################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2026-06-30 13:05:06 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-06-30 13:05:06", "1840287", "20.5.176.76:25565", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "True", "None", "quasarrat", "1", "_ik_" "2026-06-30 13:00:57", "1840280", "https://riviere.sbs/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-06-30 13:00:57", "1840281", "riviere.sbs", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-06-30 13:00:56", "1840286", "http://172.168.177.48:39138/Mozi.7", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "75", "False", "https://honeylabs.net/lookup/172.168.177.48", "elf,iot,Mozi", "0", "HoneyLabs" "2026-06-30 13:00:55", "1840282", "https://riviere.sbs/api/v1/session", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-06-30 13:00:55", "1840283", "https://riviere.sbs/api/v1/verify", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-06-30 13:00:54", "1840285", "http://124.11.64.11:34008/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "75", "False", "https://honeylabs.net/lookup/124.11.64.11", "elf,iot,Mozi", "0", "HoneyLabs" "2026-06-30 12:13:41", "1840284", "shart120x.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 12:13:45", "100", "True", "None", "30June2026,ClearFake,Commandline,DomainShadowing,Windows", "0", "Gi7w0rm" "2026-06-30 12:05:50", "1840279", "wk00z1ey.vip1xbet.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake,mac-0x68dc,macos", "1", "ttakvam" "2026-06-30 11:46:50", "1840278", "115.190.149.214:58004", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-30 11:26:48", "1840277", "3fbkahzk.coinsgame.pro", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake,mac-0x76c7,macos", "1", "ttakvam" "2026-06-30 11:25:35", "1840276", "coinsgame.pro", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 11:25:40", "100", "True", "None", "30June2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-06-30 11:25:24", "1840275", "bjsiw6ik.casinoiran.pro", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake,mac-0xfb64,macos", "1", "ttakvam" "2026-06-30 11:24:28", "1840274", "casinoiran.pro", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 11:24:32", "100", "True", "None", "30June2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-06-30 11:07:18", "1840273", "6oekxs4k.vip1xbet.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake,mac-0x68dc,macos", "1", "ttakvam" "2026-06-30 11:05:05", "1840272", "152.32.132.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-30 09:56:58", "1840225", "http://153.117.41.127:47793/Mozi.a", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "75", "False", "https://honeylabs.net/lookup/153.117.41.127", "elf,iot,Mozi", "0", "HoneyLabs" "2026-06-30 09:56:57", "1840226", "http://110.37.35.79:33903/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "75", "False", "https://honeylabs.net/lookup/110.37.35.79", "elf,iot,Mozi", "0", "HoneyLabs" "2026-06-30 09:56:57", "1840227", "https://backupper.pro", "url", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "magecart", "0", "Localhost123" "2026-06-30 09:56:56", "1840234", "https://www.einvoicesolutions.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.einvoicesolutions.com", "ClickFix", "0", "CarsonWilliams" "2026-06-30 09:56:55", "1840235", "https://www.m-und-c-partners.de/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.m-und-c-partners.de", "ClickFix", "0", "CarsonWilliams" "2026-06-30 09:56:55", "1840236", "129.212.233.8:37215", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-30 09:54:11", "1840271", "152.32.132.177:8899", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:05:05", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-06-30 09:54:10", "1840270", "39.97.246.75:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-30 09:54:09", "1840269", "179.43.190.13:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-30 09:46:23", "1840268", "94.250.201.212:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:20", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-30 09:44:26", "1840267", "198.135.54.39:14642", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-30 09:44:18", "1840266", "192.162.199.149:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:16", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-30 09:43:50", "1840265", "170.64.130.99:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:49", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-30 09:43:39", "1840264", "155.103.71.115:14656", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:37", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-30 09:43:36", "1840263", "152.42.164.27:65531", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:34", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-30 09:43:27", "1840262", "141.94.121.162:6666", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:25", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-30 09:43:24", "1840261", "136.113.49.8:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:23", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-30 09:43:06", "1840260", "103.11.41.10:2120", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-30 09:05:05", "1840238", "134.122.187.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-30 09:00:49", "1840237", "kdf.betbacklink.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-06-30 07:05:09", "1840233", "115.190.80.27:18085", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-30 07:05:08", "1840232", "134.122.187.85:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-30 07:00:17", "1840229", "https://scp.jangkarsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:25:38", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-30 07:00:17", "1840230", "scp.psgiran.news", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:25:49", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-30 07:00:17", "1840231", "https://scp.psgiran.news/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:25:49", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-30 07:00:16", "1840228", "scp.jangkarsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:25:38", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-30 06:04:15", "1840224", "i5sofk6r.xbetone.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-30 06:03:08", "1840218", "imohoo.com.br", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:08", "1840219", "unspanel.rs", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:08", "1840220", "fearlesshomemaker.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:08", "1840221", "keypharmacy.uk", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:08", "1840222", "lifetimeeyecare.biz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:08", "1840223", "ajantaappliances.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:07", "1840217", "thekiss.gr", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:06", "1840216", "swanriverschool.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:05", "1840213", "dainikkishoreganj.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:05:32", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:05", "1840214", "alpin-tuning.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:05:32", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:05", "1840215", "tools4teens.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:05:32", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:04", "1840208", "phcnepal.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:05:31", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:04", "1840209", "cakramakmurabadi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:05:31", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:04", "1840210", "insideautomacao.com.br", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:05:31", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:04", "1840211", "hashsolution.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:05:31", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:04", "1840212", "m-und-c-partners.de", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:05:31", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:03", "1840206", "knowmat.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:05:30", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:03", "1840207", "vihangamyoga.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:05:30", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 06:03:02", "1840205", "lisanslab.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:05:29", "90", "False", "None", "ClickFix,compromised,ErrTraffic", "1", "m_govcert_ch" "2026-06-30 05:54:20", "1840204", "ce29b8c2576712a33aae06aee02486440c9268fcc19da1496a074feeee0a5178", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-30 05:05:05", "1840202", "1.14.227.23:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-30 05:05:05", "1840203", "130.12.182.95:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-30 04:50:38", "1839848", "php-panel.letsgoautomotive.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "SocGholish", "0", "varysz" "2026-06-30 04:50:38", "1839852", "http://31.56.48.179:666/w", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-29 16:03:10", "75", "False", "https://stateoftheattack.com/campaign/scattershell-teampcp-v21", "container-escape,credential-harvest,cryptojacking,cve-2026-31431,docker,teampcp,teamtnt", "0", "Stateoftheattack" "2026-06-30 04:50:37", "1839853", "http://31.56.48.179:666/.real_mnd", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-29 16:03:10", "75", "False", "https://stateoftheattack.com/campaign/scattershell-teampcp-v21", "container-escape,credential-harvest,cryptojacking,cve-2026-31431,docker,teampcp,teamtnt", "0", "Stateoftheattack" "2026-06-30 04:50:36", "1839854", "http://31.56.48.179:666/.mconf", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-29 16:03:10", "75", "False", "https://stateoftheattack.com/campaign/scattershell-teampcp-v21", "container-escape,credential-harvest,cryptojacking,cve-2026-31431,docker,teampcp,teamtnt", "0", "Stateoftheattack" "2026-06-30 04:50:36", "1839856", "27cc6cf232ba7ed8dc92dcb0795bdb7185197928ec3061a8d6de097f9efc5440", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "https://stateoftheattack.com/campaign/scattershell-teampcp-v21", "container-escape,credential-harvest,cryptojacking,cve-2026-31431,docker,teampcp,teamtnt", "0", "Stateoftheattack" "2026-06-30 04:50:35", "1839892", "fee27090c90ed20350a65616c658f158bef9443ada21279c11cc9dbd125d363e", "sha256_hash", "payload", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "", "50", "False", "", "None", "1", "Vincent" "2026-06-30 04:50:34", "1839855", "0f63bea320d768fb12bb53a287f210b8b9ccec563ac66dc80b7967628e455566", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "https://stateoftheattack.com/campaign/scattershell-teampcp-v21", "container-escape,credential-harvest,cryptojacking,cve-2026-31431,docker,teampcp,teamtnt", "0", "Stateoftheattack" "2026-06-30 