20:00:15", "1459466", "156.238.233.21:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/156.238.233.21", "AS142032,C2,censys,CobaltStrike,cs-watermark-987654321,HFTCL-AS-AP", "0", "DonPasci" "2025-03-27 18:53:25", "1459464", "https://check.nawym.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-27 18:39:01", "1459447", "check.sacyd.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-27 18:38:56", "1459456", "check.bufok.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-27 18:38:56", "1459461", "galactich.today", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-03-27 17:22:18", "1459460", "88.99.125.82:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-03-27 17:21:54", "1459459", "ty.ap.4t.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-03-27 17:21:19", "1459458", "https://ty.ap.4t.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-03-27 16:53:49", "1459457", "https://check.bufok.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-27 16:23:08", "1459448", "https://check.sacyd.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-27 16:08:09", "1459424", "check.tuqad.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-27 16:01:26", "1459446", "35.93.230.174:33389", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/35.93.230.174", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-03-27 16:01:25", "1459445", "195.82.146.32:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/195.82.146.32", "AS47105,C2,censys,DcRAT,DEDBROPRO,RAT", "0", "DonPasci" "2025-03-27 16:01:21", "1459444", "vds2405267.my-ihor.ru", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/45.89.66.107+vds2405267.my-ihor.ru", "AS35196,C2,censys,Havoc,IH-TRANSIT-AS", "0", "DonPasci" "2025-03-27 16:01:19", "1459443", "38.54.86.240:2096", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/38.54.86.240", "AS138915,C2,censys,Havoc,KAOPU-HK", "0", "DonPasci" "2025-03-27 16:01:10", "1459442", "194.195.241.185:8010", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.195.241.185", "AKAMAI-LINODE-AP,AS63949,C2,censys,Mythic", "0", "DonPasci" "2025-03-27 16:01:05", "1459441", "156.245.11.12:3955", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/156.245.11.12", "AS133199,AsyncRAT,C2,censys,RAT,SONDERCLOUDLIMITED-AS-AP", "0", "DonPasci" "2025-03-27 16:01:04", "1459439", "196.251.69.124:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.69.124", "AS401115,AsyncRAT,C2,censys,EKABI,RAT", "0", "DonPasci" "2025-03-27 16:01:04", "1459440", "196.251.69.124:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.69.124", "AS401115,AsyncRAT,C2,censys,EKABI,RAT", "0", "DonPasci" "2025-03-27 16:01:03", "1459438", "78.171.42.106:888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/78.171.42.106", "AS9121,AsyncRAT,C2,censys,RAT,TTNET", "0", "DonPasci" "2025-03-27 16:01:01", "1459436", "115.120.251.188:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/115.120.251.188", "AS55990,C2,censys,HWCSNET,Supershell", "0", "DonPasci" "2025-03-27 16:01:01", "1459437", "47.239.54.235:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.239.54.235", "ALIBABA-CN-NET,AS45102,C2,censys,Supershell", "0", "DonPasci" "2025-03-27 16:00:37", "1459435", "51.92.38.49:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/51.92.38.49", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci" "2025-03-27 16:00:21", "1459433", "45.197.150.76:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/45.197.150.76", "ANSHENG-AS-AP,AS134365,C2,censys,CobaltStrike,cs-watermark-305419896", "0", "DonPasci" "2025-03-27 16:00:21", "1459434", "47.108.39.159:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.108.39.159", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-305419896", "0", "DonPasci" "2025-03-27 16:00:20", "1459432", "8.130.107.173:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.130.107.173", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-0", "0", "DonPasci" "2025-03-27 16:00:19", "1459431", "23.95.193.207:2087", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/23.95.193.207", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-03-27 16:00:17", "1459430", "101.133.229.117:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.133.229.117", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-03-27 16:00:16", "1459429", "154.82.92.74:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/154.82.92.74", "AS399077,C2,censys,CobaltStrike,cs-watermark-987654321,TERAEXCH", "0", "DonPasci" "2025-03-27 16:00:15", "1459427", "154.37.219.98:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/154.37.219.98", "AS979,C2,censys,CobaltStrike,cs-watermark-987654321,NETLAB-SDN", "0", "DonPasci" "2025-03-27 16:00:15", "1459428", "8.138.9.113:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.138.9.113", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-03-27 15:54:25", "1459425", "https://check.tuqad.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-27 15:46:43", "1459367", "castlaby.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:46:43", "1459368", "metalixq.