################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2026-01-24 14:08:26 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-01-24 14:08:26", "1736419", "http://151.243.213.58/d.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-01-24 13:10:32", "75", "False", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2026-01-24 14:08:25", "1736420", "https://nice1688.github.io/", "url", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "LummaStealer", "0", "burger" "2026-01-24 14:08:25", "1736421", "hollow-paper.info", "domain", "botnet_cc", "win.santa_stealer", "None", "SantaStealer", "", "100", "False", "https://threatfox.abuse.ch/ioc/1734395/", "c2,domain,SantaStealer", "0", "burger" "2026-01-24 14:08:24", "1736424", "https://hollow-paper.info/", "url", "botnet_cc", "win.santa_stealer", "None", "SantaStealer", "", "100", "False", "https://app.any.run/tasks/65b0dea3-fc8b-485e-a984-9319d3a4b06f", "c2,SantaStealer", "0", "burger" "2026-01-24 13:30:07", "1736422", "capitamx.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-24 13:30:07", "1736423", "personrg.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-24 12:50:17", "1736418", "www.micrcscft.cyou", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 13:49:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-24 12:50:08", "1736417", "http://94.26.90.74/537e2870ea5a48dd.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "None", "Steal", "0", "abuse_ch" "2026-01-24 12:49:55", "1736416", "ggjvk3v5bzopisqkf7kd5el2j40gdgcu.lambda-url.ap-southeast-1.on.aws", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 13:49:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-24 12:41:07", "1736415", "https://cdn.jsdelivr.net/gh/paper-skydiver-drv8/crispy-machine-band3/projz", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-24 12:06:06", "1736413", "15.157.72.146:1309", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.157.72.146", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:06:06", "1736414", "15.157.72.146:2859", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.157.72.146", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:06:05", "1736412", "15.160.182.42:11103", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.160.182.42", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:06:04", "1736410", "15.156.203.243:8124", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.156.203.243", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:06:04", "1736411", "15.160.182.42:5903", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.160.182.42", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:06:03", "1736409", "15.156.203.243:1124", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.156.203.243", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:06:01", "1736407", "18.60.226.167:22422", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.60.226.167", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:06:01", "1736408", "18.60.226.167:22822", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.60.226.167", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:06:00", "1736406", "35.180.38.117:58603", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.180.38.117", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:59", "1736405", "35.180.38.117:17853", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.180.38.117", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:58", "1736404", "35.180.38.117:7003", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.180.38.117", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:57", "1736403", "35.180.38.117:2053", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.180.38.117", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:56", "1736402", "13.62.49.196:5671", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.62.49.196", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:55", "1736401", "13.62.49.196:771", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.62.49.196", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:54", "1736400", "16.171.63.199:13599", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.171.63.199", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:52", "1736399", "157.241.107.214:57989", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/157.241.107.214", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:51", "1736398", "13.233.165.122:57979", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.233.165.122", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:49", "1736397", "3.96.162.225:49690", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.96.162.225", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:47", "1736396", "3.96.162.225:8090", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.96.162.225", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:46", "1736394", "13.38.66.48:6863", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.38.66.48", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:46", "1736395", "13.38.66.48:37863", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.38.66.48", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:44", "1736393", "34.223.248.86:18244", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/34.223.248.86", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:43", "1736392", "34.223.248.86:1244", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/34.223.248.86", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:42", "1736391", "54.241.114.182:23697", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.241.114.182", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:41", "1736390", "54.241.114.182:6697", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.241.114.182", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:40", "1736389", "13.232.186.78:392", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.232.186.78", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:39", "1736388", "56.124.122.140:38293", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/56.124.122.140", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:38", "1736387", "56.124.122.140:7793", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/56.124.122.140", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:37", "1736386", "3.79.151.154:1962", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.79.151.154", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:36", "1736385", "51.44.21.128:1911", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.44.21.128", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:35", "1736384", "40.177.166.61:25130", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/40.177.166.61", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:34", "1736383", "16.50.208.34:3128", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.50.208.34", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:33", "1736382", "18.196.36.166:10358", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.196.36.166", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:32", "1736381", "18.196.36.166:6008", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.196.36.166", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:05:31", "1736380", "16.171.62.174:3260", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.171.62.174", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 12:04:11", "1736379", "47.105.55.111:10086", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/47.105.55.111", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2026-01-24 12:04:10", "1736378", "23.226.51.87:4037", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/23.226.51.87", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci" "2026-01-24 12:04:09", "1736377", "115.190.244.119:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/115.190.244.119", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci" "2026-01-24 11:02:55", "1736364", "homencck.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-24 10:08:42", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-01-24 11:02:54", "1736363", "https://homencck.com/5s5t.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-24 10:08:38", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-01-24 11:02:53", "1736365", "https://homencck.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-24 10:08:41", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-01-24 11:02:53", "1736366", "195.85.115.209:79", "ip:port", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-24 10:08:43", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-01-24 11:00:53", "1736376", "1.92.207.79:42085", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/1.92.207.79", "AS55990,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-24 11:00:51", "1736375", "161.35.174.205:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/161.35.174.205", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-24 11:00:50", "1736374", "185.112.147.134:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/185.112.147.134", "AS44925,censys,GoPhish,Phishing,THE-1984-AS", "0", "dyingbreeds_" "2026-01-24 11:00:49", "1736373", "109.224.229.21:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/109.224.229.21", "AS200325,BUNNYCDN,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-24 11:00:42", "1736372", "103.217.187.235:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/103.217.187.235", "AS146817,censys,Viper", "0", "dyingbreeds_" "2026-01-24 11:00:41", "1736371", "154.12.81.103:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/154.12.81.103", "AS401696,censys,Viper", "0", "dyingbreeds_" "2026-01-24 11:00:10", "1736370", "202.95.18.6:16663", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2026-01-24 12:04:30", "75", "False", "https://search.censys.io/hosts/202.95.18.6", "AS152194,C2,censys,RAT", "0", "dyingbreeds_" "2026-01-24 08:48:53", "1736368", "59.13.206.73:9100", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-24 13:48:28", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-24 08:48:53", "1736369", "60.163.142.78:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-24 13:48:28", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-24 08:46:04", "1736367", "167.71.25.237:8082", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-24 13:45:51", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-01-24 08:05:30", "1736362", "3.107.80.92:46143", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.107.80.92", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:29", "1736360", "3.107.80.92:8443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.107.80.92", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:29", "1736361", "3.107.80.92:35693", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.107.80.92", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:28", "1736358", "3.107.80.92:4443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.107.80.92", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:28", "1736359", "3.107.80.92:6193", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.107.80.92", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:27", "1736357", "15.152.36.236:6003", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.152.36.236", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:26", "1736356", "3.85.104.189:2000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.85.104.189", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:25", "1736354", "44.211.134.122:2181", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/44.211.134.122", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:25", "1736355", "44.211.134.122:49881", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/44.211.134.122", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:24", "1736352", "3.113.25.128:29036", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.113.25.128", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:24", "1736353", "108.137.2.188:2096", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/108.137.2.188", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:23", "1736350", "35.159.232.5:38666", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.159.232.5", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:23", "1736351", "3.96.197.80:53282", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.96.197.80", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:22", "1736348", "13.212.57.236:789", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.212.57.236", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:22", "1736349", "16.171.116.128:21085", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.171.116.128", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:21", "1736346", "13.232.186.78:2742", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.232.186.78", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:21", "1736347", "15.237.113.193:623", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.237.113.193", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:20", "1736344", "18.60.226.167:57722", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.60.226.167", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:20", "1736345", "13.232.186.78:9042", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.232.186.78", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:19", "1736341", "16.24.81.191:45929", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.24.81.191", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:19", "1736342", "54.249.101.88:2403", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.249.101.88", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:19", "1736343", "15.228.189.197:52628", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.228.189.197", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:18", "1736339", "3.22.51.194:4443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.22.51.194", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:18", "1736340", "16.62.211.157:6009", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.62.211.157", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:17", "1736337", "47.128.15.45:7170", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/47.128.15.45", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:05:17", "1736338", "103.177.46.73:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.46.73", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 08:04:46", "1736336", "102.117.162.141:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-24 11:00:21", "100", "False", "https://search.censys.io/hosts/102.117.162.141", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2026-01-24 08:04:45", "1736335", "163.172.232.21:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-24 11:00:20", "100", "False", "https://search.censys.io/hosts/163.172.232.21", "AS12876,C2,censys,Mythic,Online", "0", "DonPasci" "2026-01-24 08:04:28", "1736334", "185.122.185.36:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://search.censys.io/hosts/185.122.185.36", "AS202759,C2,censys,FAIRYHOSTING,RAT,SpiceRAT", "0", "DonPasci" "2026-01-24 08:04:09", "1736333", "23.235.146.48:10439", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 11:00:09", "100", "False", "https://search.censys.io/hosts/23.235.146.48", "AS132839,C2,censys,CobaltStrike,cs-watermark-987654321,POWERLINE-AS-AP", "0", "DonPasci" "2026-01-24 08:04:08", "1736332", "156.234.218.184:8790", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 11:00:07", "100", "False", "https://search.censys.io/hosts/156.234.218.184", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci" "2026-01-24 08:04:07", "1736331", "160.124.146.221:10439", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 11:00:06", "100", "False", "https://search.censys.io/hosts/160.124.146.221", "AS132839,C2,censys,CobaltStrike,cs-watermark-987654321,POWERLINE-AS-AP", "0", "DonPasci" "2026-01-24 07:32:26", "1736215", "radiopoljubac.net", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "", "None", "1", "tanner" "2026-01-24 07:32:26", "1736217", "95.85.239.218:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-23 19:00:34", "100", "False", "None", "c2,loader,StealC,stealer,xtraff", "0", "Bitsight" "2026-01-24 07:32:25", "1736216", "koszulki.net", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "", "None", "1", "tanner" "2026-01-24 07:32:24", "1736248", "wxqdcakvuv.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Metateam1337x-afk", "0", "HuntYethHounds" "2026-01-24 07:32:24", "1736249", "https://wxqdcakvuv.com/cssfont.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Metateam1337x-afk", "0", "HuntYethHounds" "2026-01-24 07:32:23", "1736250", "https://wxqdcakvuv.com/ok1.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Metateam1337x-afk", "0", "HuntYethHounds" "2026-01-24 07:32:23", "1736252", "http://185.113.8.55/uploads/ok.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Metateam1337x-afk", "0", "HuntYethHounds" "2026-01-24 07:32:22", "1736251", "https://185.113.8.55/asd1.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Metateam1337x-afk", "0", "HuntYethHounds" "2026-01-24 07:32:22", "1736253", "http://185.113.8.55/asd1.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Metateam1337x-afk", "0", "HuntYethHounds" "2026-01-24 07:32:21", "1736254", "http://185.113.8.55/nep", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Metateam1337x-afk,Neptune", "0", "HuntYethHounds" "2026-01-24 07:32:21", "1736255", "http://srproofing.com/contents/lock", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Metateam1337x-afk", "0", "HuntYethHounds" "2026-01-24 07:32:21", "1736256", "http://official-jaxxwallet.com/stealer.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Metateam1337x-afk", "0", "HuntYethHounds" "2026-01-24 07:32:20", "1736257", "official-jaxxwallet.