04:50:33", "1839891", "dff350f69d90cf8e6055054475b0c892b77610c734111c381dfbad8bb72b2b3d", "sha256_hash", "payload", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "", "50", "False", "", "None", "1", "Vincent" "2026-06-30 04:50:32", "1839894", "172.86.123.37:8086", "ip:port", "botnet_cc", "js.beavertail", "None", "BeaverTail", "", "100", "False", "", "BeaverTail,chainvisitalabs,ContagiousInterview,DPRK", "0", "fedfranz" "2026-06-30 04:50:31", "1839893", "7c71f81b6e981eb71d442a7e26df9ebf199665e5460da3b35b43496b380840a8", "sha256_hash", "payload", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "", "50", "False", "", "None", "1", "Vincent" "2026-06-30 04:50:30", "1839895", "172.86.123.37:8087", "ip:port", "botnet_cc", "js.beavertail", "None", "BeaverTail", "", "100", "False", "", "BeaverTail,chainvisitalabs,ContagiousInterview,DPRK", "0", "fedfranz" "2026-06-30 04:50:30", "1839896", "code-beautify.com", "domain", "payload_delivery", "js.beavertail", "None", "BeaverTail", "", "100", "False", "", "BeaverTail,chainvisitalabs,ContagiousInterview,DPRK", "0", "fedfranz" "2026-06-30 04:50:29", "1839897", "ipregionchecker.org", "domain", "payload_delivery", "js.beavertail", "None", "BeaverTail", "", "100", "False", "", "BeaverTail,chainvisitalabs,ContagiousInterview,DPRK", "0", "fedfranz" "2026-06-30 04:50:29", "1839898", "74009ad71c2f41ebfe6b76358f0224f814f8dca1167a858538b5e8df8a76b881", "sha256_hash", "payload", "js.beavertail", "None", "BeaverTail", "", "100", "False", "", "BeaverTail,chainvisitalabs,ContagiousInterview,DPRK", "0", "fedfranz" "2026-06-30 04:50:28", "1839900", "017cb09cabd9c909e4fb06e8c668d2f89e472e103eda5230d98761a9f998bdb5", "sha256_hash", "payload", "js.beavertail", "None", "BeaverTail", "", "100", "False", "", "BeaverTail,chainvisitalabs,ContagiousInterview,DPRK", "0", "fedfranz" "2026-06-30 04:50:27", "1839899", "0e1ae44c555c13b03bdbd72f66c456aaffcdd13887ebe9859d302a63e409c462", "sha256_hash", "payload", "js.beavertail", "None", "BeaverTail", "", "100", "False", "", "BeaverTail,chainvisitalabs,ContagiousInterview,DPRK", "0", "fedfranz" "2026-06-30 04:50:27", "1840070", "https://isabeladandaro.com.br/diagnostico-de-honorarios-convite/?src=Org_Site&utm_source=Org&utm_medium=Site&utm_content=&utm_campaign=&utm_term=", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/isabeladandaro.com.br", "ClickFix", "0", "CarsonWilliams" "2026-06-30 04:50:24", "1840071", "https://www.ibogainerapiddetox.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.ibogainerapiddetox.com", "ClickFix", "0", "CarsonWilliams" "2026-06-30 04:50:23", "1840072", "https://ackeamann.xyz/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-30 04:10:36", "100", "True", "https://infosec.exchange/@monitorsg/116834503395473857", "KongTuke", "0", "monitorsg" "2026-06-30 04:50:23", "1840073", "ackeamann.xyz", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-30 04:10:37", "100", "True", "https://infosec.exchange/@monitorsg/116834503395473857", "KongTuke", "0", "monitorsg" "2026-06-30 04:50:22", "1840074", "https://ackeamann.xyz/api/v1/session", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-30 04:10:38", "100", "True", "https://infosec.exchange/@monitorsg/116834503395473857", "KongTuke", "0", "monitorsg" "2026-06-30 04:50:22", "1840075", "https://ackeamann.xyz/api/v1/verify", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-30 04:10:38", "100", "True", "https://infosec.exchange/@monitorsg/116834503395473857", "KongTuke", "0", "monitorsg" "2026-06-30 04:50:21", "1840076", "https://ackeamann.xyz/api/v1/status", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-29 19:07:36", "100", "True", "https://infosec.exchange/@monitorsg/116834503395473857", "KongTuke", "0", "monitorsg" "2026-06-30 04:50:21", "1840077", "cleardig477.icu", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "https://app.any.run/tasks/3e1f08ea-8329-4469-8f06-8088b5c67c7b", "clickfix,etherhiding", "0", "Overkill1984zzz" "2026-06-30 04:50:20", "1840079", "superfirewallprotection.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "https://app.any.run/tasks/5c762349-e152-4fde-82d1-60b62d0f0e48", "clickfix,etherhiding", "0", "Overkill1984zzz" "2026-06-30 04:50:20", "1840080", "moderncloudprotection.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "https://app.any.run/tasks/5c762349-e152-4fde-82d1-60b62d0f0e48", "clickfix,etherhiding", "0", "Overkill1984zzz" "2026-06-30 04:50:19", "1840081", "publicwebprotection.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "https://app.any.run/tasks/5c762349-e152-4fde-82d1-60b62d0f0e48", "clickfix,etherhiding", "0", "Overkill1984zzz" "2026-06-30 04:50:18", "1840097", "https://datacrypt5840.top/update/package", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116834962514966770", "KongTuke", "0", "monitorsg" "2026-06-30 04:50:17", "1840146", "https://eb0ca005.verifying-your-identity-proceedv1.pages.dev/?x=j7b5cr22&y=1782755817438&z=425693", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 06:31:03", "100", "False", "", "ClearFake,ClickFix", "1", "GovCERT_CH" "2026-06-30 04:50:17", "1840158", "api-v2.golfsignpro.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/116835207888527012", "SocGholish", "0", "monitorsg" "2026-06-30 04:50:16", "1840161", "178.128.253.253:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-30 12:13:02", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-30 04:50:16", "1840162", "157.245.65.67:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-30 12:12:50", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-30 04:50:15", "1840163", "159.223.5.30:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-30 12:14:13", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-30 04:50:15", "1840164", "206.189.7.4:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-30 12:13:50", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-30 04:50:15", "1840165", "167.71.7.92:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-30 12:13:38", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-30 04:50:14", "1840166", "178.128.243.177:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-30 12:12:26", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-30 04:50:14", "1840167", "188.166.24.139:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-30 12:12:37", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-30 04:50:13", "1840169", "206.189.101.38:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-30 12:13:15", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-30 04:50:11", "1840168", "152.42.129.15:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-30 12:14:02", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-30 04:50:10", "1840170", "209.38.35.163:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-30 12:13:26", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-30 04:50:09", "1840186", "https://scanbot.me/scanbot.sh", "url", "botnet_cc", "elf.sshdoor", "None", "SSHDoor", "", "50", "False", "", "None", "0", "ClearlyNotB" "2026-06-30 04:50:05", "1840173", "https://ottixpimobiliaria.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/ottixpimobiliaria.com", "ClickFix", "0", "CarsonWilliams" "2026-06-30 04:50:05", "1840180", "cloud.api-middle-connect.com", "domain", "cc_skimming", "js.magecart", "None", "magecart", "", "100", "False", "", "None", "0", "Localhost123" "2026-06-30 04:50:03", "1840182", "https://patrickfarrellbooks.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/patrickfarrellbooks.com", "ClickFix", "0", "CarsonWilliams" "2026-06-30 04:50:03", "1840183", "https://portalpsicosocial.es/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/portalpsicosocial.es", "ClickFix", "0", "CarsonWilliams" "2026-06-30 04:50:01", "1840188", "http://94.154.43.5/mips", "url", "payload_delivery", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://honeylabs.net/lookup/94.154.43.5", "elf,iot", "0", "HoneyLabs" "2026-06-30 04:50:01", "1840189", "a5b42be0041bff5a4e521412014c2e7029ff08df7e9746fb4d923d40cee0e7d7", "sha256_hash", "payload", "elf.mirai", "Katana", "Mirai", "", "80", "False", "https://honeylabs.net/lookup/94.154.43.5", "elf,iot", "0", "HoneyLabs" "2026-06-30 04:50:00", "1840190", "https://romayahomes.co.uk/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/romayahomes.co.uk", "ClickFix", "0", "CarsonWilliams" "2026-06-30 04:49:59", "1840194", "162.243.103.246:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "90", "False", "None", "c2,erebus-v14,nation-state-hunter,t1059_003,t1105", "0", "Erebu" "2026-06-30 04:49:59", "1840195", "https://seniorcitizenjournal.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/seniorcitizenjournal.com", "ClickFix", "0", "CarsonWilliams" "2026-06-30 04:49:59", "1840196", "https://leinstermetalrecycling.ie/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/leinstermetalrecycling.ie", "ClickFix", "0", "CarsonWilliams" "2026-06-30 04:49:58", "1840198", "https://itsrealmedia.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/itsrealmedia.com", "ClickFix", "0", "CarsonWilliams" "2026-06-30 04:05:07", "1840200", "1.117.77.166:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-30 04:05:07", "1840201", "173.211.46.220:53306", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-30 04:05:05", "1840199", "110.42.252.147:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "True", "None", "supershell", "1", "_ik_" "2026-06-30 02:03:29", "1840197", "46imdg6k.blackjackonlineplay83.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-30 01:15:03", "1840193", "https://alpin-tuning.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 03:31:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-06-30 01:02:17", "1840192", "328bpzpg.313betapk.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-30 00:40:12", "1840191", "http://149.30.222.4/getinstall64", "url", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-06-30 00:01:58", "1840187", "uhv95fx8.betbuf.live", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-06-29 23:46:01", "1840185", "150.109.186.36:64401", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-29 23:05:41", "1840184", "47.243.127.117:889", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/a81dd7a5c94f3f82fe489a5e9ccb5e8618f22d3846d1d74388e88e399a8de2e7/", "valleyrat_s2", "0", "abuse_ch" "2026-06-29 22:55:07", "1840181", "47.243.127.117:887", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-06-29 22:05:05", "1840179", "176.65.144.73:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "True", "None", "stealc", "1", "_ik_" "2026-06-29 22:01:57", "1840178", "0dahrppq.taktikbet.bio", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-29 22:00:20", "1840177", "https://tps.psgiran.news/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 06:26:17", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-29 22:00:19", "1840176", "tps.psgiran.news", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 06:26:17", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-29 22:00:18", "1840174", "tps.jangkarsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 06:26:05", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-29 22:00:18", "1840175", "https://tps.jangkarsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 06:26:05", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-29 21:05:05", "1840171", "172.245.226.124:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-29 20:20:32", "1840160", "http://176.65.144.73/312b423bf6dd463f8d15.