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:46:43", "1459369", "metworkp.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:46:40", "1459370", "scrapixo.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:46:40", "1459371", "smeltedx.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:46:40", "1459372", "https://forgeitt.digital/sogidn", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Lumma,Lumma Stealer,Stealer,Url", "0", "RacWatchin8872" "2025-03-27 15:45:57", "1459373", "https://castlaby.live/naogd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Lumma,Lumma Stealer,Stealer,Url", "0", "RacWatchin8872" "2025-03-27 15:45:55", "1459374", "https://metalixq.run/xias", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Lumma,Lumma Stealer,Stealer,Url", "0", "RacWatchin8872" "2025-03-27 15:45:44", "1459375", "https://steeliow.digital/xzdwqd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Lumma,Lumma Stealer,Stealer,Url", "0", "RacWatchin8872" "2025-03-27 15:45:43", "1459378", "196.251.86.49:36063", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2025-03-27 15:45:42", "1459385", "moldifye.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:41", "1459386", "rodcastx.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:40", "1459387", "codemaxq.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:40", "1459388", "hacknowl.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:39", "1459389", "techbitl.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:37", "1459390", "ironwebi.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:36", "1459391", "devpathq.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:35", "1459392", "techhubq.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:34", "1459393", "scraplyo.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:33", "1459394", "datagymx.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:32", "1459395", "qrtechh.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:31", "1459396", "algosetr.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:29", "1459397", "weldhubt.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:29", "1459398", "appzoner.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:28", "1459399", "ironmodw.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:27", "1459400", "steeluxz.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:26", "1459401", "devcodeu.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:25", "1459402", "weldorae.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:24", "1459403", "plugboth.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:23", "1459404", "ferromny.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2025-03-27 15:45:02", "1459414", "147.185.221.23:2918", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-03-27 15:45:02", "1459415", "can-features.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-03-27 15:45:01", "1459416", "check.togis.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-03-27 15:45:00", "1459418", "667d24d659242b95fd7a1c8d1738b1272e0b76aac68c07f97e4e9d2d737db627", "sha256_hash", "payload", "jar.adwind", "AlienSpy,JSocket,Frutas,UNRECOM,JBifrost,Sockrat", "AdWind", "", "100", "", "Adwind", "1", "petermulller" "2025-03-27 15:44:59", "1459419", "oregearp.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-03-27 15:44:58", "1459420", "oreheatq.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-03-27 15:44:57", "1459421", "castmaxw.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-03-27 15:44:56", "1459423", "smeltingt.run", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-03-27 15:44:55", "1459422", "steelixr.live", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "LummaStealer", "0", "threatcat_ch" "2025-03-27 15:44:50", "1459363", "steeliow.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-03-27 15:44:48", "1459362", "weldmaxi.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-03-27 15:44:47", "1459361", "forgeitt.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-03-27 15:44:46", "1459341", "be15f62d14d1cbe2aecce8396f4c6289", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "50", "https://x.com/RakeshKrish12/status/1905188616340464110", "RALord,ransomware", "0", "TheRavenFile" "2025-03-27 14:05:03", "1459417", "https://check.togis.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-27 14:00:05", "1459412", "139.9.192.127:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-03-27 14:00:05", "1459413", "158.69.0.124:8086", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-03-27 14:00:01", "1459411", "199.180.115.3:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-03-27 13:59:58", "1459410", "8.152.192.117:83", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-03-27 13:59:40", "1459409", "103.143.142.39:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-03-27 12:54:59", "1459383", "120.55.169.128:2052", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-27 12:54:59", "1459384", "120.55.169.128:2095", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-27 12:54:21", "1459382", "103.234.72.118:9192", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-27 12:54:02", "1459381", "www.mail163.com.pl", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-27 12:53:42", "1459380", "god.qiaoshen.