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Metateam1337x-afk", "0", "HuntYethHounds" "2026-01-24 07:32:19", "1736263", "195.85.114.118:79", "ip:port", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-24 05:06:56", "100", "True", "https://infosec.exchange/@monitorsg/115946743675803908", "KongTuke", "0", "monitorsg" "2026-01-24 07:32:18", "1736259", "http://47.95.169.152:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS37963,Hangzhou Alibaba Advertising Co. Ltd.,supershell", "0", "antiphishorg" "2026-01-24 07:32:17", "1736302", "https://arekinformatika.my.id/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS204800,evelyn,subdomain,WHG Hosting Services Ltd", "0", "antiphishorg" "2026-01-24 07:32:17", "1736303", "179.43.176.93:80", "ip:port", "botnet_cc", "win.void", "VoidCrypt", "Void", "", "100", "False", "None", "AS51852,Private Layer INC,void", "0", "antiphishorg" "2026-01-24 07:09:16", "1736330", "115.190.244.119:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 13:50:06", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-01-24 07:09:13", "1736329", "223.26.63.57:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-01-24 07:09:11", "1736328", "45.192.248.45:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-426352781", "0", "abuse_ch" "2026-01-24 07:09:09", "1736327", "206.237.13.96:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-01-24 06:40:04", "1736326", "123.173.105.230:4567", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "None", "Gh0stRAT,RAT", "0", "abuse_ch" "2026-01-24 04:05:34", "1736324", "16.52.76.32:46796", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.52.76.32", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:34", "1736325", "3.29.27.216:17823", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.29.27.216", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:33", "1736322", "54.167.219.87:46949", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.167.219.87", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:33", "1736323", "54.167.219.87:54799", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.167.219.87", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:32", "1736320", "44.211.134.122:8081", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/44.211.134.122", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:32", "1736321", "18.130.251.141:18089", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.130.251.141", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:31", "1736317", "52.77.209.246:29989", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/52.77.209.246", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:31", "1736318", "15.185.146.67:50580", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.185.146.67", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:31", "1736319", "44.211.134.122:2281", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/44.211.134.122", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:30", "1736316", "3.113.25.128:14086", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.113.25.128", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:29", "1736314", "16.24.146.28:25565", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.24.146.28", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:29", "1736315", "3.113.25.128:5986", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.113.25.128", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:28", "1736312", "43.203.173.227:2762", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.203.173.227", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:28", "1736313", "3.16.70.53:8008", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.16.70.53", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:27", "1736311", "54.252.218.244:49504", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.252.218.244", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 04:05:03", "1736310", "68.183.21.171:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-24 13:48:38", "100", "False", "https://search.censys.io/hosts/68.183.21.171", "AS14061,C2,censys,Covenant,DIGITALOCEAN-ASN", "0", "DonPasci" "2026-01-24 04:04:54", "1736309", "74.12.79.162:9999", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-24 13:48:43", "100", "False", "https://search.censys.io/hosts/74.12.79.162", "AS577,BACOM,C2,censys,Mythic", "0", "DonPasci" "2026-01-24 04:04:50", "1736308", "95.9.236.229:5555", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-24 13:49:13", "100", "False", "https://search.censys.io/hosts/95.9.236.229", "AS9121,AsyncRAT,C2,censys,RAT,TTNET", "0", "DonPasci" "2026-01-24 04:04:49", "1736306", "188.212.158.223:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-24 13:46:34", "100", "False", "https://search.censys.io/hosts/188.212.158.223", "AS142299,AsyncRAT,C2,censys,CLOUDFORESTCOLTD-AS-AP,RAT", "0", "DonPasci" "2026-01-24 04:04:49", "1736307", "217.216.48.9:25", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-24 13:47:21", "100", "False", "https://search.censys.io/hosts/217.216.48.9", "AS40021,AsyncRAT,C2,censys,CONTABO-40021,RAT", "0", "DonPasci" "2026-01-24 04:04:30", "1736305", "158.94.211.18:5903", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:45:21", "100", "False", "https://search.censys.io/hosts/158.94.211.18", "AS202412,C2,censys,OMEGATECH-AS,RAT,Remcos", "0", "DonPasci" "2026-01-24 04:04:16", "1736304", "43.200.244.126:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 11:00:08", "100", "False", "https://search.censys.io/hosts/43.200.244.126", "AMAZON-02,AS16509,C2,censys,CobaltStrike", "0", "DonPasci" "2026-01-24 02:51:16", "1736301", "64.89.163.189:55844", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 13:52:20", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-24 00:05:33", "1736300", "18.143.180.130:57722", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.143.180.130", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:32", "1736299", "18.143.180.130:22322", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.143.180.130", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:31", "1736298", "18.143.180.130:22072", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.143.180.130", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:30", "1736297", "18.143.180.130:5672", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.143.180.130", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:29", "1736295", "13.247.97.177:6699", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.247.97.177", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:29", "1736296", "18.143.180.130:5222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.143.180.130", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:28", "1736294", "51.44.155.74:10259", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.44.155.74", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:27", "1736292", "51.44.155.74:16659", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.44.155.74", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:27", "1736293", "51.44.155.74:8309", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.44.155.74", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:26", "1736291", "63.180.247.204:2087", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/63.180.247.204", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:25", "1736289", "13.124.111.95:830", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.124.111.95", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:25", "1736290", "13.124.111.95:50580", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.124.111.95", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:24", "1736287", "43.209.117.66:80", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.209.117.66", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:24", "1736288", "43.209.117.66:2380", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.209.117.66", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:23", "1736286", "51.34.52.212:44817", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.34.52.212", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:22", "1736285", "51.34.52.212:4567", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.34.52.212", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:21", "1736284", "15.223.120.154:14265", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.223.120.154", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:20", "1736282", "81.206.117.70:4444", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/81.206.117.70", "AS1136,C2,censys,hacktool,KPN,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:20", "1736283", "40.177.84.210:6001", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/40.177.84.210", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:05:19", "1736281", "54.241.182.163:465", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.241.182.163", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-24 00:04:53", "1736280", "44.221.193.28:443", "ip:port", "botnet_cc", "win.nimplant", "None", "Nimplant", "", "100", "False", "https://search.censys.io/hosts/44.221.193.28", "AMAZON-AES,AS14618,C2,censys,Nimplant", "0", "DonPasci" "2026-01-24 00:04:47", "1736279", "193.164.4.141:80", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "False", "https://search.censys.io/hosts/193.164.4.141", "AS210538,C2,censys,KEYUBU,RAT,Venom", "0", "DonPasci" "2026-01-24 00:04:26", "1736278", "109.199.119.43:2405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:43:31", "100", "False", "https://search.censys.io/hosts/109.199.119.43", "AS51167,C2,censys,CONTABO,RAT,Remcos", "0", "DonPasci" "2026-01-24 00:04:06", "1736277", "160.124.104.143:35627", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 11:00:09", "100", "False", "https://search.censys.io/hosts/160.124.104.143", "AS132839,C2,censys,CobaltStrike,cs-watermark-987654321,POWERLINE-AS-AP", "0", "DonPasci" "2026-01-23 23:15:55", "1736276", "31.57.219.210:1912", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/e3829c25e9f38b778ed41aa78f34955a25a2a53236810aadce18dc25ac1601f6/", "redline", "0", "abuse_ch" "2026-01-23 23:01:07", "1736275", "41.62.25.18:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "100", "False", "https://search.censys.io/hosts/41.62.25.18", "AS37705,C2,censys,TOPNET", "0", "dyingbreeds_" "2026-01-23 23:00:59", "1736274", "5.181.156.182:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/5.181.156.182", "AS39798,censys,GoPhish,MIVOCLOUD,Phishing", "0", "dyingbreeds_" "2026-01-23 23:00:58", "1736273", "46.224.48.214:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/46.224.48.214", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2026-01-23 23:00:57", "1736272", "45.148.117.180:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/45.148.117.180", "AS50053,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-23 23:00:56", "1736270", "170.168.61.61:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/170.168.61.61", "AS-GLOBALTELEHOST,AS63023,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-23 23:00:56", "1736271", "54.208.59.100:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/54.208.59.100", "AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-23 23:00:55", "1736269", "194.195.210.13:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/194.195.210.13", "AS63949,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-23 23:00:53", "1736267", "178.60.208.138:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/178.60.208.138", "AS12334,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-23 23:00:53", "1736268", "3.139.73.166:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/3.139.73.166", "AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-23 23:00:51", "1736266", "165.232.191.90:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/165.232.191.90", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-23 23:00:39", "1736264", "95.217.242.159:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "https://search.censys.io/hosts/95.217.242.159", "AS24940,C2,censys,HETZNER-AS", "0", "dyingbreeds_" "2026-01-23 23:00:39", "1736265", "65.109.241.62:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "https://search.censys.io/hosts/65.109.241.62", "AS24940,C2,censys,HETZNER-AS", "0", "dyingbreeds_" "2026-01-23 21:24:21", "1736262", "83.147.13.105:10003", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/f0857c324df14c87841c4b03107858fbd48e92aa0f485ec80f75cca4b74ecd85/", "VShell", "0", "abuse_ch" "2026-01-23 21:22:41", "1736261", "109.111.55.222:8080", "ip:port", "botnet_cc", "elf.tsunami", "Muhstik,Radiation,Amnesia", "Tsunami", "", "75", "False", "https://bazaar.abuse.ch/sample/6b6338e455c34640ca9eda99c81bbb7246c9736869312da32571365b00e8c2f4/", "Tsunami", "0", "abuse_ch" "2026-01-23 21:21:04", "1736260", "91.92.240.38:666", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/511a14362f0693fea5349acf6a44c1426abe7f660c036c854a5b9a4566e5f316/", "Mirai", "0", "abuse_ch" "2026-01-23 20:49:03", "1736258", "1ljft17gwl.execute-api.ap-southeast-1.amazonaws.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 11:49:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-23 20:05:33", "1736247", "16.79.60.249:15443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.79.60.249", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:32", "1736244", "54.87.11.130:7001", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.87.11.130", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:32", "1736245", "54.87.11.130:9601", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.87.11.130", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:32", "1736246", "16.28.27.221:4840", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.28.27.221", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:31", "1736242", "43.210.3.49:43", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.210.3.49", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:31", "1736243", "54.87.11.130:1201", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.87.11.130", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:30", "1736240", "40.172.186.223:51704", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/40.172.186.223", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:30", "1736241", "16.176.104.85:14526", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.176.104.85", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:29", "1736238", "13.247.110.186:34353", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.247.110.186", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:29", "1736239", "3.145.151.101:2078", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.145.151.101", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:28", "1736236", "43.216.199.229:5061", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.216.199.229", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:28", "1736237", "13.247.110.186:2003", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.247.110.186", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:27", "1736234", "108.136.117.44:30353", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/108.136.117.44", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:27", "1736235", "43.216.199.229:11211", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.216.199.229", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:26", "1736232", "18.61.163.194:39314", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.61.163.194", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:26", "1736233", "35.89.254.114:33247", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.89.254.114", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:25", "1736229", "156.194.88.7:4444", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/156.194.88.7", "AS8452,C2,censys,hacktool,MetaSploit,Meterpreter,TE-AS", "0", "DonPasci" "2026-01-23 20:05:25", "1736230", "13.38.97.13:45118", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.38.97.13", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:25", "1736231", "13.38.97.13:51068", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.38.97.13", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:24", "1736228", "56.124.114.151:8888", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/56.124.114.151", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 20:05:19", "1736227", "51.68.202.104:8090", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/51.68.202.104", "AS16276,C2,censys,Nosviak,OVH,Panel", "0", "DonPasci" "2026-01-23 20:05:06", "1736226", "159.198.41.199:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-24 13:45:22", "100", "False", "https://search.censys.io/hosts/159.198.41.199", "AS22612,censys,EvilGinx,NAMECHEAP-NET,panel,Phishing", "0", "DonPasci" "2026-01-23 20:04:54", "1736225", "69.167.11.55:443", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-23 23:00:27", "100", "False", "https://search.censys.io/hosts/69.167.11.55", "AS40861,C2,censys,DcRAT,PARAD-40-ASN,RAT", "0", "DonPasci" "2026-01-23 20:04:46", "1736224", "109.107.178.21:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "https://search.censys.io/hosts/109.107.178.21", "AS216071,C2,censys,RAT,Sectop,VDSINA", "0", "DonPasci" "2026-01-23 20:04:30", "1736223", "103.60.12.216:7000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:43:14", "100", "False", "https://search.censys.io/hosts/103.60.12.216", "AS27176,C2,censys,DATAWAGON,RAT,Remcos", "0", "DonPasci" "2026-01-23 20:04:07", "1736222", "47.104.172.191:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 13:51:59", "100", "False", "https://search.censys.io/hosts/47.104.172.191", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2026-01-23 20:04:06", "1736221", "64.89.163.189:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 07:09:12", "100", "False", "https://search.censys.io/hosts/64.89.163.189", "AS401626,C2,censys,CobaltStrike,cs-watermark-987654321,NETIFACE-TORONTO", "0", "DonPasci" "2026-01-23 20:04:05", "1736220", "23.226.51.88:20053", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-23 23:00:06", "100", "False", "https://search.censys.io/hosts/23.226.51.88", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci" "2026-01-23 19:30:49", "1736219", "bemuseqy.