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-30 13:02:40", "75", "False", "https://bazaar.abuse.ch/sample/25572b53676f1041dfec6ddd3ac1b47c5db8c384c98aac6238c463ada08ad523/", "stealc", "0", "abuse_ch" "2026-06-29 20:20:07", "1840159", "158.160.75.185:40644", "ip:port", "botnet_cc", "win.raton_rat", "None", "RatonRAT", "", "100", "False", "None", "RatonRAT", "0", "abuse_ch" "2026-06-29 19:50:54", "1840157", "45.141.27.68:4959", "ip:port", "botnet_cc", "win.remus", "None", "Remus", "", "75", "False", "https://bazaar.abuse.ch/sample/64f5d668ffdd18dc9dac0da41d409727b2521d920266f79b914483c9d3a76972/", "remus", "0", "abuse_ch" "2026-06-29 19:50:52", "1840156", "http://miedorama.com:4959", "url", "botnet_cc", "win.remus", "None", "Remus", "", "75", "False", "https://bazaar.abuse.ch/sample/64f5d668ffdd18dc9dac0da41d409727b2521d920266f79b914483c9d3a76972/", "remus", "0", "abuse_ch" "2026-06-29 19:50:51", "1840155", "72.60.121.225:7838", "ip:port", "botnet_cc", "win.remus", "None", "Remus", "", "75", "False", "https://bazaar.abuse.ch/sample/64f5d668ffdd18dc9dac0da41d409727b2521d920266f79b914483c9d3a76972/", "remus", "0", "abuse_ch" "2026-06-29 19:50:50", "1840154", "http://angect.xyz:7838", "url", "botnet_cc", "win.remus", "None", "Remus", "", "75", "False", "https://bazaar.abuse.ch/sample/64f5d668ffdd18dc9dac0da41d409727b2521d920266f79b914483c9d3a76972/", "remus", "0", "abuse_ch" "2026-06-29 19:45:30", "1840153", "81.90.31.253:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:09", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-29 19:44:01", "1840152", "193.169.194.63:32333", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-29 19:43:50", "1840151", "185.115.164.60:9486", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-29 19:43:30", "1840150", "155.138.218.137:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:37", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-29 19:43:17", "1840149", "128.90.141.238:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:20", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-29 19:43:16", "1840148", "128.90.112.249:5202", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:20", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-29 19:43:05", "1840147", "103.11.41.10:52046", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-29 19:10:46", "1840145", "a8480f1bd4fc75a68930f3c60df63955", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:45", "1840142", "63844cd3d2578789f0e5ca58cfddf9d4", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:45", "1840143", "ffe98374173d7c2084a1a6953b308c13a8b9493294af831c23542b0d88654036", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:45", "1840144", "ce609cfde7d81bc7311a83e0f008a2f756912ea9", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:44", "1840139", "1ccf41cfd9d85a0e6c49854e25d76ab5", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:44", "1840140", "d6ca3c85df784f0b7751f67bc0b23f44f173b7be7f6344d02f26c8e28e0abad8", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:44", "1840141", "ab84b6726d46e9cdc1349d2c8cfb9777dac57101", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:43", "1840136", "04f340ede96f607f310a9ca67370a5e5", "md5_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:43", "1840137", "3f076a3e4a0733c630d58f790dc8b6422c5ee6344695f88987b14a060d721d4f", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:43", "1840138", "f2a03400898271b8fb6310151c56edf1120b736c", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:42", "1840133", "d11ea15f2c690f46bfc282f300f692c1", "md5_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:42", "1840134", "1d805377c6dc2c4321897789d82add4d2e83e947c5fe2a182061484db840d7bb", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:42", "1840135", "e7feba95e7553a8d070623a279def1fabebe1ca8", "sha1_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:41", "1840129", "b6c0e1b9da3c8f21bffbe878f58f3513848f3748", "sha1_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:41", "1840130", "5fea3f930de097794a95ced9dbae500c", "md5_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:41", "1840131", "cfa1674a075c651c7bf0278f5fffc2ed2d268f4317eb41faf1d1eb03c14bdb04", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:41", "1840132", "999dbc13a581e26dd6e2931db152b01087d13c92", "sha1_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:40", "1840126", "1a46239db708d9eb82152b45392433be8f182b22", "sha1_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:40", "1840127", "1615ac4b69265a70f17a0eb37df82065", "md5_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:40", "1840128", "af154a4bb20730e0d8f7e88179b1797d8e67b23302ee2a0fa152dbd23a39a9dd", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:39", "1840123", "2f299b8f3839e4259a27f4b1d8af0d2473cfe7e0", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:39", "1840124", "1e3fd12fee9d2fd27642ed24cff01338", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:39", "1840125", "604a502f34aa28773356a131d2ce537866cdd973e464a7144b0d626fd65f5937", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:38", "1840119", "f59b521321526c8e255c6e5a9ed71d063349cab55a4a0b7207c6aa0039fb32be", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:38", "1840120", "58be67baa9a3323e8f0554ff45147668d5abf8ba", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:38", "1840121", "5563f909b93845410a8014ddffa5adf6", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:38", "1840122", "a834cec6b236453ee671c23326b60763880a47c93ccc595d6e566ec5f81ade88", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:37", "1840116", "9977df7ffd04173d38e0aefe3d028052e164aaa69c1facfe63af55b473dd9e24", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:37", "1840117", "1ceb390d2b85599cc738bfadcdddceaa01083940", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:37", "1840118", "7f79817eb5e3579ce8957a42c31c65fa", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:36", "1840113", "1086e2ec8e9274e1639f14084f27d3b47e606c37ccc2a1e4976db6633ef797d5", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:36", "1840114", "5bc1696dec9c0d82be4ff8910a7ae7c217e9e40e", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:36", "1840115", "2f61cb4b14e0cf839a4a823eceea88e9", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:35", "1840109", "b1341da78ca16f4d04cb56d05c63a821", "md5_hash", "payload", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:35", "1840110", "31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:35", "1840111", "33e85ae9412fa870e5d6de31502e7d48c64ce224", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:35", "1840112", "744e1221f6467d0b7e73a10f52e6cd6c", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:34", "1840106", "14b7d8e98b8cd97f8f302bab2b4dea27", "md5_hash", "payload", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:34", "1840107", "0911748a95f6a362d1ed8d6fcd1a7889167520cdd506522658d84a69c9a088ab", "sha256_hash", "payload", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:34", "1840108", "2a43e2b7dea9979a803c300b5b9638f5d4ae2f64", "sha1_hash", "payload", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:33", "1840103", "91ca6805aabe73cabd12644fccf91ec5", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:33", "1840104", "83a2d5361b91b0ac26ff7c5f161dd3008de6922c5df7f8c0af80b1dea105480d", "sha256_hash", "payload", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:33", "1840105", "af09bf91db9bb8dfaa56f1d2e3d4fab97e6fdf72", "sha1_hash", "payload", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:32", "1840100", "4db7b73a3650b98b99aa282bf1e16cc1", "md5_hash", "payload", "win.raton_rat", "None", "RatonRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:32", "1840101", "ab168b5a63520e7cabe5d2d3917e1b9b1b388db0b3f27354bc7cd075e63cc7dd", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:32", "1840102", "a29d766799b35f8c9a4fbc3950295aedc17c7e9a", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:31", "1840098", "16aa5e9cd33302fb4bba5f5fe61b9dcef4e6e1a777098985eca17e5a6f075234", "sha256_hash", "payload", "win.raton_rat", "None", "RatonRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:10:31", "1840099", "3f762a0e0d991b182032fcf13cb94c75a61fe47b", "sha1_hash", "payload", "win.raton_rat", "None", "RatonRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 19:05:08", "1840096", "45.196.233.245:50001", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-29 19:05:07", "1840095", "121.37.101.160:9999", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-29 19:05:06", "1840094", "104.251.181.73:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:12", "100", "True", "None", "havoc", "1", "_ik_" "2026-06-29 19:05:05", "1840093", "172.245.226.124:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:56", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-29 19:00:49", "1840092", "r32rtlhu.1xbetpartnersiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-29 18:56:42", "1840091", "pageimagebook.info", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "None", "1", "michaelschrijver" "2026-06-29 18:45:21", "1840090", "81.177.49.127:24378", "ip:port", "botnet_cc", "win.raton_rat", "None", "RatonRAT", "", "100", "False", "None", "RatonRAT", "0", "abuse_ch" "2026-06-29 18:45:18", "1840089", "134.122.128.106:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-06-29 18:45:13", "1840088", "217.60.195.56:5201", "ip:port", "botnet_cc", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "100", "False", "None", "AveMariaRAT,RAT", "0", "abuse_ch" "2026-06-29 18:45:10", "1840087", "191.101.51.10:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2026-06-29 18:45:07", "1840086", "3.127.181.115:19587", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "None", "NjRAT", "0", "abuse_ch" "2026-06-29 18:45:03", "1840085", "155.117.183.181:2017", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "None", "NjRAT", "0", "abuse_ch" "2026-06-29 18:33:31", "1840084", "moderncloudprotection.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "85", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 18:33:30", "1840083", "publicwebprotection.