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-27 12:53:38", "1459379", "cs.qiaoshen.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-27 12:42:46", "1459376", "https://check.hulak.icu/gkcxv.google", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-27 12:42:46", "1459377", "check.hulak.icu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-03-27 12:01:35", "1459360", "mail.i.web-app-on.com", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/104.168.101.27+mail.i.web-app-on.com", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-03-27 12:01:31", "1459359", "124.70.142.36:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/124.70.142.36", "AS55990,c2,c2-redirector,censys,HWCSNET,RedGuard", "0", "DonPasci" "2025-03-27 12:01:19", "1459358", "167.86.190.189:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/167.86.190.189", "AS25019,C2,censys,Netsupport,RAT,SAUDINETSTC-AS", "0", "DonPasci" "2025-03-27 12:01:13", "1459356", "45.61.132.47:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/45.61.132.47", "AS14956,C2,censys,Havoc,ROUTERHOSTING", "0", "DonPasci" "2025-03-27 12:01:13", "1459357", "94.156.189.245:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/94.156.189.245", "AS44901,BELCLOUD,C2,censys,Havoc", "0", "DonPasci" "2025-03-27 12:01:04", "1459355", "176.65.141.167:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/176.65.141.167", "AS215240,C2,censys,Hookbot,NETRESEARCH", "0", "DonPasci" "2025-03-27 12:01:03", "1459354", "176.100.36.135:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/176.100.36.135", "AS58087,C2,censys,FLORIANKOLB,Mythic", "0", "DonPasci" "2025-03-27 12:01:01", "1459353", "enetlabq.digital", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://search.censys.io/hosts/172.67.154.13+enetlabq.digital", "AS13335,C2,censys,CLOUDFLARENET,LummaStealer,panel,stealer", "0", "DonPasci" "2025-03-27 12:00:58", "1459351", "196.251.70.240:5555", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/196.251.70.240", "AS401115,AsyncRAT,C2,censys,EKABI,RAT", "0", "DonPasci" "2025-03-27 12:00:58", "1459352", "193.42.36.133:2002", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/193.42.36.133", "AS59711,AsyncRAT,C2,censys,HZ-EU-AS,RAT", "0", "DonPasci" "2025-03-27 12:00:57", "1459348", "157.254.237.166:7077", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/157.254.237.166", "AS399486,AsyncRAT,C2,censys,RAT,VIRTUO", "0", "DonPasci" "2025-03-27 12:00:57", "1459349", "81.17.24.234:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/81.17.24.234", "AS51852,AsyncRAT,C2,censys,PLI-AS,RAT", "0", "DonPasci" "2025-03-27 12:00:57", "1459350", "89.47.113.83:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/89.47.113.83", "AS210538,AsyncRAT,C2,censys,KEYUBU,RAT", "0", "DonPasci" "2025-03-27 12:00:56", "1459346", "128.90.113.117:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/128.90.113.117", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-03-27 12:00:56", "1459347", "72.167.40.98:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/72.167.40.98", "AS398101,AsyncRAT,C2,censys,GO-DADDY-COM-LLC,RAT", "0", "DonPasci" "2025-03-27 12:00:17", "1459345", "101.43.29.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.43.29.8", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-03-27 12:00:14", "1459343", "103.140.154.111:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/103.140.154.111", "AS151804,C2,censys,CobaltStrike,cs-watermark-987654321,SNOTIONPTELTD-AS-AP", "0", "DonPasci" "2025-03-27 12:00:14", "1459344", "1.92.148.169:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/1.92.148.169", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-03-27 10:54:30", "1459342", "104.41.153.203:80", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-03-27 08:52:29", "1459332", "85.217.184.73:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "75", "None", "drb-ra,Havoc", "0", "abuse_ch" "2025-03-27 08:51:58", "1459331", "70.31.125.64:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-03-27 08:51:08", "1459330", "49.234.14.123:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-03-27 08:49:14", "1459329", "219.229.81.202:8868", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-03-27 08:48:04", "1459328", "194.55.137.3:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "", "75", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-03-27 08:47:37", "1459327", "188.49.62.65:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-03-27 08:44:47", "1459325", "142.171.51.88:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-03-27 08:44:47", "1459326", "142.171.51.88:8000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-03-27 08:44:05", "1459324", "118.253.171.65:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-03-27 08:43:54", "1459323", "111.31.37.46:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" # Number of entries: 1516