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-24 13:30:07", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-23 19:16:11", "1736218", "47.238.104.19:8888", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0614c1c45ff21a2eddf629cfc459ee1b4f5034e0bb093e127d916216f3b8b1c3/", "valleyrat_s2", "0", "abuse_ch" "2026-01-23 18:48:40", "1736214", "91.92.242.153:2212", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:49:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-01-23 18:47:30", "1736213", "42.81.234.144:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-24 13:47:52", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-23 18:45:32", "1736212", "169.40.135.2:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-24 13:45:54", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-01-23 18:44:07", "1736210", "144.208.127.217:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-24 13:44:17", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-01-23 18:44:07", "1736211", "144.208.127.217:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-24 13:44:17", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-01-23 18:06:18", "1736209", "http://199.217.99.187", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260123-mcnxnshw6c", "AS399629,C2,stealc,stealer,triage", "0", "DonPasci" "2026-01-23 18:05:43", "1736208", "https://bemuseqy.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "https://tria.ge/260123-vjf5eabt5f", "C2,lumma,stealer,triage", "0", "DonPasci" "2026-01-23 18:05:18", "1736207", "88.190.202.46:200", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260123-v7elgsct8h", "AS12322,C2,quasar,rat,triage", "0", "DonPasci" "2026-01-23 18:04:36", "1736204", "26.104.139.114:5567", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260123-qlbkgsdt2e", "AS749,asyncrat,C2,rat,triage", "0", "DonPasci" "2026-01-23 18:04:36", "1736205", "26.104.139.114:6607", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260123-qlbkgsdt2e", "AS749,asyncrat,C2,rat,triage", "0", "DonPasci" "2026-01-23 18:04:36", "1736206", "lmn990112-54741.portmap.host", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260123-mgl9mshy2c", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2026-01-23 18:04:35", "1736202", "luvxc1de.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-23 18:04:35", "100", "False", "https://tria.ge/260123-v7l1kacv2a", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2026-01-23 18:04:35", "1736203", "26.104.139.114:4782", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260123-qlbkgsdt2e", "AS749,asyncrat,C2,rat,triage", "0", "DonPasci" "2026-01-23 18:04:12", "1736200", "86.108.33.82:26464", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260123-wg1lpscy8g", "AS8376,C2,triage,xworm", "0", "DonPasci" "2026-01-23 18:04:12", "1736201", "hL2k-32291.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-01-23 18:04:12", "100", "False", "https://tria.ge/260123-wfg3zacy2e", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-23 17:27:04", "1736193", "https://elimnasir.com/private/callback-fetch.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115945269899095691", "SmartApeSG", "0", "monitorsg" "2026-01-23 17:27:00", "1736189", "https://cpajoliette.com/q", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115945269899095691", "SmartApeSG", "0", "monitorsg" "2026-01-23 17:27:00", "1736190", "https://elimnasir.com/private/profile-ajax.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115945269899095691", "SmartApeSG", "0", "monitorsg" "2026-01-23 17:27:00", "1736191", "elimnasir.com", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-23 16:07:08", "100", "True", "https://infosec.exchange/@monitorsg/115945269899095691", "SmartApeSG", "0", "monitorsg" "2026-01-23 17:26:59", "1736192", "https://elimnasir.com/private/api-hook.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115945269899095691", "SmartApeSG", "0", "monitorsg" "2026-01-23 17:00:25", "1736199", "cbb.lidiia.com.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 17:00:24", "1736198", "cbb.borendrokontho.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 16:59:53", "1736194", "https://steamcommunity.com/profiles/76561198745091601", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 16:59:53", "1736195", "https://telegram.me/n1ds03", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 16:59:53", "1736196", "https://cbb.borendrokontho.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 16:59:53", "1736197", "https://cbb.lidiia.com.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 16:05:23", "1736188", "3.36.67.168:1963", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.36.67.168", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 16:05:22", "1736187", "51.44.171.116:1963", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.44.171.116", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 16:05:21", "1736186", "16.79.60.249:2443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.79.60.249", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 16:05:20", "1736185", "3.101.88.52:24577", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.101.88.52", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 16:05:19", "1736184", "78.12.143.115:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/78.12.143.115", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 16:05:18", "1736183", "40.172.186.223:254", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/40.172.186.223", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 16:05:17", "1736182", "196.75.249.127:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/196.75.249.127", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci" "2026-01-23 16:04:53", "1736181", "117.2.219.119:3389", "ip:port", "botnet_cc", "win.bit_rat", "None", "BitRAT", "2026-01-23 23:00:30", "100", "False", "https://search.censys.io/hosts/117.2.219.119", "AS7552,BitRAT,C2,censys,RAT,VIETEL-AS-AP", "0", "DonPasci" "2026-01-23 16:04:47", "1736180", "blog.kevoxtech.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-23 23:00:25", "100", "False", "https://search.censys.io/hosts/8.228.34.111+blog.kevoxtech.com", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Havoc", "0", "DonPasci" "2026-01-23 16:04:45", "1736179", "196.251.107.47:2222", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-01-23 23:00:24", "100", "False", "https://search.censys.io/hosts/196.251.107.47", "AS214351,C2,censys,FEMOIT,Quasar,RAT", "0", "DonPasci" "2026-01-23 16:04:42", "1736178", "104.207.141.236:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-24 13:43:19", "100", "False", "https://search.censys.io/hosts/104.207.141.236", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci" "2026-01-23 16:04:25", "1736177", "104.194.214.16:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://search.censys.io/hosts/104.194.214.16", "AS199959,C2,censys,CROWNCLOUD,RAT,SpiceRAT", "0", "DonPasci" "2026-01-23 16:04:24", "1736176", "104.194.214.16:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://search.censys.io/hosts/104.194.214.16", "AS199959,C2,censys,CROWNCLOUD,RAT,SpiceRAT", "0", "DonPasci" "2026-01-23 16:04:23", "1736175", "194.14.217.119:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://search.censys.io/hosts/194.14.217.119", "AS9009,C2,censys,M247,RAT,SpiceRAT", "0", "DonPasci" "2026-01-23 15:10:58", "1736165", "https://jaskolkki.com/7h9v.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-23 15:06:45", "100", "True", "https://infosec.exchange/@monitorsg/115944809217928705", "KongTuke", "0", "monitorsg" "2026-01-23 15:10:57", "1736166", "jaskolkki.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-23 15:06:48", "100", "True", "https://infosec.exchange/@monitorsg/115944809217928705", "KongTuke", "0", "monitorsg" "2026-01-23 15:10:57", "1736167", "https://jaskolkki.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-23 15:06:47", "100", "True", "https://infosec.exchange/@monitorsg/115944809217928705", "KongTuke", "0", "monitorsg" "2026-01-23 15:10:56", "1736168", "https://helsibreak.com/api/middleware-server.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115944815681301733", "SmartApeSG", "0", "monitorsg" "2026-01-23 15:10:56", "1736169", "helsibreak.com", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-23 14:11:36", "100", "True", "https://infosec.exchange/@monitorsg/115944815681301733", "SmartApeSG", "0", "monitorsg" "2026-01-23 15:10:55", "1736173", "https://79.141.172.229/bottle", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115944815681301733", "SmartApeSG", "0", "monitorsg" "2026-01-23 15:10:54", "1736170", "https://helsibreak.com/api/session-request.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115944815681301733", "SmartApeSG", "0", "monitorsg" "2026-01-23 15:10:53", "1736171", "http://79.141.172.229/throttle", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115944815681301733", "SmartApeSG", "0", "monitorsg" "2026-01-23 15:10:53", "1736172", "https://inshellter.com/throttle", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115944815681301733", "SmartApeSG", "0", "monitorsg" "2026-01-23 15:10:52", "1736174", "app.tatatech.co", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/115944818327303097", "SocGholish", "0", "monitorsg" "2026-01-23 12:52:30", "1736164", "3.101.88.52:57677", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2026-01-23 13:09:31", "100", "False", "https://search.censys.io/hosts/3.101.88.52", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:52:28", "1736163", "54.177.182.141:40801", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.177.182.141", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:52:27", "1736162", "40.177.165.44:53282", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/40.177.165.44", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:52:25", "1736161", "204.236.144.16:990", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/204.236.144.16", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:52:23", "1736160", "204.236.144.16:46090", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/204.236.144.16", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:52:22", "1736159", "15.228.193.137:21539", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.228.193.137", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:51:29", "1736158", "www.lyraconnect.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://search.censys.io/hosts/216.198.79.65+www.lyraconnect.xyz", "AMAZON-02,AS16509,C2,censys,lyra,panel,Stealer", "0", "DonPasci" "2026-01-23 12:51:25", "1736157", "www.lyra-connect.us", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://search.censys.io/hosts/216.198.79.65+www.lyra-connect.us", "AMAZON-02,AS16509,C2,censys,lyra,panel,Stealer", "0", "DonPasci" "2026-01-23 12:51:15", "1736156", "203.195.240.20:31303", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-23 23:00:07", "100", "False", "https://search.censys.io/hosts/203.195.240.20", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2026-01-23 12:06:30", "1736155", "54.253.204.164:2077", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.253.204.164", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:29", "1736154", "108.131.58.244:4567", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/108.131.58.244", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:28", "1736153", "3.148.240.239:42485", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.148.240.239", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:27", "1736152", "13.60.201.69:44819", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.60.201.69", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:26", "1736151", "98.130.44.139:10261", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/98.130.44.139", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:25", "1736150", "35.181.4.57:20548", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.181.4.57", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:24", "1736149", "13.246.44.126:58341", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.246.44.126", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:23", "1736148", "13.246.44.126:4891", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.246.44.126", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:22", "1736147", "13.247.230.154:48594", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.247.230.154", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:21", "1736146", "3.144.255.19:10002", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.144.255.19", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:19", "1736145", "3.144.255.19:502", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.144.255.19", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:17", "1736144", "13.38.44.144:28863", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.38.44.144", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:16", "1736143", "13.38.44.144:17713", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.38.44.144", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:14", "1736142", "103.177.46.13:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.46.13", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:12", "1736141", "52.199.15.126:48641", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/52.199.15.126", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:10", "1736140", "13.37.239.190:54063", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.37.239.190", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:08", "1736139", "13.37.239.190:1963", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.37.239.190", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:07", "1736138", "16.62.214.182:17777", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.62.214.182", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:05", "1736137", "35.161.91.38:25122", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.161.91.38", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:02", "1736136", "16.78.40.103:1962", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.78.40.103", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:06:00", "1736135", "43.210.3.49:2443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.210.3.49", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:58", "1736134", "16.78.101.132:20001", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.78.101.132", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:56", "1736133", "16.78.101.132:9301", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.78.101.132", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:54", "1736132", "16.78.101.132:9001", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.78.101.132", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:52", "1736131", "56.155.45.242:2083", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/56.155.45.242", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:50", "1736130", "54.176.53.20:389", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.176.53.20", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:48", "1736129", "13.126.207.183:22777", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.126.207.183", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:46", "1736128", "43.204.19.30:503", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.204.19.30", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:44", "1736127", "13.62.50.136:38706", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.62.50.136", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:42", "1736126", "35.157.246.63:56716", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.157.246.63", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:40", "1736125", "15.228.227.9:7896", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.228.227.9", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:38", "1736124", "16.79.61.179:2079", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.79.61.179", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:37", "1736123", "13.245.4.173:1099", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.245.4.173", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:35", "1736122", "15.237.101.135:2053", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.237.101.135", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:33", "1736121", "18.191.189.39:32416", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.191.189.39", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:31", "1736120", "13.247.181.176:2456", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.247.181.176", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 12:05:23", "1736119", "45.129.230.38:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-01-24 13:47:55", "100", "False", "https://search.censys.io/hosts/45.129.230.38", "AdaptixC2,AS213438,C2,censys,COLOCATEL-INC", "0", "DonPasci" "2026-01-23 12:05:04", "1736118", "85.158.57.170:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-24 13:48:58", "100", "False", "https://search.censys.io/hosts/85.158.57.170", "AS212238,C2,CDNEXT,censys,Covenant", "0", "DonPasci" "2026-01-23 12:04:57", "1736117", "154.8.184.197:3260", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-01-23 23:00:23", "100", "False", "https://search.censys.io/hosts/154.8.184.197", "AS45090,C2,censys,Quasar,RAT,TENCENT-NET-AP", "0", "DonPasci" "2026-01-23 12:04:51", "1736116", "144.124.227.226:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "https://search.censys.io/hosts/144.124.227.226", "AS216071,C2,censys,RAT,Sectop,VDSINA", "0", "DonPasci" "2026-01-23 12:04:50", "1736115", "92.255.85.68:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "https://search.censys.io/hosts/92.255.85.68", "AS57523,C2,censys,CHANGWAY-AS,RAT,Sectop", "0", "DonPasci" "2026-01-23 12:04:36", "1736114", "66.154.127.200:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-24 13:48:36", "100", "False", "https://search.censys.io/hosts/66.154.127.200", "AS35916,C2,censys,MULTA-ASN1,Sliver", "0", "DonPasci" "2026-01-23 12:04:30", "1736113", "194.68.44.25:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://search.censys.io/hosts/194.68.44.25", "AS9009,C2,censys,M247,RAT,SpiceRAT", "0", "DonPasci" "2026-01-23 12:04:29", "1736112", "194.68.44.25:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://search.censys.io/hosts/194.68.44.25", "AS9009,C2,censys,M247,RAT,SpiceRAT", "0", "DonPasci" "2026-01-23 12:04:24", "1736111", "23.249.28.75:14994", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2026-01-23 23:00:11", "100", "False", "https://search.censys.io/hosts/23.249.28.75", "AS152156,C2,censys,Gh0st,NARUTO-AS-HK,RAT", "0", "DonPasci" "2026-01-23 11:56:27", "1736110", "s38omfg2.cinderpouch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-23 11:48:21", "1736109", "vpkw420q.hcuoprednic.