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "85", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 18:33:29", "1840082", "superfirewallprotection.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "85", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 18:01:53", "1840078", "r4zhwkgz.betbuf.live", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-29 16:30:23", "1840069", "193.233.82.126:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:22", "1840068", "zenithharbinger.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:21", "1840067", "radiantprospera.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:20", "1840066", "latticepatronage.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:19", "1840065", "covenantventure.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:18", "1840064", "apexharvestor.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:17", "1840063", "momentumbloomera.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:16", "1840062", "vectorprospera.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:15", "1840061", "nexuspatronage.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:14", "1840060", "quantumharbinger.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:13", "1840059", "paragonbloomera.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:12", "1840058", "amb1ing-farm.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:11", "1840057", "borschokf2dd.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:10", "1840056", "latat-long.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:09", "1840055", "plaque5tucco.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:08", "1840054", "ebensen-timent.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:06", "1840053", "chernichco5t.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:05", "1840052", "degassing-mould.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:04", "1840051", "souf1atwindow.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:02", "1840050", "betav2ryazhsky.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:01", "1840049", "seering5outh.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:30:00", "1840048", "archive-shlyah.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:59", "1840047", "acce1eratpacify.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:58", "1840046", "ass-ecuadorian.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:57", "1840045", "repu1sivebrazen.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:56", "1840044", "doha-neutral.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:55", "1840043", "izyob7rickets.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:54", "1840042", "shim-windless.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:53", "1840041", "solid5lowly.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:52", "1840040", "die-reformer.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:51", "1840039", "dunkpo1ytechnic.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:50", "1840038", "ethen0shypnotist.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:49", "1840037", "peddler-wasting.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:48", "1840036", "overreactuntr2ve.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:47", "1840035", "ama1gamb1ast.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:46", "1840034", "radio-legitdown.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:45", "1840033", "encryption5hadow.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:44", "1840032", "hor1inka-lonely.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:43", "1840031", "greyhounds1uidor.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:42", "1840030", "chronicle5-diachiha.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:41", "1840029", "unp2idvalk.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:40", "1840028", "estradaannivers.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:39", "1840027", "unseen-zorenka.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:38", "1840026", "carving-paral.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:37", "1840025", "exhaustoverwint.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:36", "1840024", "poles-wrinkle.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:35", "1840023", "chequecholeric.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:34", "1840022", "monotheism-sled.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:33", "1840021", "disorientbreak.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:32", "1840020", "estat-goldilock.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:31", "1840019", "after-diacritic.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:30", "1840018", "sue-intentioned.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:29", "1840017", "champag-mannered.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:28", "1840016", "limous-nitout.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:27", "1840015", "flos-strip.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:26", "1840014", "bitter-salty.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:25", "1840013", "ripples-shark.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:24", "1840012", "sniffingviableoffice.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:23", "1840011", "binary-dock.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:22", "1840010", "pashtuns-study-rose-hip.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:21", "1840009", "neural-routing.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:20", "1840008", "polestennisplayer.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:19", "1840007", "stack-forge.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:18", "1840006", "animalspintroll-xerography.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:17", "1840005", "packet-lattice.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:16", "1840004", "icewounded.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:15", "1840003", "runtime-atlas.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:14", "1840002", "khudrukrantingmanic.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:13", "1840001", "bellow-norushka-pianissimo.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:12", "1840000", "biennial-polovauniverse.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:11", "1839999", "bibliosmirk.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:10", "1839998", "steel-evar-yes-valence.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:09", "1839997", "clamshellkarakulchaalumina.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:08", "1839996", "downplaying-sevenleague.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:07", "1839995", "hundred-years-old.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:06", "1839994", "kabardinskymonasticismradicalism.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:05", "1839993", "culling-posture-schnitzel.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:04", "1839992", "signal-harbor.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:03", "1839991", "kernel-lattice.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:01", "1839990", "proxy-horizon.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:29:00", "1839989", "byte-forge.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:59", "1839988", "cloud-atlas.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:58", "1839987", "script-vault.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:57", "1839986", "network-pulse.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:56", "1839985", "cyber-relay.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:55", "1839984", "node-matrix.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:54", "1839983", "logic-sphere.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:53", "1839982", "cloud-forge.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:52", "1839981", "script-matrix.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:51", "1839980", "network-horizon.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:50", "1839979", "cyber-lattice.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:49", "1839978", "node-pulse.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:48", "1839977", "container-vector.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:47", "1839976", "script-horizon.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:46", "1839975", "cloud-sphere.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:45", "1839974", "runtime-forge.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:44", "1839973", "telemetry-vault.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:43", "1839972", "microservice-pulse.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:42", "1839971", "network-harbor.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:41", "1839970", "observability-matrix.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:40", "1839969", "runtime-sphere.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:39", "1839968", "packet-vector.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:38", "1839967", "signal-vault.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:37", "1839966", "network-forge.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:36", "1839965", "byte-lattice.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:35", "1839964", "cyber-harbor.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:34", "1839963", "logic-pulse.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:33", "1839962", "stack-matrix.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:32", "1839961", "siciliandefensetheory.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:31", "1839960", "audioattenuatorschematic.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:30", "1839959", "badabingsopranoslounge.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:29", "1839958", "orbitaldockingmodule.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:28", "1839957", "crispychickencutlets.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:27", "1839956", "subfossiloakchronology.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:26", "1839955", "cyberneticprostheticlab.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:25", "1839954", "magneticlevitationtrain.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:24", "1839953", "gothiccathedralblueprint.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:23", "1839952", "deepseahydrothermalvent.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:22", "1839951", "holographicprojectiongrid.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:21", "1839950", "stratosphericweatherballoon.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:20", "1839949", "renaissancefrescorestoration.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:19", "1839948", "subdermalbiometricchip.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:18", "1839947", "primordialsoupevolution.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:17", "1839946", "telemetry-orbit.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:16", "1839945", "container-beacon.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:15", "1839944", "runtime-nexus.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:14", "1839943", "packet-cascade.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:13", "1839942", "kernel-vertex.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:12", "1839941", "signal-bridge.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:11", "1839940", "cloud-meridian.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:10", "1839939", "proxy-frontier.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:09", "1839938", "network-foundry.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:08", "1839937", "runtime-cascade.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:07", "1839936", "packet-frontier.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:06", "1839935", "kernel-beacon.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:05", "1839934", "signal-meridian.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:04", "1839933", "cloud-orbit.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:03", "1839932", "proxy-compass.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:02", "1839931", "telemetry-nexus.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:01", "1839930", "container-bridge.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:28:00", "1839929", "proxy-orbit.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:59", "1839928", "stack-frontier.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:58", "1839927", "telemetry-sphere.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:57", "1839926", "system-forge.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:56", "1839925", "stack-orbit.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:55", "1839924", "script-nexus.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:54", "1839923", "proxy-harbor.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:53", "1839922", "network-vector.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:52", "1839921", "microservice-compass.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:51", "1839920", "logic-compass.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:50", "1839919", "cloud-lattice.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:49", "1839918", "byte-frontier.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:48", "1839917", "container-pulse.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:47", "1839916", "packet-orbit.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:46", "1839915", "kernel-compass.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:45", "1839914", "signal-frontier.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:44", "1839913", "cloud-beacon.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:43", "1839912", "proxy-cascade.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:42", "1839911", "telemetry-harbor.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:41", "1839910", "byte-foundry.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:40", "1839909", "stack-sphere.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:39", "1839908", "script-bridge.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:38", "1839907", "system-horizon.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:37", "1839906", "elbowfrisk.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:27:36", "1839905", "karo7drix.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:25:47", "1839903", "https://bom.psgiran.news/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 21:25:48", "75", "False", "None", "gw3n9,Vidar", "0", "abuse_ch" "2026-06-29 16:25:47", "1839904", "bom.psgiran.news", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 21:25:48", "75", "False", "None", "gw3n9,Vidar", "0", "abuse_ch" "2026-06-29 16:25:35", "1839901", "https://bom.jangkarsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 21:25:37", "75", "False", "None", "gw3n9,Vidar", "0", "abuse_ch" "2026-06-29 16:25:35", "1839902", "bom.jangkarsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 21:25:37", "75", "False", "None", "gw3n9,Vidar", "0", "abuse_ch" "2026-06-29 16:02:30", "1839890", "freeshareyourimage.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:28", "1839889", "freecatimages.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:27", "1839888", "placebetweenphotos.us", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:26", "1839887", "thedocumentsthe.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:24", "1839886", "openimagesworld.us", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:23", "1839885", "lovefreephotos.us", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:22", "1839884", "imageuploaderfree.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:16", "1839883", "e2becd3fbfd8a2bc16f517ddf3702bc03ce25718495e7e67ef8517d2d91be6f9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:15", "1839882", "1a22a2b2b0118fbd8e607a1fd303e69fb61b95837372e57d508908de1a446195", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:14", "1839881", "e1f8ac8514b45b51abc91b135e4964290a8e6bb5fb4893535fce8da974a8da5b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:12", "1839880", "2b3681feecfb6e9a9f762fbf0e0421d69f6bd66f925f4d79be39cde5616256d6", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:11", "1839879", "65822e4396d854529e895ce37a87c11f660b0f5fd826660a97e9d62b24e57082", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:10", "1839878", "8765c89afc71a53077f2221ddf68625d971f41e8446b4c2b2f8c0835910d7306", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:08", "1839877", "8a712dc3e7b657d198b7532dd8c7f117c882ed0ec3acc4fb5bcb62ccae9e450c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:07", "1839876", "andopening.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:06", "1839875", "documentsphotos.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:05", "1839874", "76bf6dc77dd65a17f8525db19ed152117272bf777cd49d0284dbb398f90d945c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:02:03", "1839873", "e3b293066d3fc76c2fb149af1492afce98e4bba9a699713b0d5e8ef2c558ac92", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 16:01:58", "1839872", "cdn.wp-station.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:56", "1839871", "api.wp-station.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:55", "1839870", "cloud.api-middle-connect.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:54", "1839869", "record-tracker.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:53", "1839868", "hilo-cdn.app", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:51", "1839867", "stats.wp-station.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:50", "1839866", "178.16.53.243:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:49", "1839865", "178.16.53.232:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:46", "1839864", "178.16.55.92:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:45", "1839863", "45.94.47.129:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:44", "1839862", "80049a2ef7ebc587d0a1b68cb51f79f710950670fc693f7f666233b2bb8c11a9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:42", "1839861", "67af4ba680d2acadbc7c96852a296c515da5eb93095056b8028f5d16dc8271a0", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:41", "1839860", "103.141.13.26:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:40", "1839859", "e127aef41aaa4e0c28becb09df8415df35f7ca23724e07e2dbab0abb5f72fb85", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:39", "1839858", "54b57a524cb975f381dbc1dacccd77924d7ce331fe6b156c5b62419d86e7d18a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 16:01:37", "1839857", "gushchina-kriz.digital", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 15:46:19", "1839851", "112.124.71.123:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:37", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-29 15:46:07", "1839850", "answers.microsofl.ip-ddns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-29 15:35:03", "1839849", "113.30.189.164:54984", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-06-29 15:17:17", "1839841", "cportal.atlantascales.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/116833792515156682", "SocGholish", "0", "monitorsg" "2026-06-29 15:17:16", "1839846", "https://ghoster.com.br/vendas-ghoster/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/ghoster.com.br", "ClickFix", "0", "CarsonWilliams" "2026-06-29 15:01:04", "1839847", "hi4ztw3j.vip1xbet.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-29 14:25:52", "1839845", "c1d.psgiran.news", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 15:25:50", "75", "False", "None", "gw3n9,Vidar", "0", "abuse_ch" "2026-06-29 14:25:51", "1839844", "https://c1d.psgiran.news/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 15:25:50", "75", "False", "None", "gw3n9,Vidar", "0", "abuse_ch" "2026-06-29 14:25:39", "1839842", "https://c1d.jangkarsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 15:25:39", "75", "False", "None", "gw3n9,Vidar", "0", "abuse_ch" "2026-06-29 14:25:39", "1839843", "c1d.jangkarsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 15:25:39", "75", "False", "None", "gw3n9,Vidar", "0", "abuse_ch" "2026-06-29 14:05:05", "1839840", "107.174.221.13:14782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "True", "None", "quasarrat", "1", "_ik_" "2026-06-29 14:02:09", "1839251", "https://bogisibh.xyz/api/v1/status", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116833554053336427", "KongTuke", "0", "monitorsg" "2026-06-29 14:02:09", "1839252", "https://synccert7665.com/update/package", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-29 13:14:55", "100", "True", "https://infosec.exchange/@monitorsg/116833554053336427", "KongTuke", "0", "monitorsg" "2026-06-29 14:02:09", "1839253", "synccert7665.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-29 13:14:53", "100", "True", "https://infosec.exchange/@monitorsg/116833554053336427", "KongTuke", "0", "monitorsg" "2026-06-29 14:02:08", "1839254", "telehex1921.lol", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/aa14e0739cc231f5bbc34d22440d1600c72cfed1f1c1be6f7bef6f57a8deb05f", "ClickFix,DLL-sideload,FakeUpdate,Firefox,plugin-container", "0", "Lenny3BO" "2026-06-29 14:02:08", "1839255", "opskey2005.