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-23 11:40:13", "1736108", "143.92.34.55:19020", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-01-23 11:00:50", "1736107", "173.249.55.38:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/173.249.55.38", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-23 11:00:49", "1736106", "112.94.22.102:820", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/112.94.22.102", "AS17622,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-23 11:00:15", "1736105", "141.164.42.5:443", "ip:port", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "2026-01-23 12:04:44", "90", "False", "https://search.censys.io/hosts/141.164.42.5", "AS20473,C2,censys,RAT", "0", "dyingbreeds_" "2026-01-23 11:00:13", "1736104", "169.40.135.2:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-24 13:45:54", "90", "False", "https://search.censys.io/hosts/169.40.135.2", "AS209274,C2,censys,KRAKEN-NETWORK-ISP", "0", "dyingbreeds_" "2026-01-23 11:00:08", "1736103", "45.64.109.10:35627", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-23 12:04:04", "100", "False", "https://search.censys.io/hosts/45.64.109.10", "AS132839,C2,censys", "0", "dyingbreeds_" "2026-01-23 10:35:16", "1736102", "http://89.125.48.195/9f53354de2964d8b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "None", "Steal", "0", "abuse_ch" "2026-01-23 10:35:08", "1736101", "119.28.195.39:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-01-23 10:33:39", "1736100", "223.26.62.188:23456", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "AS152194,c2,CTGSERVERLIMITED-AS-AP,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:38", "1736093", "143.92.32.25:8443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "AS152194,c2,CTGSERVERLIMITED-AS-AP,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:38", "1736094", "143.92.32.194:19190", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "AS152194,c2,CTGSERVERLIMITED-AS-AP,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:38", "1736095", "156.247.40.89:8888", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "AS401739,c2,Farfli,Gh0stRAT,RAT,REDLUFF-NET01", "0", "DonPasci" "2026-01-23 10:33:38", "1736096", "156.247.40.169:6666", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "AS401739,c2,Farfli,Gh0stRAT,RAT,REDLUFF-NET01", "0", "DonPasci" "2026-01-23 10:33:38", "1736097", "192.229.116.155:447", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "ANTBOX1-AS-AP,AS138995,c2,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:38", "1736098", "192.229.116.167:447", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "ANTBOX1-AS-AP,AS138995,c2,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:38", "1736099", "202.61.160.201:10086", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "AS152194,c2,CTGSERVERLIMITED-AS-AP,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:37", "1736086", "47.237.95.113:6524", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "ALIBABA-CN-NET,AS45102,c2,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:37", "1736087", "47.237.105.38:11223", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "ALIBABA-CN-NET,AS45102,c2,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:37", "1736088", "47.237.108.120:1000", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "ALIBABA-CN-NET,AS45102,c2,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:37", "1736089", "47.238.104.19:6666", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "ALIBABA-CN-NET,AS45102,c2,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:37", "1736090", "81.69.43.28:6767", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "AS45090,c2,Farfli,Gh0stRAT,RAT,TENCENT-NET-AP", "0", "DonPasci" "2026-01-23 10:33:37", "1736091", "137.220.152.136:5050", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "AS4907,BGPNETPTELTD-AS-AP,c2,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:37", "1736092", "137.220.155.75:6788", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "AS4907,BGPNETPTELTD-AS-AP,c2,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:36", "1736081", "8.222.204.62:2002", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "ALIBABA-CN-NET,AS45102,c2,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:36", "1736082", "27.124.20.229:5050", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "AS152194,c2,CTGSERVERLIMITED-AS-AP,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:36", "1736083", "43.106.25.77:5005", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "ALIBABA-CN-NET,AS45102,c2,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:36", "1736084", "45.207.199.73:10801", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "AS401696,c2,COGNETCLOUD,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:33:36", "1736085", "47.84.82.1:6666", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "False", "https://x.com/K_N1kolenko/status/2014636649502613816", "ALIBABA-CN-NET,AS45102,c2,Farfli,Gh0stRAT,RAT", "0", "DonPasci" "2026-01-23 10:13:49", "1736080", "94.159.113.32:80", "ip:port", "botnet_cc", "win.castleloader", "None", "CASTLELOADER", "", "100", "False", "https://any.run/cybersecurity-blog/castleloader-malware-analysis/", "anyrun,AS216234,c2,CASTLELOADER,SERVER-21-AS", "0", "DonPasci" "2026-01-23 09:56:31", "1736079", "104.193.195.196:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:43:18", "75", "False", "https://bazaar.abuse.ch/sample/15ee53d7416cb099f8c0805e4d8296b4f55fe10f2ad6a08a84d73091a8ab9a1c/", "remcos", "0", "abuse_ch" "2026-01-23 09:35:57", "1736078", "nameservers.us.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/bb8038a596128b0daa1c260d4d803c2435bad8df0ce4c458aa3d8b244d47fcf1/", "asyncrat", "0", "abuse_ch" "2026-01-23 09:35:54", "1736077", "jtb.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/bb8038a596128b0daa1c260d4d803c2435bad8df0ce4c458aa3d8b244d47fcf1/", "asyncrat", "0", "abuse_ch" "2026-01-23 09:35:51", "1736076", "getinone.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/bb8038a596128b0daa1c260d4d803c2435bad8df0ce4c458aa3d8b244d47fcf1/", "asyncrat", "0", "abuse_ch" "2026-01-23 09:35:49", "1736075", "dailyamarbangla.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/bb8038a596128b0daa1c260d4d803c2435bad8df0ce4c458aa3d8b244d47fcf1/", "asyncrat", "0", "abuse_ch" "2026-01-23 09:35:46", "1736074", "angles.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/bb8038a596128b0daa1c260d4d803c2435bad8df0ce4c458aa3d8b244d47fcf1/", "asyncrat", "0", "abuse_ch" "2026-01-23 09:30:54", "1736073", "sopwritersbangalore.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/bb8038a596128b0daa1c260d4d803c2435bad8df0ce4c458aa3d8b244d47fcf1/", "asyncrat", "0", "abuse_ch" "2026-01-23 09:30:46", "1736072", "investor.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/bb8038a596128b0daa1c260d4d803c2435bad8df0ce4c458aa3d8b244d47fcf1/", "asyncrat", "0", "abuse_ch" "2026-01-23 09:30:41", "1736071", "ecologistics.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/bb8038a596128b0daa1c260d4d803c2435bad8df0ce4c458aa3d8b244d47fcf1/", "asyncrat", "0", "abuse_ch" "2026-01-23 09:30:08", "1736070", "149.104.4.149:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://www.virustotal.com/gui/file/58bdb0db5bc79cc05dc80436d19293381c803334a12c921b65c2cc34e82f1e6b", "AS42960,c2,cobaltstrike,VH-GLOBAL,virustotal", "0", "DonPasci" "2026-01-23 09:25:01", "1736069", "update.kernel-update.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://www.virustotal.com/gui/file/58bdb0db5bc79cc05dc80436d19293381c803334a12c921b65c2cc34e82f1e6b", "c2,cobaltstrike,domain,virustotal", "0", "DonPasci" "2026-01-23 09:15:46", "1736068", "katieqlhello.ru.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/d0af519d6768c37dd91b94ed06f078ce39e3fa5b5c8a241cbd2f9cdd2d2e4c24/", "quasar", "0", "abuse_ch" "2026-01-23 09:15:44", "1736067", "gyp.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/d0af519d6768c37dd91b94ed06f078ce39e3fa5b5c8a241cbd2f9cdd2d2e4c24/", "quasar", "0", "abuse_ch" "2026-01-23 09:15:43", "1736066", "akon.za.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/d0af519d6768c37dd91b94ed06f078ce39e3fa5b5c8a241cbd2f9cdd2d2e4c24/", "quasar", "0", "abuse_ch" "2026-01-23 09:15:05", "1736065", "65.108.121.254:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:15:04", "1736058", "138.226.236.106:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:15:04", "1736059", "77.42.48.197:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:15:04", "1736060", "192.177.26.143:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:15:04", "1736061", "65.109.240.214:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:15:04", "1736062", "138.226.237.10:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:15:04", "1736063", "94.141.122.173:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:15:04", "1736064", "138.226.237.99:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:15:03", "1736057", "77.42.48.199:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:44", "1736053", "bos.sodstreams.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:44", "1736054", "bos.bexca.org", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:44", "1736055", "lat.sodstreams.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:44", "1736056", "lat.bexca.org", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:27", "1736051", "https://bos.sodstreams.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:27", "1736052", "https://bos.bexca.org/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:26", "1736044", "https://65.109.240.214/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:26", "1736045", "https://138.226.237.10/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:26", "1736046", "https://94.141.122.173/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:26", "1736047", "https://138.226.237.99/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:26", "1736048", "https://65.108.121.254/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:26", "1736049", "https://lat.sodstreams.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:26", "1736050", "https://lat.bexca.org/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:25", "1736040", "https://77.42.48.199/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:25", "1736041", "https://138.226.236.106/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:25", "1736042", "https://77.42.48.197/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:25", "1736043", "https://192.177.26.143/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:00:05", "1736039", "http://thammyvienanthea.com/bob1/Panel/five/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "False", "None", "Loki", "0", "abuse_ch" "2026-01-23 08:50:51", "1736037", "83.147.192.28:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-24 13:48:55", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-23 08:48:00", "1736035", "194.48.248.75:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-01-24 13:46:45", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-01-23 08:45:57", "1736034", "158.158.8.193:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-01-24 13:45:15", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-01-23 08:44:01", "1736033", "13.248.136.128:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-24 13:43:50", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-23 08:18:46", "1736032", "83.229.17.75:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/8e08b30860ab2a807039ac2d6546e8f9d21455f143ff12e63b34343b1d7bc397/", "BRA,geo", "0", "abuse_ch" "2026-01-23 08:18:22", "1736031", "https://coordenacao2026.writesthisblog.com/resdocb/receptor.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/8e08b30860ab2a807039ac2d6546e8f9d21455f143ff12e63b34343b1d7bc397/", "BRA,geo", "0", "abuse_ch" "2026-01-23 08:18:19", "1736030", "coordenacao2026.writesthisblog.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/8e08b30860ab2a807039ac2d6546e8f9d21455f143ff12e63b34343b1d7bc397/", "BRA,geo", "0", "abuse_ch" "2026-01-23 08:05:27", "1736029", "16.50.207.187:9600", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.50.207.187", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 08:05:26", "1736028", "51.44.182.195:10847", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.44.182.195", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 08:05:24", "1736027", "199.101.111.102:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.102", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 08:05:23", "1736026", "3.107.73.115:18899", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.107.73.115", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 08:05:22", "1736025", "13.238.253.157:23606", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.238.253.157", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 08:05:21", "1736023", "54.65.31.144:1962", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.65.31.144", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 08:05:21", "1736024", "43.204.19.30:19903", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.204.19.30", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 08:05:16", "1736022", "143.198.223.102:9090", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/143.198.223.102", "AS14061,C2,censys,DIGITALOCEAN-ASN,Nosviak,Panel", "0", "DonPasci" "2026-01-23 08:04:53", "1736021", "149.104.104.68:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-24 13:44:56", "100", "False", "https://search.censys.io/hosts/149.104.104.68", "AS138915,C2,censys,Havoc,KAOPU-HK", "0", "DonPasci" "2026-01-23 08:04:52", "1736020", "13.71.137.28:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-24 13:43:51", "100", "False", "https://search.censys.io/hosts/13.71.137.28", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2026-01-23 08:04:47", "1736019", "155.138.155.226:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-24 13:45:08", "100", "False", "https://search.censys.io/hosts/155.138.155.226", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci" "2026-01-23 08:04:42", "1736018", "185.11.61.139:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "https://search.censys.io/hosts/185.11.61.139", "AS57523,C2,censys,CHANGWAY-AS,RAT,Sectop", "0", "DonPasci" "2026-01-23 08:04:30", "1736017", "144.208.127.217:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-24 13:44:16", "100", "False", "https://search.censys.io/hosts/144.208.127.217", "AS395092,C2,censys,SHOCK-1,Sliver", "0", "DonPasci" "2026-01-23 08:04:25", "1736016", "45.148.102.208:22", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:47:57", "100", "False", "https://search.censys.io/hosts/45.148.102.208", "AS215540,C2,censys,GCS-AS,RAT,Remcos", "0", "DonPasci" "2026-01-23 08:04:24", "1736015", "176.65.151.219:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:46:10", "100", "False", "https://search.censys.io/hosts/176.65.151.219", "AS51396,C2,censys,PFCLOUD,RAT,Remcos", "0", "DonPasci" "2026-01-23 08:04:06", "1736014", "47.120.32.72:8075", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 13:52:07", "100", "False", "https://search.censys.io/hosts/47.120.32.72", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-01-23 08:04:03", "1736012", "106.54.40.209:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 13:49:50", "100", "False", "https://search.censys.io/hosts/106.54.40.209", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2026-01-23 08:04:03", "1736013", "47.97.31.229:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-23 11:00:07", "100", "False", "https://search.censys.io/hosts/47.97.31.229", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-01-23 08:04:02", "1736011", "64.89.163.189:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 07:09:13", "100", "False", "https://search.censys.io/hosts/64.89.163.189", "AS401626,C2,censys,CobaltStrike,cs-watermark-987654321,NETIFACE-TORONTO", "0", "DonPasci" "2026-01-23 08:02:00", "1735968", "http://195.178.136.19/1.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:04:42", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:59", "1735969", "http://195.178.136.19/2.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:04:46", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:59", "1735970", "http://195.178.136.19/3.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:04:50", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:59", "1735971", "http://195.178.136.19/4.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:04:54", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:58", "1735972", "http://195.178.136.19/5.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:04:57", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:58", "1735973", "http://195.178.136.19/6.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:02", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:57", "1735974", "http://195.178.136.19/7.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:06", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:57", "1735975", "http://195.178.136.19/8.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:10", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:56", "1735976", "http://195.178.136.19/9.