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/aa14e0739cc231f5bbc34d22440d1600c72cfed1f1c1be6f7bef6f57a8deb05f", "ClickFix,DLL-sideload,FakeUpdate,Firefox,plugin-container", "0", "Lenny3BO" "2026-06-29 14:02:07", "1839256", "datacrypt5840.top", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/aa14e0739cc231f5bbc34d22440d1600c72cfed1f1c1be6f7bef6f57a8deb05f", "ClickFix,DLL-sideload,FakeUpdate,Firefox,plugin-container", "0", "Lenny3BO" "2026-06-29 14:02:07", "1839258", "aa14e0739cc231f5bbc34d22440d1600c72cfed1f1c1be6f7bef6f57a8deb05f", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/aa14e0739cc231f5bbc34d22440d1600c72cfed1f1c1be6f7bef6f57a8deb05f", "ClickFix,DLL-sideload,FakeUpdate,Firefox,plugin-container", "0", "Lenny3BO" "2026-06-29 14:02:06", "1839259", "7cf705c6a891860f44ec7f8f6a1fa8b461be9fdae040c729720cfffc85cdffd9", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/aa14e0739cc231f5bbc34d22440d1600c72cfed1f1c1be6f7bef6f57a8deb05f", "ClickFix,DLL-sideload,FakeUpdate,Firefox,plugin-container", "0", "Lenny3BO" "2026-06-29 14:02:06", "1839260", "72e532597a0255c83c41ea5d3b239027827ec9c24e4e6620dc49da6484f18b4a", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/aa14e0739cc231f5bbc34d22440d1600c72cfed1f1c1be6f7bef6f57a8deb05f", "ClickFix,DLL-sideload,FakeUpdate,Firefox,plugin-container", "0", "Lenny3BO" "2026-06-29 14:02:06", "1839261", "d656d9afc72bb96781f831f619a88ccc7713cad6ea8e73572e07b9a2e8c4a16f", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/aa14e0739cc231f5bbc34d22440d1600c72cfed1f1c1be6f7bef6f57a8deb05f", "ClickFix,DLL-sideload,FakeUpdate,Firefox,plugin-container", "0", "Lenny3BO" "2026-06-29 13:57:59", "1839839", "7ay17187.vip1xbet.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-29 13:51:24", "1839838", "8eb65c7e227d022ab55a5fcd0df2108cf63fcd1b0f223dae807fd91f4c07da63", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:22", "1839837", "57383f826f13db899c12e257b8b4fb331cb67665427ab89bfa512ff94b136a38", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:20", "1839836", "878b1280993dfd05177c1ddcb1db0d5dfaaeab3688ac008fae08dcbbdc9c6165", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:18", "1839835", "81b432422313fee435ad45d1d56fc2b82092b87a216930ff376711fae1c5c589", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:17", "1839834", "f0210f448c8f446a0553ebc96217b69204635ab9c8afd3dbad4551cd15b04ed6", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:15", "1839833", "124943f53d7e25e6b0d5fc5f0166887bd455928c197a83d7912ca836842b7a49", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:13", "1839832", "081ff763229d78c25ee98ad187721c67f90f7c21c179316ac15294bd306a9bf8", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:11", "1839831", "f2b25a2b02c06cfd322ab35e46aa996e093f60c6d4533ff1c9488a4fd4731bc2", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:10", "1839830", "4ab0c6d772182dd989d5f486b3786d9652e096f3a7de2fe9318ba91160a29e54", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:08", "1839829", "99dae889c2513af1184536be9113f9090156e005ec8f4e7d70fe85a2385d6b40", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:06", "1839828", "1xkade.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:04", "1839827", "2b7a158ba21d29ff705f007404100f4be18f57c8add18be4367274313a525702", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:02", "1839826", "dab38d21b56589329253f3945077257015c38f0a3be8d4b23dbec6614df4cd6b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:51:00", "1839825", "a7c115fa0d7e766e8cca83357f820fbc30bacf87eb8e034e626745fbcbedf4dd", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:58", "1839824", "5ddcc0e2b411639e9f0b956207a0f79220a5d63a91f989a33dfdb5e84d054375", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:57", "1839823", "cbec366f46e2ada3a4ba03110a6bf07cd773758f9647d6177aa2b3a824725a40", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:55", "1839822", "cda3bad36970a93cf320e99fa8f79ebef44a9d363984caa8d3ade57302d685d8", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:53", "1839821", "c29c5524132d533b368fdb4ebf25005b8ba16c87f47ff43cc8ffcf3afd951ef0", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:51", "1839820", "d9521891b05f22fb738d33a351630174ce3612472585616b5a0d0339f5ef7bc9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:49", "1839819", "cf5875da311ed8b387c1c2e1980ae092b8c626983b052f8209b3cfd7092f37f5", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:48", "1839818", "477d0034cb086f7f243a7d5dfa9cd3bc4b4897bbdbbf3579e57696b4a0367eea", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:46", "1839817", "1f8714501e5a305f0ac811fe072adab863121a505c58ba8f2063b80cc4c53fde", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:44", "1839816", "cb6136edadf2e978a6a7a824a04c4868c3d5388e5a6348af138ccf0ad65281cb", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:43", "1839815", "b4e82c910ee8b571485fed72ab6bcc2fac4bc56165486fe0da3548372c061722", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:41", "1839814", "7aba322a380e1677dd6d330776f68ee1c9fcd03bc95d441848ff24dfe9c6d724", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:37", "1839813", "81eb6e18c2b2ccdf7b0eca605398a98628627a9a97ac27a2868dd2b8cb930386", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:36", "1839812", "889e30fe3f83f5760f2ff19a077d59efaa07e9cf01cfe46dc94ce009f14d9eb0", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:34", "1839811", "b67a31e76c3574f6703a4113083de1a2f7fa3162ca7873510e7df4da1f78156f", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:32", "1839810", "5fda909ff3cef21c73af1756533f0a5a1fda0f0169b538dc9b8d34889ad926ed", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:30", "1839809", "a8e53406599d6e8c59847e3bc3170202c52eae122053d2fbb9c4233ab7f0d3ba", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:29", "1839808", "426ddfb1bb7b5f84c6676b9c796093585a9c0ad52d72cba56eae4cf47b10b742", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:27", "1839807", "b197a5e6403eea1910b4f50719ecdf58945e3a1c727dd81f3fc57a85ceb6f620", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:25", "1839806", "31a3401c2f9bfe8a85849d08036cc52458c8bce4e68655b981878017780e3bbf", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:23", "1839805", "9ffef12b7a1aa5844659994c2c3a83c9ab432e03f965ec8a19638516ed7e15e3", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:22", "1839804", "f9325158ffb4030c5afbc19c113fee7e6ce8b269a5a33abcf571c04887048e57", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:20", "1839803", "d4e920866a336e9210499e9f0a4c7e8d26deb886c1dba1cd6ae4614084d181ae", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:18", "1839802", "b3a3f1ee7ba473939b8c1d308e3b051a393c282a5ed4c2427cae3835c3f90f3a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:16", "1839801", "a082217a6db8177fb320a99750f4540a671fe33f1b08d21cdd9e918f41bba8ac", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:15", "1839800", "92f9ed3459ca697bc70ecf6e9ed5432f508ff194c67a9a723d3f9791453b1c5b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:13", "1839799", "5a724c4ec2981e29380eba58bf5aacda7dd7326117537759ed28779e326f7ea6", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:11", "1839798", "6bf6d1965b3a4ef77868cea0e1fa9a74454a5907e753bcfe67f7d7939f04febe", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:09", "1839797", "riverpoker.xyz", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:07", "1839796", "d8da9785a0e4843c2e4e0dc187392d4ad4ddf7a2f65ba88daf60bee76e416a07", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:06", "1839795", "fe72b8995c8837aef8e7e4302fe630f72f93748a7bf37838b7d261ab2cea6f03", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:02", "1839794", "791a41337602eecb913c8ebb0725f2f4f3dd2bad52bdd39c44a799ab3f6ae556", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:50:00", "1839793", "4347c748a3fe26288b92f165b5f1f8b62f42053db896331512916d1b813cf30a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:58", "1839792", "42deaf9d9680d818a640958fbc33ce6ed2c75bea7293495e121a2287f3c16470", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:57", "1839791", "a11a262fa4c433630376c7bd6172482a37b87e2f9fefdd1c219acc9775195db7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:55", "1839790", "09af99cc0116a5e64ccff2cf62e00423baca98b6a61ec4f5ffbf357ace24cdaa", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:53", "1839789", "shartcart.xyz", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:51", "1839788", "efc89c8ce4a47037d02203cec9f63cfcb55a85ea6ec724ac39a614a78c74e280", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:50", "1839787", "eea4226faa5385e43944513bc6c5e0aba5c5fe2233ab9ddc4db89dbed87139c3", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:48", "1839786", "d5184af6a18beba8da3c5679cb97627150e2289119a0813e5f038cea69d76aff", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:46", "1839785", "taktikbet.bio", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:44", "1839784", "f2e1a2e8fd3895de2116b985ee9e42adb083da7dcbe5618f3b94b9bdbdbc783c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:43", "1839783", "tinyshart.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:41", "1839782", "520e384b23a7fdf452b5134da72dd74b7c7ea6bcb9099aae631f6b12930c85dc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:39", "1839781", "a75ac0799920ebf7491b9268c702dca5d9747796a89cf351ad66d10a2d5b27a7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:37", "1839780", "fa1238f691e56bcc0022608721faa7153c3d99b8b117701599d21fa42eed59fa", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:34", "1839779", "fae06d3527460702a36bf3f503c942a35cabd04ba78d144ad0347de1a06adedc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:32", "1839778", "add88dcfc5ef426a51c348b69e2a7b7416499ed91f5a2344006e3fd537767fd7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:30", "1839777", "cd2a2ee649f83c5e3c897edaa9827d0e2aa64ceacac65f4b1cc72fbe9062696a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:29", "1839776", "05ce12e867f403ca55729c8c511fa0f8b881bb4700a2bda45b63ebb452592fed", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:27", "1839775", "f6a79304d223a2df752e32e51c8099e56d6867bbc092baaf8da823cf660e0870", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:25", "1839774", "a2df2915aa26a1e32aa60d9d2e38d9bc292e0c256c67521f5ab4917b5d7ad941", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:23", "1839773", "16fff1a5fc06424acc5a5b9e9cc07ed0321f48c4254ff367925c7f5de14e5d62", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:22", "1839772", "13bdaf4471806639e3fc8d650b8039f52e59de138e482a506b2ba8b9b39901b3", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:20", "1839771", "226e7b5c5172d05784cfa2ae145aed749d08ad2c76ccc2152f286fdb86698809", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:18", "1839770", "yekshart.net", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:16", "1839769", "bd5b89ca5457fcb0e67821d8b9a97c86cfdeb9af22d15d694b946bbdf52a5070", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:14", "1839768", "e4755a251e140ffb3a7405ff6d744b968fac98fd6b163b3575c17224275e9e76", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:13", "1839767", "014ae4a90dc0d2c605f82e928004ef5921eb3c8793d477011889730225c1527d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:11", "1839766", "31f1300cd96515097d540e513e28ac2c581754a743301199f3d5e4a1231c1fa0", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:09", "1839765", "71eca2a2a4427c3dc110f3516d2e99e4a4af9f5e5394d3d52debd707110b1094", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:07", "1839764", "2435a4e8428a82a301a87197866ddfac9d2100d8f920f187a823c88ce806675e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:06", "1839763", "c959e7a155d1da4bf450cfda3bd0f84bf8028bc5e14b60cb9a1753b9d8efe16d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:04", "1839762", "96276d59f865049ec4c5cca4801a65fb85e233fe6625975625ab9a2fd41e8100", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:49:02", "1839761", "f17cab00a92cda8acdcc84847508a54585bc054a77bf7dee0b89598359a585ef", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:59", "1839760", "ace4dcfc2795a6ae19e927f9ef1a00d6780d517c1f0ef82ac11797eacf0ab185", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:58", "1839759", "a86e693136de83b7a64e00c29a487b23e30c4fcdacf676fe1a338c0b307807b0", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:56", "1839758", "05bd30504df9f0d7b523cb34a3edf6374a4642eb0531500950f0191e0c7df852", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:54", "1839757", "sabad724.bio", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:53", "1839756", "fc0893d0b60b943cd327acd6037538318d87208ba7626a2f42a05da7a7a218bf", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:51", "1839755", "313betios.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:49", "1839754", "c9181856c3fed45a7bb1808c3a2dfedc8345e306fb22ef106d202e706f643fb0", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:47", "1839753", "1xbetpartnersiran.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:46", "1839752", "310d42379ca3c51699740fa991473eebefe7aa5ceba515899bc7f0466e88e685", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:44", "1839751", "1xprobet.app", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:42", "1839750", "f0dd6c57946342bb6fc8827153e0895dba4b7922e842597afe009943067cf196", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:40", "1839749", "9c549c9f571c14f56d0fd2476060cc7c148a50c5da418c7faa9081b522621d83", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:38", "1839748", "6a949b52db2fb8d659a783b1e7c6d7c46b8664f5e5af76784f5dcda0c6e45832", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:37", "1839747", "f396b4c20c493feb3843abeb2b347ae7e320ee0f7ea03522fff1742f7437d8df", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:35", "1839746", "19cec3279b4819bd518fef23cb1a2af9ebce9247531611148f5ef0d106562939", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:33", "1839745", "313betiran.online", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:31", "1839744", "44317aaf2ac9a743b22b069690ea33d8e067b3277050d72448db7e465ab52bf7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:30", "1839743", "611f175b6573a9d44f895dcef94bd9252aa332ebaf36e1ac5eb0ff179b997d74", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:28", "1839742", "e132bc63f9768a85ca4472e7b27280f26f387e8d2a7f0302555c34c8386cab8a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:26", "1839741", "79246207c4dc41f58e28e6c5b104b4c644d2780d6fca5a6df9d2eeaa78a590f1", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:24", "1839740", "515933678082aff2b0196c0601f04473585b418c285e8b9e7040eb724b4f9aed", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:23", "1839739", "d5f73374aa77a2f99385d6cd68da2521b80d8c48e013aa63d6418b8ccb818120", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:21", "1839738", "315643e6029ae7a70b9a173526a184ffc8a66dcc111f3ffcebd5fd473026fc6e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:19", "1839737", "412888487a94f8b94d87fd5fdc8932f6fde85f4157c53806a888a8b510f85c4b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:17", "1839736", "betbuf.live", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:15", "1839735", "57b5ef46bdb6bc7cae68b719503e2de2cb9173712dc8f978850801fa6eca4ff0", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:14", "1839734", "d6f3516dd5b9c909a05ae87f7f7834d2d5db5e6d7e153974a8e1f1f725017e53", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:12", "1839733", "232fd2611fc1f46ad1b5a280c33f0fc306ff9b6d35e95260930bb27ec051e788", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:10", "1839732", "38b2e12d1560279206a17395fa9a1b38ef937e3383233f72b35dbaa8c06a46f3", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:08", "1839731", "3d4e22b0dc83b1888baaef20ba791e3174bd61acd88efac3c92e77c8269e9653", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:07", "1839730", "0692c83afd512df18332b22dbe14679de671d4c08d46a513a877b40873fe436c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:05", "1839729", "96b8c4b86d79991b8f8a539bbbb3055181f7235f473e9074d01389da38b7207d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:02", "1839728", "b2030c42ae9a930705cf98062ae00d5bd2e06db3b5fb7bbb0c0285fe248cfadb", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:48:00", "1839727", "1b04c028b90b247f783357a822c1aa63ff4a9ac12692fe483711fb5a06787e14", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:59", "1839726", "313betsingup.casino", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:57", "1839725", "6d35efea5fac72d6ee3433add8827f953dca37e1309e36ed46d0682e7a09c434", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:55", "1839724", "1xboropartners.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:53", "1839723", "9fd0961f180a2a6c0dcc447f89c97ea581debed2ea33c9ad56b5446690454df6", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:52", "1839722", "1xsignupbet.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:50", "1839721", "298ece3b3060cbae13808d96c74ac49bd844623e4a211bac9f4362a6502d2863", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:48", "1839720", "733cbd9fd76b7842be57912ceb2f77b55ef32fffb79d320c765dfdf2e0ab5184", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:46", "1839719", "64f5c1cdd6d6761faa86e205043d1f8d9200b9bc31b782fc3089797ebbb1df6b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:45", "1839718", "113bac6449e7c49c736e8e8240771a0d76793e4cc52c1a37fdab1608c374ce19", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:43", "1839717", "abt90kade.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:41", "1839716", "f78ac0dab61c5f45a351be05cf728cfa0703798323c52879a7a4bc15406c54cb", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:39", "1839715", "22bahis-tr.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:38", "1839714", "f5c7f49eb7a2dc7acc76a941b058aac5a307cf6130c18e9ab20589aa1933f4ee", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:36", "1839713", "3cec1d52d95d9fb728928132fb4608ab469a3e71c497da1769325135caf0269c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:34", "1839712", "9838f78d5ef2b226912f0c72a38d5863637f843d062f4a4d0acc2569ac40ebdc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:32", "1839711", "9fb07537a7e16acb1ef4241240ee3f80aab3e2cd1f1cae9570d659f42ffc0cc9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:31", "1839710", "cc80852da3ced9c67c0be54a3a06a991873e48a6443b6d2c482505ce81ad17e3", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:29", "1839709", "c712cb217003bcdc3d4087c350d28c66ecf90af49f5ad8e7203daba8a7e8e7b4", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:27", "1839708", "46f8f5a30da314d478e265e28da4419d5ef19adc670ccb7deb57d15bae9f21ab", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:25", "1839707", "1xdownload2023.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:23", "1839706", "4b4102a2e28805d12b572323bc37f5a05e6d36fc731a33a9f165350a6717d040", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:22", "1839705", "b9e4ad9faee52e8866ad1f38a425c1314fdc6f44c6f4665010f7dbe303da1ca8", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:20", "1839704", "f1409a92e6aa3b890f6372414d34e7e93e8120d9da83b5b0b58030b98729dd3d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:18", "1839703", "1fdcdc0733dc0616ba21f2cf4a56fbde588d989cf71e26925dda48931c551f6c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:17", "1839702", "50a171ac23bb575bb12840446683b7cc39400047875ad318aecb9d40036eea9e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:15", "1839701", "a4b2e6b19516b1ff469e093656629cac8d0a47922a14e0e50a0cd6584ad76504", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:13", "1839700", "e9f3c930335311d0fe8e726b372fcf06e2538942a6fc6d88da9edc3faa59b7c9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:11", "1839699", "5b0b45fea76ccd6900de05d162076b9c48b78f3297668ad65d3e3e92bda6c6fc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:10", "1839698", "a6bc6bb72b3ed7e241031aac6f8130b68bf4702be130760a8c39c266b9fbdc52", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:08", "1839697", "ffa65efae452cbf4baa955789735895353f3268c87873f1334d764605a4cc499", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:06", "1839696", "bdf46c4dbe512fa0ae26bebe27a68bc933f511f9bd918cd7efcaf441821f155c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:04", "1839695", "005d23162e74aaa950fa609b1eb8cc37d3f28396540182604730b930e61f914c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:47:01", "1839694", "b4e4603cfb751ac2c595f129b0e28287a87889938f55fc94e0c297b0a4a005ed", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:59", "1839693", "19c80a7da57c32c9dcaae13c7f2a082b9722ecfe230fb152e10ea0537bd30567", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:58", "1839692", "a9e01df4d1039b5ecbb26149f7d331d3bf95aca4d7977ef0a9390aee3906b687", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:56", "1839691", "honarrang.online", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:54", "1839690", "6ab6757326c4cf67c5488eb1c7e90b34002030a1968e06f5d0a8f942c52fcbc2", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:52", "1839689", "24b584844e5c1fa20bf0a68517420e7162d3f7462833d6bd0a296750917dd507", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:50", "1839688", "1ae8f2f2fed85d8e68479f04cb0b9209e855792f87002b523651eadcd467ef23", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:49", "1839687", "1ab28c7288a670a34392f3652280e4167bff3bf5e316e5e355e5906a481b3c17", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:47", "1839686", "c0c575a5275d27a2fa47bc5f8ca081ed689dcd0b9a84f619a504ec682a990643", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:45", "1839685", "04fea1d0c45f6bcc408fbb7275cbe918ea498c1de7341ed0e79993c6ae51b0e3", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:43", "1839684", "4be1501792cb564f615240a1b4a649367e710fd78f494709a401b067ebec4fca", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:41", "1839683", "298f14d3cd6cc0fbe90e846e870391aa376ece9d212a969d6c702827185d08fd", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:39", "1839682", "ad0ea952e3c6a81a5471ef73eef47ae84accfacfda9868bcd4304f25d929f92e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:38", "1839681", "9ccdaa742177212ebb29eb4ed68a901ecb35cfb24836dda942bbb59ef825bc1a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:36", "1839680", "313betapk.