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:15", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:56", "1735977", "http://195.178.136.19/10.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:19", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:56", "1735978", "http://195.178.136.19/11.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:22", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:55", "1735979", "http://195.178.136.19/12.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:26", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:55", "1735980", "http://195.178.136.19/13.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:31", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:54", "1735981", "http://195.178.136.19/14.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:36", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:54", "1735982", "http://195.178.136.19/15.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:40", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:53", "1735983", "http://195.178.136.19/16.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:46", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:52", "1735984", "http://195.178.136.19/17.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:50", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:52", "1735985", "http://195.178.136.19/18.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:54", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:51", "1735986", "http://195.178.136.19/19.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:05:59", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:51", "1735987", "http://195.178.136.19/20.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:02", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:50", "1735988", "http://195.178.136.19/21.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:06", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:50", "1735989", "http://195.178.136.19/22.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:10", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:49", "1735990", "http://195.178.136.19/23.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:13", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:49", "1735991", "http://195.178.136.19/24.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:18", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:48", "1735992", "http://195.178.136.19/25.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:22", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:48", "1735993", "http://195.178.136.19/26.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:26", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:47", "1735994", "http://195.178.136.19/27.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:29", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:47", "1735995", "http://195.178.136.19/28.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:32", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:46", "1735996", "http://195.178.136.19/29.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:36", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:46", "1735997", "http://195.178.136.19/30.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:40", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:46", "1735998", "http://195.178.136.19/31.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:43", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:45", "1735999", "http://195.178.136.19/33.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:46", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:44", "1736000", "http://195.178.136.19/34.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:50", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:44", "1736001", "http://195.178.136.19/35.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:53", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:43", "1736002", "http://195.178.136.19/36.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:06:57", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:43", "1736003", "http://195.178.136.19/37.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:07:01", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:42", "1736004", "http://195.178.136.19/38.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:07:05", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:40", "1735908", "45.156.87.65:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-23 23:00:27", "100", "False", "None", "c2,el,loader,StealC,stealer", "0", "Bitsight" "2026-01-23 08:01:40", "1735909", "94.103.1.30:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-23 23:00:28", "100", "False", "None", "1,c2,loader,StealC,stealer", "0", "Bitsight" "2026-01-23 08:01:40", "1735941", "https://trodatec.ch/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/trodatec.ch", "ClickFix", "0", "CarsonWilliams" "2026-01-23 08:01:37", "1736005", "http://195.178.136.19/39.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:07:09", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 08:01:37", "1736006", "http://195.178.136.19/40.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-24 14:07:12", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-23 07:56:58", "1736010", "108.160.131.147:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-01-23 07:56:28", "1736009", "119.3.156.32:90", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-01-23 07:56:26", "1736008", "111.230.9.108:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-01-23 07:15:15", "1736007", "http://196.251.107.23/04ca1421433e0038.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "None", "Steal", "0", "abuse_ch" "2026-01-23 06:04:53", "1735966", "uekkek2424242442.dynuddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260123-f8b5esby3f", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2026-01-23 06:04:15", "1735965", "130.12.182.225:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:43:53", "100", "False", "https://tria.ge/260123-b19y9scz4h", "C2,rat,remcos,triage", "0", "DonPasci" "2026-01-23 04:05:22", "1735963", "18.175.134.132:3389", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.175.134.132", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:22", "1735964", "18.175.134.132:4839", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.175.134.132", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:21", "1735961", "16.50.207.187:51200", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.50.207.187", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:21", "1735962", "16.50.207.187:60000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.50.207.187", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:20", "1735960", "16.50.207.187:7000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.50.207.187", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:19", "1735957", "13.126.136.91:5900", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.126.136.91", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:19", "1735958", "13.126.136.91:13450", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.126.136.91", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:19", "1735959", "199.101.111.54:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.54", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:18", "1735956", "199.101.111.31:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.31", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:17", "1735954", "98.130.136.223:44756", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/98.130.136.223", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:17", "1735955", "18.237.102.144:888", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.237.102.144", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:16", "1735952", "199.101.111.27:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.27", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:16", "1735953", "98.130.136.223:20256", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/98.130.136.223", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:15", "1735950", "199.101.111.112:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.112", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:15", "1735951", "199.101.111.73:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.73", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:05:14", "1735949", "199.101.111.65:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.65", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 04:04:43", "1735948", "108.187.4.207:4449", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2026-01-23 11:00:26", "100", "False", "https://search.censys.io/hosts/108.187.4.207", "ANTBOX1-AS-AP,AS138995,C2,censys,RAT,Venom", "0", "DonPasci" "2026-01-23 04:04:42", "1735947", "77.83.39.207:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-24 13:48:46", "100", "False", "https://search.censys.io/hosts/77.83.39.207", "AS214940,C2,censys,Havoc,KPRONET", "0", "DonPasci" "2026-01-23 04:04:39", "1735946", "152.53.95.33:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-24 13:45:00", "100", "False", "https://search.censys.io/hosts/152.53.95.33", "AS197540,C2,censys,Mythic,NETCUP-AS", "0", "DonPasci" "2026-01-23 04:04:33", "1735944", "158.94.210.253:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-24 13:45:21", "100", "False", "https://search.censys.io/hosts/158.94.210.253", "APIVERSA,AS214976,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2026-01-23 04:04:33", "1735945", "158.94.210.195:6006", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-24 13:45:20", "100", "False", "https://search.censys.io/hosts/158.94.210.195", "AS214943,AsyncRAT,C2,censys,RAILNET,RAT", "0", "DonPasci" "2026-01-23 04:04:20", "1735943", "45.83.31.52:1000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:48:04", "100", "False", "https://search.censys.io/hosts/45.83.31.52", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2026-01-23 04:04:19", "1735942", "130.12.182.226:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:43:53", "100", "False", "https://search.censys.io/hosts/130.12.182.226", "AS36680,C2,censys,NETIFACELLC,RAT,Remcos", "0", "DonPasci" "2026-01-23 02:50:45", "1735940", "47.104.172.191:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 13:51:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-23 00:45:42", "1735938", "106.54.34.252:6788", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/8499fd447499819f00745498b8f38d071906e6b5e5ccb49b1a3d6fc38834418d/", "valleyrat_s2", "0", "abuse_ch" "2026-01-23 00:45:42", "1735939", "106.54.34.252:6789", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/8499fd447499819f00745498b8f38d071906e6b5e5ccb49b1a3d6fc38834418d/", "valleyrat_s2", "0", "abuse_ch" "2026-01-23 00:40:07", "1735937", "106.54.34.252:6787", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-01-23 10:33:37", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-01-23 00:05:39", "1735936", "217.160.153.225:1337", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/217.160.153.225", "AS8560,C2,censys,IONOS-AS,Starkillerc2", "0", "DonPasci" "2026-01-23 00:05:34", "1735935", "51.20.115.188:50241", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.20.115.188", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:33", "1735934", "51.20.115.188:27891", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.20.115.188", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:32", "1735933", "54.151.5.51:50001", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.151.5.51", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:31", "1735932", "54.151.5.51:1201", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.151.5.51", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:30", "1735931", "15.160.233.170:44819", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.160.233.170", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:28", "1735930", "13.208.172.23:33092", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.208.172.23", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:27", "1735929", "13.38.45.1:32564", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.38.45.1", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:26", "1735928", "16.78.4.237:9999", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.78.4.237", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:25", "1735927", "108.136.249.172:587", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/108.136.249.172", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:24", "1735926", "3.148.178.54:20548", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.148.178.54", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:23", "1735925", "52.215.72.24:2004", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/52.215.72.24", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:22", "1735924", "35.94.55.48:39581", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.94.55.48", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-23 00:05:14", "1735923", "103.213.244.104:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "False", "https://search.censys.io/hosts/103.213.244.104", "AS49466,C2,censys,hacktool,Klayer,Mimikatz,open-dir", "0", "DonPasci" "2026-01-23 00:05:13", "1735922", "103.213.244.106:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "False", "https://search.censys.io/hosts/103.213.244.106", "AS49466,C2,censys,hacktool,Klayer,Mimikatz,open-dir", "0", "DonPasci" "2026-01-23 00:04:39", "1735921", "104.243.248.63:103", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-24 13:43:20", "100", "False", "https://search.censys.io/hosts/104.243.248.63", "AS3223,AsyncRAT,C2,censys,RAT,VOXILITY", "0", "DonPasci" "2026-01-23 00:04:28", "1735920", "155.94.144.226:9443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-24 13:45:09", "100", "False", "https://search.censys.io/hosts/155.94.144.226", "AS-COLOCROSSING,AS36352,C2,censys,Sliver", "0", "DonPasci" "2026-01-23 00:04:25", "1735919", "124.198.131.156:1234", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:43:46", "100", "False", "https://search.censys.io/hosts/124.198.131.156", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2026-01-22 23:15:50", "1735917", "185.241.208.150:62184", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/cf2d5628c3ccb4e3848477fe8002cf5620891465cc84407f70dabc2f6bd18ded/", "xworm", "0", "abuse_ch" "2026-01-22 23:15:50", "1735918", "31.57.219.210:62184", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/cf2d5628c3ccb4e3848477fe8002cf5620891465cc84407f70dabc2f6bd18ded/", "xworm", "0", "abuse_ch" "2026-01-22 23:15:49", "1735915", "151.241.154.12:62184", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/cf2d5628c3ccb4e3848477fe8002cf5620891465cc84407f70dabc2f6bd18ded/", "xworm", "0", "abuse_ch" "2026-01-22 23:15:49", "1735916", "185.100.157.186:62184", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/cf2d5628c3ccb4e3848477fe8002cf5620891465cc84407f70dabc2f6bd18ded/", "xworm", "0", "abuse_ch" "2026-01-22 23:15:48", "1735914", "151.241.154.109:62184", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/cf2d5628c3ccb4e3848477fe8002cf5620891465cc84407f70dabc2f6bd18ded/", "xworm", "0", "abuse_ch" "2026-01-22 23:01:04", "1735913", "13.213.78.225:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/13.213.78.225", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-22 23:00:29", "1735911", "192.253.245.199:7788", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-23 00:04:49", "100", "False", "https://search.censys.io/hosts/192.253.245.199", "AS3223,C2,censys,RAT,VOXILITY", "0", "dyingbreeds_" "2026-01-22 23:00:29", "1735912", "169.40.135.96:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-23 00:04:50", "100", "False", "https://search.censys.io/hosts/169.40.135.96", "AS209274,C2,censys,KRAKEN-NETWORK-ISP,RAT", "0", "dyingbreeds_" "2026-01-22 23:00:26", "1735910", "20.2.140.201:8080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-24 13:46:57", "100", "False", "https://search.censys.io/hosts/20.2.140.201", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "dyingbreeds_" "2026-01-22 23:00:18", "1735906", "45.94.31.119:8080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-24 13:48:06", "100", "False", "https://search.censys.io/hosts/45.94.31.119", "AS210558,C2,censys,RAT", "0", "dyingbreeds_" "2026-01-22 23:00:18", "1735907", "124.198.132.190:8080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-24 13:43:46", "100", "False", "https://search.censys.io/hosts/124.198.132.190", "AS210558,C2,censys,RAT", "0", "dyingbreeds_" "2026-01-22 23:00:10", "1735905", "104.223.57.30:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-23 00:04:03", "100", "False", "https://search.censys.io/hosts/104.223.57.30", "AS-COLOCROSSING,AS36352,C2,censys", "0", "dyingbreeds_" "2026-01-22 23:00:06", "1735904", "106.55.154.4:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-23 00:04:02", "100", "False", "https://search.censys.io/hosts/106.55.154.4", "AS45090,C2,censys", "0", "dyingbreeds_" "2026-01-22 22:55:01", "1735903", "185.170.154.101:80", "ip:port", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "100", "False", "https://urlhaus.abuse.ch/url/3761823/", "AS207957,c2,SERVHOST-AS,SmartLoader", "0", "DonPasci" "2026-01-22 22:54:22", "1735902", "http://185.170.154.101/api/YTAsODYsODIsOWQsYTEsODgsOTAsOTUsNjUsN2Qs", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "100", "False", "https://urlhaus.abuse.ch/url/3761823/", "AS207957,c2,SERVHOST-AS,smartloader", "0", "DonPasci" "2026-01-22 22:54:21", "1735899", "http://185.170.154.101/task/YTAsODYsODIsOWQsYTEsODgsOTAsOTUsNjUsN2Qs", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "100", "False", "https://urlhaus.abuse.ch/url/3761823/", "AS207957,c2,SERVHOST-AS,smartloader", "0", "DonPasci" "2026-01-22 22:54:21", "1735900", "http://185.170.154.101/task/YTAsODAsODAsYTIsYTAsODMsOGQsOTYsNjUsODIs", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "100", "False", "https://urlhaus.abuse.ch/url/3761823/", "AS207957,c2,SERVHOST-AS,smartloader", "0", "DonPasci" "2026-01-22 22:54:21", "1735901", "http://185.170.154.101/api/YTAsODAsODAsYTIsYTAsODMsOGQsOTYsNjUsODIs", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "100", "False", "https://urlhaus.abuse.ch/url/3761823/", "AS207957,c2,SERVHOST-AS,smartloader", "0", "DonPasci" "2026-01-22 22:48:16", "1735898", "144.31.219.15:80", "ip:port", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "100", "False", "https://tria.ge/260122-pzs61sf19c", "AS207957,c2,SERVHOST-AS,SmartLoader,triage", "0", "DonPasci" "2026-01-22 22:46:27", "1735897", "178.17.59.1:80", "ip:port", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "100", "False", "https://tria.ge/260122-pzs61sf19c", "AS213702,c2,QWINS-LTD,smartloader,triage", "0", "DonPasci" "2026-01-22 22:45:32", "1735895", "http://178.17.59.1/api/NTEsN2QsN2UsNTgsNWIsNjAsNjIsNjcsYyw3OSw=", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "100", "False", "https://tria.ge/260122-pzs61sf19c", "AS213702,c2,QWINS-LTD,smartloader,triage", "0", "DonPasci" "2026-01-22 22:45:32", "1735896", "http://178.17.59.1/task/NTEsN2QsN2UsNTgsNWIsNjAsNjIsNjcsYyw3OSw=", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "100", "False", "https://tria.ge/260122-pzs61sf19c", "AS213702,c2,QWINS-LTD,smartloader,triage", "0", "DonPasci" "2026-01-22 22:38:39", "1735892", "185.196.11.174:56001", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://www.vmray.com/analyses/_mb/853cdac85698/report/overview.html", "AS42624,AsyncRAT,c2,rat,SWISSNETWORK02", "0", "DonPasci" "2026-01-22 22:38:39", "1735893", "185.196.11.174:56002", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://www.vmray.com/analyses/_mb/853cdac85698/report/overview.html", "AS42624,AsyncRAT,c2,rat,SWISSNETWORK02", "0", "DonPasci" "2026-01-22 22:38:39", "1735894", "185.196.11.174:56003", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://www.vmray.com/analyses/_mb/853cdac85698/report/overview.html", "AS42624,AsyncRAT,c2,rat,SWISSNETWORK02", "0", "DonPasci" "2026-01-22 22:38:15", "1735891", "https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/sim-ws-dlt-xchg/repl-rt-msh", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-22 22:29:26", "1735890", "38.45.126.243:1527", "ip:port", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "", "100", "False", "https://www.vmray.com/analyses/_mb/e31d446c7b1f/report/overview.html", "AS9294,c2,donut,GNETINC-AS-AP,vmray", "0", "DonPasci" "2026-01-22 21:53:59", "1735889", "fd2b4c07f7e3b4a99ad4a459fc5cb728", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:58", "1735886", "365062334429339b5aa3610d7aa69552", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:58", "1735887", "6e4abc36df8df04ffeef094284cb12482fbb6859", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:58", "1735888", "0aa70a7c57774e6db280a45b4d4b27cb109e6b9d01191e4742644bbeffcc8e14", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:57", "1735883", "0ff8bd1f1ca84b2483307286ab529da9", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:57", "1735884", "321d077348140dd7967ce6d0832bab582dce3990", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:57", "1735885", "57b20a754a8bc0d551bbcf7d94e4767f0bb29c1e3996301d2a92cd9f309d7bfc", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:56", "1735880", "de9bd25b8185a04ba6ac06b66b168294", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:56", "1735881", "9052e20e412415fc8f4bcee00226ac9c44d49355", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:56", "1735882", "26d6053c28e6d07e8be6f160fab2334b8339f23cafe1b35e524e1add0acee6b4", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:55", "1735876", "7f93c05e8f0a7c6c4e6ee7f82da40e66e9aa2191ad87da82da2b0c478a6dac97", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:55", "1735877", "6c856327dcb9f8c341c601867b1622c5", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:55", "1735878", "14cba04971ad2398c24e3d940744df6ada2eff3f", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:55", "1735879", "5820d023c0c382b11e17661f8e293792ffb86aa2f54da2cb120e93652c0e4639", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:54", "1735872", "35aed0a1ed99a57c637aa75c61a50bab12723ef8", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:54", "1735873", "31b81ea20ff83ca54ec0d7091722edf40cb2066170e1e7208b0cdb30a4a11d3c", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:54", "1735874", "cc729b30c34c7e3573b8b71b99fb72b0", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:54", "1735875", "400aaf77497d3e4fc6fc347ac8e8df83367600c5", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:53", "1735869", "12c8be199a17e63cafa011a1b3ad0bd55dbd73bc", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:53", "1735870", "6fbd0154cf0a5604efe36e6c9007890f01fe6fae45593d132f3a0f79b2f0629d", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:53", "1735871", "723063e6026c2fcf86dc61f5a399d329", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:52", "1735866", "42ef6983422db1622163e8866aac18856405bac8", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:52", "1735867", "172acccc72c8f76ceb8cd40715399a6f5d318be3002c163e58e9843e891bbe7a", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:52", "1735868", "5d6bd66a425dd270e72e63c6d150443c", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:51", "1735863", "4811f317e933d13961b9cc8b38d41d4fae67dcc5", "sha1_hash", "payload", "win.pony", "Siplog,Fareit", "Pony", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:51", "1735864", "9db343a12b7b22ba7feca33019a437067f96e03a2695f574a97f446f7dc2883b", "sha256_hash", "payload", "win.pony", "Siplog,Fareit", "Pony", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:51", "1735865", "203dd619f92192331f488854ccde6178", "md5_hash", "payload", "win.pony", "Siplog,Fareit", "Pony", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:50", "1735860", "3e3f194ee146b5b80096d5585f5f9952a024525b", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:50", "1735861", "18ee62de034b56b4677552f8fbcda0ba114c25c40f161b1cfa4190697c3e2293", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:50", "1735862", "5f90e8bef55bb6c67a0900eb5e3f610e", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:49", "1735857", "e79ec5ba0180607cf5910b2ce43ee60099f6bd42", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:49", "1735858", "91abbc169238db3e8f6f642b65db21d8bab01ca97152f02047305367adab7e8f", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:49", "1735859", "4212832505c40663f887c6197d19c2f8", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:48", "1735853", "1a92e729703b09b11c39fff4055c3a09", "md5_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:48", "1735854", "5619d28bd7f52b0ce734fed93d725b453fe7a4aa", "sha1_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:48", "1735855", "e31d446c7b1f28b034ba1cdf43522c598ab670f8a706a048b4be68bdb2492487", "sha256_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:48", "1735856", "baafddfda8404d2dbfcc8ac31a02af74", "md5_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:47", "1735850", "c4653e35b11836efdd273d8661b3ad94", "md5_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:47", "1735851", "9808fd6af43c4701a787be7a2af7da674a12ddd8", "sha1_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:47", "1735852", "fbc833ef1bf410be08f2417f2d43861dad03dfa5fbd71725bb5b6182c2a5d84c", "sha256_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:46", "1735847", "f6635370c0a061fac52195483429c315", "md5_hash", "payload", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:46", "1735848", "55d0eea3cbedb598cfad1a0d12e9132e2157d58a", "sha1_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:46", "1735849", "0cf835c68e0c403c42b3670e057f0852417b603a03ba328735d3371ccd33b97d", "sha256_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:45", "1735843", "fbc4b5fe44d01965b49265049ba90407f1dceb5c2a7339ab01be1f8339dbe0bb", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:45", "1735844", "987fded6c678044ab8277c04d9555e14", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:45", "1735845", "24cfac5e5c61411984a61f57c36f32c0b7b8355e", "sha1_hash", "payload", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:45", "1735846", "f0028efaa06d984d290f6b6f5bda3efc6be6ac3a86d1a171b61bc6d9ec53ebda", "sha256_hash", "payload", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:44", "1735840", "fab4ca3ede799d517a068e70df2118b6a62a54710ecc7ab0c90ea4c039604ef1", "sha256_hash", "payload", "win.redenergy_stealer", "None", "RedEnergy Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:44", "1735841", "85eb41510e60350f6c9d42576964ffd4", "md5_hash", "payload", "win.redenergy_stealer", "None", "RedEnergy Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:44", "1735842", "944cb5f1bd3d5094287674ff989cc7b96dccceab", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:43", "1735836", "58397235a4940a395744edf64cd66ac55069e668", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:43", "1735837", "a5f0289825409d89743cc64f0b4a67ffa8f5166a5576ed44724e96a54c9e4465", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:43", "1735838", "cce695285866b9ce840cbecdff1a8995", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:43", "1735839", "d236ec49c02d826328ad64fd36da30a6c1196ecd", "sha1_hash", "payload", "win.redenergy_stealer", "None", "RedEnergy Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:42", "1735833", "850dc4785f2d7f13ac67a7daecc13d26d15dc4e2", "sha1_hash", "payload", "win.expiro", "Xpiro", "Expiro", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:42", "1735834", "2986b0bd4774daf7ffbfa4f6fd239a3842e98c5774ea14ebf4726a4f8fca2a30", "sha256_hash", "payload", "win.expiro", "Xpiro", "Expiro", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:42", "1735835", "13aecf3495cd078b778749de67f4b30b", "md5_hash", "payload", "win.expiro", "Xpiro", "Expiro", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:41", "1735830", "ab429d6eb1bde02163bb18fc21f961656ceddde9", "sha1_hash", "payload", "win.attor", "None", "Attor", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:41", "1735831", "6e9be805bfd18c93b604e731b0c2b366e246368947b71c695e5b19d0a78913c3", "sha256_hash", "payload", "win.attor", "None", "Attor", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:41", "1735832", "1158732b09c452dfc91b2715fb0093c7", "md5_hash", "payload", "win.attor", "None", "Attor", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:40", "1735827", "478263c69881f40778abe8758241c50b7d4e4946", "sha1_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:40", "1735828", "16c822c938c5cb6be806a6c6cfc9567d0dd6a16c1de166e2b95c3189a874d7b3", "sha256_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:40", "1735829", "e3fb55091ccb2aea5d448fc9f3f50859", "md5_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:39", "1735823", "fc74c469d8aeffd702c12d9a9d02876f", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:39", "1735824", "b2ab7e371836a0ca427a47e3ab956c6a4611f3ae", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:39", "1735825", "799fda3ecc1dd25a3100b87ab8b41678a32ac761ecf75f59167eb77f91e0a3a1", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:39", "1735826", "b4336b206409550d78e0029065cdcc75", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:38", "1735819", "b79268daae3fcb3b75bdb26c6dd2d2224626369a32469b22c5f36b8bd0fe9f04", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:38", "1735820", "8a75dc4bd62b64ea987d8dc8b4a46a10", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:38", "1735821", "a63ed7b7cff302d25db4dee2bb02d58ec3595ba5", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:38", "1735822", "6a0f4ea2f4ba62e63cc8abac633ccefc97068eb2639eb9cfae6b26cfde7be1bf", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:37", "1735816", "ea8c94c322bfcb950b6ed1e672819b930feff110eb33ff0bb8d00a8977757e3e", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:37", "1735817", "4eaf0516cbf78a31a9bbe63abf3688df", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:37", "1735818", "7fe25bbdd181699de65ba21de2830c500d90eb1e", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:36", "1735813", "9b7023ed9d783bf33aa0178b91f82c2e6e7d69cd5db878845171fde65481bb4b", "sha256_hash", "payload", "win.darkvision_rat", "None", "DarkVision RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:36", "1735814", "4cea87712364bcc12b941d51ca1b3be1", "md5_hash", "payload", "win.darkvision_rat", "None", "DarkVision RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:36", "1735815", "18f98a57f49930dd84341a1d5babeb10aa5509ea", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:35", "1735809", "8241329b15d58720c572b97464fa6d4dd0a2797b", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:35", "1735810", "1806a422212cd1992fa72df78873755c35675b332599f9a7dfd0103711c2d062", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:35", "1735811", "01fe9ec52001743d53b7b82b685b1801", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:35", "1735812", "6b88782888bc1eb27ce39b9d449b6c099e3aa4ae", "sha1_hash", "payload", "win.darkvision_rat", "None", "DarkVision RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:34", "1735806", "ddf2fd60cbdc8cd74ce8dfae115444626e9fb513", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:34", "1735807", "be4f76750d5b734d49678c2df15bd8268259475ced28808ba16c32270a863dc2", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:34", "1735808", "081ee44c6b94f15d7eb6bb783ff283ad", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:33", "1735803", "6a383b158bce0eaba53e078ef65d1c5aa951903f", "sha1_hash", "payload", "win.darkvision_rat", "None", "DarkVision RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:33", "1735804", "eda7a5216e8eba7d8648d7160bf64a09f142cdb24163649693d0347f74a65757", "sha256_hash", "payload", "win.darkvision_rat", "None", "DarkVision RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:33", "1735805", "0d1b251406af24179e5210d168ada9f8", "md5_hash", "payload", "win.darkvision_rat", "None", "DarkVision RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:32", "1735801", "de6caea35f51991b3ac5a7e5ef82e81f05323e2ca02ed16a861701efaf96a1c6", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:32", "1735802", "d871692ba9b68a8c564b650407919c4d", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:31", "1735798", "c5180f2a0b432dc5fd66aed6d4a8d21062fc6db1419adfba5ac907752ef5133f", "sha256_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:31", "1735799", "1d28cd3104227d122c5a3cff75052ed2", "md5_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:31", "1735800", "905d822f6dd6a5bb9f10ce75563558c107e55d85", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:30", "1735794", "912424f38a516670ad1fb5ea0ad41797030538d0", "sha1_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:30", "1735795", "c18b18b0f0a2927896b858bbaf4fd3781287f4bb493b961dc4dc5b51985e19a5", "sha256_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:30", "1735796", "b49677c0152004f52deb9f603d87d18d", "md5_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:30", "1735797", "6f2e6cbc4e2bae38fc8388495778bf31956e1651", "sha1_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:29", "1735791", "1bcf9d9f1523d3d6854323377b02da9a5234b5a0", "sha1_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:29", "1735792", "43e0b148810e477e6a4a41040b8425a060f3c197c65c772eb830a77adeef3a69", "sha256_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:29", "1735793", "fa0a034efd475abbb5422d202310193c", "md5_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:28", "1735788", "59d1cd7f5c0db4e198925d9f892f9d09ce6bf6b8", "sha1_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:28", "1735789", "01d43a963b470c78d91382de1f0b6d76c278f9e70a4e0057b636217fd7f3de87", "sha256_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:28", "1735790", "cd5dbbc7e14897ccd1fad1b4d21a0b9f", "md5_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:27", "1735784", "a3d346e9dbdc4ca5092746a4c583bfec", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:27", "1735785", "90f721156fd3343f0123517b548e474b257105b9", "sha1_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:27", "1735786", "080fbc741ab518a53f82dd002c77ed68cdc2bad0377afef8ee1435e2a2803b6c", "sha256_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:27", "1735787", "5846e2e356dbc36741db509380af6a42", "md5_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:26", "1735781", "97e189c6dd9196fa7a6893190d6d8b93", "md5_hash", "payload", "win.arkei_stealer", "ArkeiStealer", "Arkei Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:26", "1735782", "14d703a55d2d07a9bfa938cf985ea2976e8a6970", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:26", "1735783", "3b74f2bc2c5f52c9c6d9a4ccec72a5dc9ff7a1676c17483c1b734d91ff06a2f5", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:25", "1735778", "bbef5e097987e72a2da600021bb9053b", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:25", "1735779", "99ab4fe1d3adbcc796e24ddba8fb3151b4bebc62", "sha1_hash", "payload", "win.arkei_stealer", "ArkeiStealer", "Arkei Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:25", "1735780", "f25b1cd9c5238d2ff6bc478690171d156276685d9bc1f53ca260b9e07d589c20", "sha256_hash", "payload", "win.arkei_stealer", "ArkeiStealer", "Arkei Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:24", "1735774", "71090a6478f4eb6ac24f138a6401c848245ee9388fdf33abdf0ef29377200b66", "sha256_hash", "payload", "win.swaet_rat", "None", "SwaetRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:24", "1735775", "1dd23c68683eeb956d043c338668534c", "md5_hash", "payload", "win.swaet_rat", "None", "SwaetRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:24", "1735776", "dccaa5935d14ab1948cef489e2a3f3a7564a25d4", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:24", "1735777", "5d9d38fc6078247e95656f42369af5ffde457b4bab83679e860776ca26378576", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:23", "1735771", "df1725526b23e3ddb09667fe5d9a519d704f536e5a7b701029f58b00097dcab2", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:23", "1735772", "46788513abe0249be6e91828315aeb09", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:23", "1735773", "89c2ca910fa965f092cbf30b1ba7a6505fc489f7", "sha1_hash", "payload", "win.swaet_rat", "None", "SwaetRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:22", "1735768", "1fb81b5e9302ca9950e4d36a87a1cc777f347f23a3c268a3b27ec5f854273b6d", "sha256_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:22", "1735769", "fdc270157952234186a9f2bdd4a9a956", "md5_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:22", "1735770", "78313c13b49a9f52bd56c3e6f44f758a6cdba4c0", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:21", "1735764", "b2ec2eb001918585903d4401dba2432ebc7bd3aa", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:21", "1735765", "fc6fb83b3816de43439cff9fa9aeb7aa9091c6407e80ff9d6e50bffc900ef6bc", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:21", "1735766", "642d0b10fd04b51b60662a9a902025c7", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:21", "1735767", "22f9a4f04623d2dd62b3cbe78b4d0db9cc377bb4", "sha1_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:20", "1735761", "770a9c976421c4621b67d6c2e6e268c1aaed9625", "sha1_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:20", "1735762", "9342a1d80f5482e905cf7448c904cdf21305432bf86893f7e1ccf297baf13c9c", "sha256_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:20", "1735763", "ec770eb4775c2b8037c2fb15e0b63670", "md5_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:19", "1735758", "c09e8097c687837029aa48419dee5bf3cfb601da", "sha1_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:19", "1735759", "0eb819388cdb11fd868c5941e41d8bb61923c10aa8114ec797e7c37c6c458ec5", "sha256_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:19", "1735760", "7eef63a52a32fa3dcb03154de03573a5", "md5_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:18", "1735754", "cde0775cac845f31932312622ba906e1", "md5_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:18", "1735755", "60b6e102b3327d73e552e924c1969cabb3277dc1", "sha1_hash", "payload", "win.deltastealer", "None", "DeltaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:18", "1735756", "c91a51dc0199e2a010e0cc2d26e8477485f2ec8b79cb45fb3e9a5f47519b6b1e", "sha256_hash", "payload", "win.deltastealer", "None", "DeltaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:18", "1735757", "5364f71675abf2bd4fde9747d6b3ea5f", "md5_hash", "payload", "win.deltastealer", "None", "DeltaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:17", "1735750", "158764b66a1c4159156649f8d04aa389fb31b06ad7826e5392422711c132cfd2", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:17", "1735751", "ef621dc84fe1feaf83a01519fec30ec3", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:17", "1735752", "b7bea364a5e4e9a89d2563095890532e7deacbdd", "sha1_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:17", "1735753", "317953bd939a2f705495f952b95aa1ba4ee3cd59d19ad53460c3c8b1dec3a0bc", "sha256_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:16", "1735748", "5fa251ce06de7db855473795ca470093", "md5_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:16", "1735749", "d2aa8aae69b257cc1be6b0e8f0f5b07c598a5bd7", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:15", "1735746", "cf29c561cbd03a16b435995f5cfe90407e6acc53", "sha1_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:53:15", "1735747", "b93909338a17e640f4fee04b3b995562d29d02de5e9aeab2d7b69ea9a31b5e03", "sha256_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-22 21:34:15", "1735745", "https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/29vfkuc8uq", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-22 21:32:42", "1735744", "http://64.188.98.20/api/YTAsODAsODAsYTIsYTAsODMsOGQsOTYsNjUsODIs", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "100", "False", "https://tria.ge/260122-z5q9qafw5a/", "AS207957,c2,SERVHOST-AS,smartloader,triage", "0", "DonPasci" "2026-01-22 21:26:18", "1735743", "64.188.98.20:80", "ip:port", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "100", "False", "https://tria.ge/260122-z5q9qafw5a", "AS207957,c2,SERVHOST-AS,SmartLoader,triage", "0", "DonPasci" "2026-01-22 20:59:29", "1735740", "bnli8khzo.localto.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260122-xqek9sdv2g", "C2,domain,nanocore,rat,triage", "0", "DonPasci" "2026-01-22 20:59:29", "1735741", "172.59.191.252:8080", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260122-w81e1scx7f", "AS21928,C2,nanocore,rat,T-MOBILE-AS21928,triage", "0", "DonPasci" "2026-01-22 20:59:29", "1735742", "172.59.191.252:80", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260122-w6g6nacw6a", "AS21928,C2,nanocore,rat,T-MOBILE-AS21928,triage", "0", "DonPasci" "2026-01-22 20:58:35", "1735738", "gxmbkcpvv.localto.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-22 20:58:35", "100", "False", "https://tria.ge/260122-yhplyaev2h", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2026-01-22 20:58:35", "1735739", "88.124.81.211:49153", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260122-xr4xjsdv6b", "AS12322,asyncrat,C2,PROXAD,rat,triage", "0", "DonPasci" "2026-01-22 20:58:34", "1735737", "13.53.159.33:1337", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260122-ylyn1sev7a", "AMAZON-02,AS16509,asyncrat,C2,rat,triage", "0", "DonPasci" "2026-01-22 20:58:26", "1735736", "216.9.224.26:51010", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260122-w2evqsby5a", "AS44382,C2,rat,remcos,triage", "0", "DonPasci" "2026-01-22 20:58:18", "1735735", "scamkiller.loseyourip.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260122-wn7zcsay3a", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-22 20:58:17", "1735732", "nightkill3r.publicvm.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260122-w9kqyscx9c", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-22 20:58:17", "1735733", "zesir-44796.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260122-w7xbzacx4c", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-22 20:58:17", "1735734", "foranother1337.publicvm.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260122-w5a1yscv2g", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-22 20:58:16", "1735731", "91.219.236.237:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260122-xt3ghadw3a", "AS56322,C2,triage,xworm", "0", "DonPasci" "2026-01-22 20:56:16", "1735730", "118.107.29.135:5178", "ip:port", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "", "100", "False", "https://tria.ge/260122-tw47bsfw8g", "AS152194,c2,CTGSERVERLIMITED-AS-AP,donut,triage", "0", "DonPasci" "2026-01-22 20:50:25", "1735729", "27.124.43.115:5178", "ip:port", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "", "100", "False", "https://tria.ge/reports/260122-twhnbsfw6h/", "AS152194,c2,CTGSERVERLIMITED-AS-AP,donut,triage", "0", "DonPasci" "2026-01-22 20:40:09", "1735728", "129.226.135.232:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-01-22 20:16:15", "1735723", "communi.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-24 13:30:07", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-22 20:16:15", "1735724", "gibelohc.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-24 13:30:07", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-22 20:16:15", "1735725", "regreso.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-24 13:30:07", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-22 20:16:15", "1735726", "epicenf.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-24 13:30:07", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-22 20:16:15", "1735727", "yarddrq.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-24 13:30:07", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-22 20:10:52", "1735722", "204.10.160.190:7003", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/2310a8c9c8c8d27053e63afc6ab66e1b2143e36c9e347368850eab5ba7b9dacf/", "xworm", "0", "abuse_ch" "2026-01-22 20:05:23", "1735721", "47.92.204.208:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/47.92.204.208", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,open-dir", "0", "DonPasci" "2026-01-22 20:05:21", "1735719", "18.144.49.159:5222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.144.49.159", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:21", "1735720", "18.144.49.159:22822", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.144.49.159", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:20", "1735718", "108.136.248.198:43516", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/108.136.248.198", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:19", "1735715", "51.34.126.94:3390", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.34.126.94", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:19", "1735716", "15.223.70.81:102", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.223.70.81", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:19", "1735717", "15.223.70.81:6002", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.223.70.81", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:18", "1735713", "51.20.66.173:5902", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.20.66.173", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:18", "1735714", "51.112.43.127:9201", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.112.43.127", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:17", "1735711", "18.162.190.213:3299", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.162.190.213", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:17", "1735712", "18.162.190.213:9999", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.162.190.213", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:16", "1735708", "18.170.33.45:6443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.170.33.45", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:16", "1735709", "18.170.33.45:15443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.170.33.45", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:16", "1735710", "35.152.135.144:18591", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.152.135.144", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:15", "1735706", "15.168.14.98:43", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.168.14.98", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:15", "1735707", "43.199.144.50:5902", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.199.144.50", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:14", "1735703", "43.205.96.101:18244", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.205.96.101", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:14", "1735704", "54.221.111.221:2448", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.221.111.221", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:14", "1735705", "52.15.104.72:8084", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/52.15.104.72", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:13", "1735702", "45.244.140.213:4444", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/45.244.140.213", "AS24863,C2,censys,hacktool,LINKdotNET-AS,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 20:05:00", "1735701", "161.97.67.39:1337", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "False", "https://search.censys.io/hosts/161.97.67.39", "AS51167,C2,censys,CONTABO,Gafgyt", "0", "DonPasci" "2026-01-22 20:04:43", "1735700", "197.134.50.84:8080", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-01-22 23:00:25", "100", "False", "https://search.censys.io/hosts/197.134.50.84", "AS24835,C2,censys,Quasar,RAT,RAYA-AS", "0", "DonPasci" "2026-01-22 20:04:40", "1735699", "34.151.249.253:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-24 13:47:36", "100", "False", "https://search.censys.io/hosts/34.151.249.253", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Mythic", "0", "DonPasci" "2026-01-22 20:04:34", "1735698", "43.159.49.132:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:16", "100", "False", "https://search.censys.io/hosts/43.159.49.132", "AS132203,C2,censys,Supershell,TENCENT-NET-AP-CN", "0", "DonPasci" "2026-01-22 20:04:21", "1735696", "31.220.97.227:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:47:35", "100", "False", "https://search.censys.io/hosts/31.220.97.227", "AS40021,C2,censys,CONTABO-40021,RAT,Remcos", "0", "DonPasci" "2026-01-22 20:04:21", "1735697", "158.94.211.18:5902", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-24 13:45:21", "100", "False", "https://search.censys.io/hosts/158.94.211.18", "AS202412,C2,censys,OMEGATECH-AS,RAT,Remcos", "0", "DonPasci" "2026-01-22 20:03:59", "1735694", "8.210.125.140:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 13:52:28", "100", "False", "https://search.censys.io/hosts/8.210.125.140", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-01-22 20:03:59", "1735695", "47.83.249.18:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 13:52:13", "100", "False", "https://search.censys.io/hosts/47.83.249.18", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-01-22 20:02:37", "1735693", "31.172.80.212:80", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "100", "False", "https://www.joesandbox.com/analysis/1803691/0/iochtml", "AS214036,c2,joesandbox,Orcus,RAT,ULTAHOST-AS", "0", "DonPasci" "2026-01-22 18:59:15", "1735585", "55gqddfwtzfcuxwgoz746tas2djoiai4lbjvc36kq55prehyvedee3qd.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:14", "1735584", "yqiaekirp7n7fkp3bwx2nfxm6zohhaa3ct5xvdqsxsanxqqwoyltb6id.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:13", "1735586", "6lrsxvqscxtznb4fhux5u3vbslbanxjzxzgtokjtfwaitxe4pfgfebad.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:13", "1735587", "4fklgnaegkdpfgaa3rxr3x4xujq4yi6dcuumxikrquzar2m3meiqxwad.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:13", "1735588", "zvdlza5tjyl33mbx4k7w7t25ve6e5c3ve3nmfwqlygl6ww6s4lmsu4ad.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:12", "1735589", "7o4vytbuk42nuucim5idwgsg3zqkocpllqpykmrdk6zvs75ne7iwgmad.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:12", "1735590", "nxarphaf35qp2uuosaq54m3a2s5kt4svpcv56mvz6r7xy6na7uo5ypyd.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:12", "1735591", "bxi2cepk57dy3uhgwqd6dri6jtuqe7btay225rn6xkvvgnp2cvjvowqd.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:11", "1735593", "wjwbqeuni4zslbm4cduvo7uwyo653k4gdx2x4irj4zkrwyerksdcxryd.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:10", "1735592", "2idvzxbwvzbxhuniw7kfaimcvtqazmn7nmuw7codg65cshwwsvnpz7id.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:10", "1735594", "whdoefodpz4jjpwr5imipdntkh6kdbjazhx2zvdhcbmrtuxs6f3iwnid.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:09", "1735595", "6stzturcvnli6ilm6f6vweiymchi6lboc62u7ive2q7hn5hbbbauvgid.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:08", "1735596", "6blfnoe24tfpal2kmacphkjmzph3oghjdznsgkf23lmvjqbtgrmedpid.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:08", "1735597", "5xmd7pwpk4flmz5o2hbyndpkles5klmwbpxbw4jitzjnbhn4wkdktvad.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:07", "1735601", "jzl4bylm4bng2zgmeqw3lx6bcbxzb2hulicxneuosq26sshnitrcvcad.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:06", "1735598", "vkl3xfkp2vtpdzk7ohock3w2oiwwtvgnwbwvurrqafh5nhw23h43dbid.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:06", "1735599", "awrfq7pjydfp3hwbsun6ltxrrzths5ztgxj7i7ybx7twjrdvzvxkgwad.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:05", "1735600", "z4tonbkjybcllsvd45smpkqkk5uaspmlnvmysrkxt37wuudijvp7k2id.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:05", "1735602", "2u6njk55okdxvrup5feu3wbhyxvlqla7yuj2oz3xkzz27yzc66vcirqd.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:03", "1735604", "67hvtslok5a4cwjxfmidbgbunsvckypf2dwkpxg3y2sabar5b4jidmyd.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:03", "1735605", "hzyp7n436ecwo73xvrgnf5wmbjewszwut4h6vz4fu6f2oqd5zfcd7sad.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:03", "1735606", "6a5ib4udgwlkyl3zzeyenedcb7d33j2vq7egpqykr5457uiskeu6zjad.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:02", "1735603", "sqnnhgqr4iiwnkaih6vspyxmebz2vvjv3uybmjdynw6sne5plilunhyd.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:59:01", "1735607", "h4x3ic7ojxau5nxb2sr37spsgfkxywrs3gxls3aakqw6jkki7nlzwwqd.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:57", "1735608", "44yr5rtuool2sewjjmuyhdszvf4jqx5ayr3t2u662lwzayldrjd55bqd.onion", "domain", "botnet_cc", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:57", "1735609", "f32c61ebde695d06cd1764c58f209d60", "md5_hash", "payload", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:56", "1735610", "d5aa41e1c40dd5fea93db920292829ba", "md5_hash", "payload", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:56", "1735611", "e2117bc07b94af5db09d1e8139b9774a", "md5_hash", "payload", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:54", "1735612", "a90c3969bcd05e191205da92fd43c88f", "md5_hash", "payload", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:53", "1735613", "67bc6e3b82515dffeb04328c7f8a1322", "md5_hash", "payload", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:52", "1735614", "97c636d3ec31cd21e118284c4c92e5bb", "md5_hash", "payload", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:52", "1735615", "ad61b949f2c3d8a8936305da847f2ab6", "md5_hash", "payload", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:51", "1735616", "150a0d59b5c6e86985b3315e1aaa103e", "md5_hash", "payload", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:51", "1735618", "3139c8e0d0dd9683ebfecdb2e4f1b6bb", "md5_hash", "payload", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:50", "1735617", "1b637a43abca552acaee11c01913db18", "md5_hash", "payload", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:48", "1735619", "a9297a8acbee74ba0169333ee38be2ef", "md5_hash", "payload", "win.nitrogen_ransomware", "None", "Nitrogen Ransomware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Nitrogen%20Ransomware", "nitrogen,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:42", "1735665", "https://flautister.com/handler/session-component.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115939610602992157", "SmartApeSG", "0", "monitorsg" "2026-01-22 18:58:41", "1735666", "flautister.com", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-22 16:07:47", "100", "True", "https://infosec.exchange/@monitorsg/115939610602992157", "SmartApeSG", "0", "monitorsg" "2026-01-22 18:58:41", "1735667", "https://flautister.com/handler/auth-controller.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115939610602992157", "SmartApeSG", "0", "monitorsg" "2026-01-22 18:58:39", "1735668", "http://98.142.251.63/con", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115939610602992157", "SmartApeSG", "0", "monitorsg" "2026-01-22 18:58:38", "1735669", "https://oilporter.com/con", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115939610602992157", "SmartApeSG", "0", "monitorsg" "2026-01-22 18:58:35", "1735670", "https://98.142.251.63/currency", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/115939610602992157", "SmartApeSG", "0", "monitorsg" "2026-01-22 18:58:35", "1735671", "352ae8c2dff6e401fb14f86d702a06fa", "md5_hash", "payload", "win.dragonforce", "None", "DragonForce", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/DragonForce%20Ransomware", "dragonforce,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:34", "1735672", "0014e18b7e72bbabd17a8e39c9448563", "md5_hash", "payload", "win.dragonforce", "None", "DragonForce", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/DragonForce%20Ransomware", "dragonforce,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:33", "1735673", "96110d9369bdc35ddc1ed8844a0b076f", "md5_hash", "payload", "win.dragonforce", "None", "DragonForce", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/DragonForce%20Ransomware", "dragonforce,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:32", "1735674", "a0524bf02968db6eae5081b9ab92af31", "md5_hash", "payload", "win.dragonforce", "None", "DragonForce", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/DragonForce%20Ransomware", "dragonforce,ransomware", "0", "TheRavenFile" "2026-01-22 18:58:32", "1735675", "e1d4fef47f5b8057d275fcd67b37b139", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Weaxor%20Ransomware", "ransomware,weaxor", "0", "TheRavenFile" "2026-01-22 18:58:31", "1735676", "87c2fe364be5c08c86e4d08aa53ecdbc", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Weaxor%20Ransomware", "ransomware,weaxor", "0", "TheRavenFile" "2026-01-22 18:58:30", "1735677", "d90666b71ae82f8ad4a7d921324c2d54", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Weaxor%20Ransomware", "ransomware,weaxor", "0", "TheRavenFile" "2026-01-22 18:58:29", "1735679", "mosslotus2020.shop", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/9342a1d80f5482e905cf7448c904cdf21305432bf86893f7e1ccf297baf13c9c/", "c2,MaskGramStealer", "0", "burger" "2026-01-22 18:58:28", "1735680", "198.251.89.149:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-23 18:00:23", "100", "False", "None", "c2,F222,loader,StealC,stealer", "0", "Bitsight" "2026-01-22 18:58:26", "1735556", "https://deeesik.com/5a6n.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-22 18:07:56", "100", "True", "https://infosec.exchange/@monitorsg/115938910112948396", "KongTuke", "0", "monitorsg" "2026-01-22 18:58:25", "1735557", "deeesik.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-22 18:07:59", "100", "True", "https://infosec.exchange/@monitorsg/115938910112948396", "KongTuke", "0", "monitorsg" "2026-01-22 18:58:24", "1735558", "https://deeesik.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-22 18:07:58", "100", "True", "https://infosec.exchange/@monitorsg/115938910112948396", "KongTuke", "0", "monitorsg" "2026-01-22 18:58:24", "1735560", "event.harvestcircleinc.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/115939374134745130", "SocGholish", "0", "monitorsg" "2026-01-22 18:47:31", "1735692", "35.170.217.214:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-24 13:47:40", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-22 18:44:58", "1735691", "161.189.237.239:8443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-24 13:45:28", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-22 18:07:45", "1735690", "26.159.110.92:10134", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "100", "False", "https://tria.ge/260122-wj9mdsax2f", "AS749,C2,DNIC-AS-00749,orcus,rat,triage", "0", "DonPasci" "2026-01-22 18:04:51", "1735688", "47.76.147.135:2233", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260122-vwg78shy2b", "AS45102,C2,rat,triage,valleyrat", "0", "DonPasci" "2026-01-22 18:04:51", "1735689", "47.76.147.135:80", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260122-vwg78shy2b", "AS45102,C2,rat,triage,valleyrat", "0", "DonPasci" "2026-01-22 18:04:50", "1735687", "154.9.26.201:8084", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260122-shtyrsey2e", "AS979,C2,rat,triage,valleyrat", "0", "DonPasci" "2026-01-22 18:04:36", "1735686", "http://198.251.89.149", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260122-vna4yshs2f", "AS53667,C2,stealc,stealer,triage", "0", "DonPasci" "2026-01-22 18:04:29", "1735685", "http://00491751076163.com/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "https://tria.ge/260122-qg9lqahv9e", "C2,lumma,stealer,triage", "0", "DonPasci" "2026-01-22 18:04:28", "1735684", "https://yarddrq.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "https://tria.ge/260122-vm5beag19g", "C2,lumma,stealer,triage", "0", "DonPasci" "2026-01-22 18:04:18", "1735683", "asseccmod.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260122-sxatfaf12e", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2026-01-22 18:04:06", "1735681", "viscosity-vertex.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260122-v56besas4a", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-22 18:04:06", "1735682", "37.19.221.168:15312", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260122-ttxdpsfv8e", "AS212238,C2,triage,xworm", "0", "DonPasci" "2026-01-22 17:23:40", "1735678", "fusionjanicepalimpsest.com", "domain", "botnet_cc", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "100", "False", "https://www.joesandbox.com/analysis/1855760/0/html", "c2,domain,HijackLoader,joesandbox", "0", "DonPasci" "2026-01-22 16:07:06", "1735664", "https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/mp-rt-115", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-22 16:05:52", "1735663", "15.237.101.71:23750", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.237.101.71", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 16:05:51", "1735661", "15.237.101.71:10000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.237.101.71", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 16:05:51", "1735662", "15.237.101.71:20000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.237.101.71", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 16:05:50", "1735660", "3.10.232.160:1913", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.10.232.160", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 16:05:49", "1735659", "3.145.156.172:2923", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.145.156.172", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 16:05:47", "1735658", "40.177.115.38:49409", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/40.177.115.38", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 16:05:46", "1735657", "13.49.80.35:56878", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.49.80.35", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 16:05:45", "1735655", "18.170.33.45:8443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.170.33.45", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 16:05:45", "1735656", "3.91.157.114:830", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.91.157.114", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 16:05:44", "1735654", "43.205.96.101:38644", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.205.96.101", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-22 16:05:28", "1735653", "www-fb.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:56", "100", "False", "https://search.censys.io/hosts/93.189.231.95+www-fb.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:27", "1735651", "fr-ca.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:56", "100", "False", "https://search.censys.io/hosts/93.189.231.95+fr-ca.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:27", "1735652", "hc-icons-hive.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:56", "100", "False", "https://search.censys.io/hosts/93.189.231.95+hc-icons-hive.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:26", "1735650", "help.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:55", "100", "False", "https://search.censys.io/hosts/93.189.231.95+help.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:25", "1735649", "www-cat.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:54", "100", "False", "https://search.censys.io/hosts/93.189.231.95+www-cat.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:24", "1735648", "honeycomb.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:54", "100", "False", "https://search.censys.io/hosts/93.189.231.95+honeycomb.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:23", "1735647", "corporate.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:52", "100", "False", "https://search.censys.io/hosts/93.189.231.95+corporate.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:22", "1735645", "app-adj.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:51", "100", "False", "https://search.censys.io/hosts/93.189.231.95+app-adj.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:22", "1735646", "fr-ch.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:51", "100", "False", "https://search.censys.io/hosts/93.189.231.95+fr-ch.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:21", "1735644", "www-al.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:55", "100", "False", "https://search.censys.io/hosts/93.189.231.95+www-al.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:20", "1735643", "www-uk.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:49", "100", "False", "https://search.censys.io/hosts/93.189.231.95+www-uk.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:19", "1735642", "js-appboy.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:49", "100", "False", "https://search.censys.io/hosts/93.189.231.95+js-appboy.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:17", "1735641", "pulse-cro.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:48", "100", "False", "https://search.censys.io/hosts/93.189.231.95+pulse-cro.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:16", "1735639", "twitter.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:48", "100", "False", "https://search.censys.io/hosts/93.189.231.95+twitter.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:16", "1735640", "www-ca.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:53", "100", "False", "https://search.censys.io/hosts/93.189.231.95+www-ca.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:15", "1735638", "flix-careers.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:47", "100", "False", "https://search.censys.io/hosts/93.189.231.95+flix-careers.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:14", "1735637", "www-bg.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:47", "100", "False", "https://search.censys.io/hosts/93.189.231.95+www-bg.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:12", "1735636", "global.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:47", "100", "False", "https://search.censys.io/hosts/93.189.231.95+global.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:10", "1735635", "fr-be.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:52", "100", "False", "https://search.censys.io/hosts/93.189.231.95+fr-be.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:09", "1735633", "it-ch.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:53", "100", "False", "https://search.censys.io/hosts/93.189.231.95+it-ch.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:09", "1735634", "www-ba.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:46", "100", "False", "https://search.censys.io/hosts/93.189.231.95+www-ba.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:08", "1735632", "shop-de.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:54", "100", "False", "https://search.censys.io/hosts/93.189.231.95+shop-de.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:07", "1735631", "de-li.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:52", "100", "False", "https://search.censys.io/hosts/93.189.231.95+de-li.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:05", "1735630", "www-mx.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:45", "100", "False", "https://search.censys.io/hosts/93.189.231.95+www-mx.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:04", "1735628", "sdk-fra02.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:49", "100", "False", "https://search.censys.io/hosts/93.189.231.95+sdk-fra02.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:04", "1735629", "api-cms.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:46", "100", "False", "https://search.censys.io/hosts/93.189.231.95+api-cms.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:03", "1735627", "es-us.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:47", "100", "False", "https://search.censys.io/hosts/93.189.231.95+es-us.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:01", "1735626", "cdn-cf-cms.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:45", "100", "False", "https://search.censys.io/hosts/93.189.231.95+cdn-cf-cms.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:00", "1735624", "aw-booking.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:44", "100", "False", "https://search.censys.io/hosts/93.189.231.95+aw-booking.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:05:00", "1735625", "www-dd.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:45", "100", "False", "https://search.censys.io/hosts/93.189.231.95+www-dd.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:04:59", "1735623", "global-api.bomain.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-22 23:00:50", "100", "False", "https://search.censys.io/hosts/93.189.231.95+global-api.bomain.ru", "AS198610,BEGET-AS,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-22 16:04:46", "1735622", "95.111.225.15:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-24 13:49:11", "100", "False", "https://search.censys.io/hosts/95.111.225.15", "AS51167,C2,censys,CONTABO,Havoc", "0", "DonPasci" "2026-01-22 16:04:33", "1735621", "107.172.31.101:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-24 13:43:25", "100", "False", "https://search.censys.io/hosts/107.172.31.101", "AS-COLOCROSSING,AS36352,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2026-01-22 16:04:32", "1735620", "185.208.156.201:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-24 13:46:27", "100", "False", "https://search.censys.io/hosts/185.208.156.201", "AS42624,AsyncRAT,C2,censys,RAT,SWISSNETWORK02", "0", "DonPasci" "2026-01-22 15:34:54", "1735577", "cki.yago.fun", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:54", "1735578", "d2d.yago.fun", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:54", "1735579", "cki.alipico.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:54", "1735580", "jth.alipico.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:54", "1735581", "hrm.alipico.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:54", "1735582", "stm.alipico.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:54", "1735583", "d2d.alipico.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:53", "1735575", "cki.sodstreams.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:53", "1735576", "cki.bexca.org", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:42", "1735574", "https://d2d.alipico.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:41", "1735568", "https://cki.yago.fun/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:41", "1735569", "https://d2d.yago.fun/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:41", "1735570", "https://cki.alipico.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:41", "1735571", "https://jth.alipico.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:41", "1735572", "https://hrm.alipico.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:41", "1735573", "https://stm.alipico.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:40", "1735566", "https://cki.sodstreams.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:34:40", "1735567", "https://cki.bexca.org/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-22 15:31:03", "1735565", "www.sethrgloballimitedbackup2.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/1806a422212cd1992fa72df78873755c35675b332599f9a7dfd0103711c2d062/", "remcos", "0", "abuse_ch" "2026-01-22 15:31:02", "1735564", "www.sethrgloballimitedbackup1.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/1806a422212cd1992fa72df78873755c35675b332599f9a7dfd0103711c2d062/", "remcos", "0", "abuse_ch" "2026-01-22 15:31:00", "1735563", "www.sethrgloballimited.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/1806a422212cd1992fa72df78873755c35675b332599f9a7dfd0103711c2d062/", "remcos", "0", "abuse_ch" "2026-01-22 15:25:18", "1735562", "http://vqrip9nq.beget.tech/authBigloadDefaultFlower.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-01-22 15:25:11", "1735561", "104.168.0.140:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2026-01-22 14:58:08", "1735559", "skullcode.myddns.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-24 13:49:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" # Number of entries: 866