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:34", "1839679", "690e7b24e0a9e110f34d848ef0fdea286145e19e709e77b5eeda50d50ace8408", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:33", "1839678", "347d0adf9d9085952c435e0014aa603c828bf1864d17038e1790fb0731b7c008", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:31", "1839677", "224d47f45d43fab7e1247f2ec457bd8cd5ecc9c9fd192c6fbfca2ac34141a40e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:29", "1839676", "10f0eefe55ed04c78b95e36e4b83e49d19ef431d8fa27f7e9c62751e3767bda6", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:27", "1839675", "f1c1e4912ba8cba7cbbab68e2ea2d5bdbdcfd769a19ed420427d5187905b9312", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:26", "1839674", "29c1b45b863aecf87178805b62399f99629b8bc398b0cf2be4f245b9a15ecce8", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:24", "1839673", "1xdownloadbet.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:22", "1839672", "49cb71bf1e8cf8a7bec155b3c60897edd1cc74860a4ff955290aaaa56a30585a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:20", "1839671", "ae29e79b641e6ad1a204d275d1233553bf7cf7ffacc5705b7779dfeff86da18b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:19", "1839670", "8eec96aa05f75e86a6508e349ec2979c7ee4bcd55afaf2fa52b3e0175f385d79", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:17", "1839669", "8b603a8efac1630470cb8313b47289bd472e249a8f77b057c7ce4dec9787b14a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:15", "1839668", "af8312bcc2d968c24ae8942be15d43421363aa326685370852468d7cd9a5a39b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:13", "1839667", "2157a11050dd3813771aa70d090e16b02733f659b9d6d5ddce3ec2fe2b59c7e9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:12", "1839666", "d226eb2de39a752bb8184350301b90b8f8ca992eca59fe29ebb3361c7084a05e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:10", "1839665", "alobet.pro", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:08", "1839664", "6f70383fce624b1d23bbc2faacaa107f9ddb791a9636b9b552dc1fbafed1c588", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:06", "1839663", "37075e36950eaec07d207870fdb8e89ba6635222769f298d6a324de341cd0ccf", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:05", "1839662", "7edf28fd45f03213328265875e3d2c52b96e3a11c0e794b4d4c6d10f21be1249", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:02", "1839661", "603836c3723118b10c98962a2a1f2ffe2591dd50d0c6ddbf0109a70765c367a5", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:46:00", "1839660", "73cc918e200d1816f0fb0437f3d7c68c8d09296e942e3eab29c775b19c8667e6", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:58", "1839659", "5be4a77129c44dd8db0b12ce5ce97423a9420b85ecdeb1afb005a999aa8049a1", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:56", "1839658", "79ae4c51a7dc322598a9bdc428b04b0e649e82a5530308ca22fe920955227824", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:54", "1839657", "b187458423a6bcfb33ff615b47cabe42c2fd1408f77d4d70efef9eb936ecc72a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:53", "1839656", "be5bf9fae90a88dcbc764ffddecb34bf0cbdfc9a90ab08f8666473b7f2214cba", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:51", "1839655", "2dc79e549f60bc02c43210823741ca69a9efb71b5a44243768f4f2452b669a68", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:49", "1839654", "bb9a388134d418a2e362f1cbe11fbe5545e17af925c43a2cf69779950cb6031b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:47", "1839653", "2a7fb245ffdd65a62b4c29a5af8eb0e7df37b3fd1f39097905f863a237b296fe", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:46", "1839652", "2c42c449a84a7b23d3d91a5f7e382b1718ecb39d0d84cc8407b22d2464f67e2c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:44", "1839651", "323d5ae5950450365e8d908e190d7d4ae4f08e9a420683fcaaa54fe50465c4cc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:42", "1839650", "58a5edafe9913698b4deae999ad59df1b6191d6a622b7f3844a08fb537868101", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:40", "1839649", "c733f78c80d027d037c8ebc6f21117df63acab83897d2342a9c305f986d78aca", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:39", "1839648", "192d2ce20ca06398b5de1df16f94af68a27d89595c58e749c53c6dcadf63662c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:37", "1839647", "86a28961d0301706c09ec74ccf9d4c15404a3adc9235306333577c147edb3afa", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:35", "1839646", "2fffe49dc379b3d525b69b792dabdced5d95a133da59c2e5d9db605c5f1e1cd8", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:33", "1839645", "ac56862ba982309ae1e4b46df7af4cb16364c55d2e2485a106631f1888aa5840", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:32", "1839644", "7e5ba27700f835afed4b04390f935e15bc9b7eef1979e28ba1e2118614132e34", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:30", "1839643", "98c084f01044b8174d6ace1f512da6a06933c4fdc6f858d32ce9b07279dc82a7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:28", "1839642", "4d256667bb0ecaad1d2c6704598570301b8eb7694612487bd9ddc7f635f8b1b6", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:26", "1839641", "66e15854ca2d96814302477e2d596d96285c43de93514467e1c0e04b942844d7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:25", "1839640", "342609843717ec79a3eb53a381ab0743c57c70e4e86a1ae20ec85008f6a5554b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:23", "1839639", "e4bd493473fb2f71a83674b3d44865740657438ab22510f37121583f83225c5b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:21", "1839638", "a55657bee94a9748f0c21e859e7371ed6e46aef296cd0e3d89f90ff8c79d553f", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:19", "1839637", "329a446d1cacfa1615f000937907d600ae4dff63e60d2b0f5b4809f0d56a9b7e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:17", "1839636", "925d2ab18be0e8b3e85bb9968e5c999c32dbfeaec8faf617ccf2e619088ce63c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:16", "1839635", "c1dc31974713b63ad513f65dcebf049333d280930493ee663181570b2182c7e5", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:14", "1839634", "2c5554fc01f652daad55bc308d077b8d49eccbdb9f0d4c2a0061ca1e08f96771", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:12", "1839633", "0e5d483b1173972ea86da6384547d600d7bae9e9204007b683fb45703f2ba9cb", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:10", "1839632", "8a51e06878717602cb4cc3982cb983922c2acd9f7b869125bf0e5dbe8c6b92d0", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:08", "1839631", "3b7756cdad3fc20f3d5273f5f4cec4404ab7f2c134252c2619cbf485c65a7dcc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:07", "1839630", "e78ae391dbcc509d67031b8eacc8809027776c049a005d9d4a0ca6ae31f878f1", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:05", "1839629", "93fb152bb0c07db4463c881b4daf17bd5c007e2fe097f096297499253efa18f0", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:02", "1839628", "e79b655671ec492d625e66f1537dceb45a4ef7d2517c58af2e16ad3b224d099e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:45:00", "1839627", "095aeb362e5b8fe2c095b47cedfeab7fbea9bb866dc759aa5bcb44bc9123b49a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:58", "1839626", "0bcf5f10b1d7a7db764b3b562bad683e2d5e6e863e63a6766b62569a3e4d16bf", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:56", "1839625", "84a62ab8aa23344c15ed50c3e6d78886f54dc1c4ab001374963ad6f92f02ed0b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:54", "1839624", "1de1be23bb05a54e155a141e898a0c8aaf09cbc1285c5e6a71c10b058ac3acf6", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:53", "1839623", "08de7eacd549a59b6d3d7afbe40064ad981cfedf192fb850178570c945b6f238", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:51", "1839622", "bd8ec086cc4df4a53fbd41c4490656f962cf4b41d88a4a54539cb166fd06a625", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:49", "1839621", "0c6478d0fd592b465f98d1887a671b80fcaad145357d1bc698b827424bd2ccae", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:47", "1839620", "b0ae4e445adc5c3a1e3c987dba4948bc4651efd45b517f9fbdc8a9f65dbd1522", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:46", "1839619", "685828afaffa37efe8aabb8f09222c33a5325d73d8ba8e1ceb4761e94dfce105", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:44", "1839618", "1281bbddcebead31850b639a69496a410c6fe32aa3a3de73ba4c7a4ff87013db", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:42", "1839617", "3aa3df054514f530fee7bb78a012ce6a02c2bef45e988424fba534b9408c8d05", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:40", "1839616", "790f77de5c970f22a373fc1fc3a9c492229fc9ede18225d0dbc4740643b2864f", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:39", "1839615", "persiana.bet", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:37", "1839614", "cc7eb9c8d37e29497ae2c4faff7ac9ac2f0a491ea5499bd0d3eac675de529ab5", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:35", "1839613", "28b9b79d18af17fc53d21c0c58bf41bd6697f044d7c0dcf806e00a19ae7d7da2", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:33", "1839612", "0afce4a5acf139726bf479dcc41877b4fcd4138b9f395bdc70b219ba81983311", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:32", "1839611", "445dd498114c523c0b6a1d69f9860ea64a0a01f381e6935d071e1088609e8c30", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:30", "1839610", "41af7b9c1d3b467cda30cb48c6a37cf6805894aa18ec30b5f80000e1b8f9714c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:28", "1839609", "14f689c52602325c71ec5d13eaf29a890f4f1cf86a95eb8fec0cae1af91d5e2e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:26", "1839608", "226abb00d0d942c40b12022d86b1f73b81756fd9f9588b436ac5a87b428211df", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:25", "1839607", "08f440ee1659991acee984e6a266d53cfc56a409d030bf99b58ea54b268fb8e3", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:23", "1839606", "34061315cdb26d64d2eb58b85adbf72ebc535fe217739738af27f5bddb612483", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:21", "1839605", "ffbd3d22a61a837418d3065686d401f439f31a00a5d57b24cf9de86c3b44caf2", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:19", "1839604", "a3ef4bb67f92383fd6573d950c0da828992ae081ffe78d15b978575aab3b59e8", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:18", "1839603", "3fcee4743da0b69f5d036a545cbe2f89bf5666949b9ad667ffe29dc48a0e3d9e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:16", "1839602", "da4944e4384d42da5fe60a527d530380248f0a64e3f13d185e262a130e08ee9a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:14", "1839601", "119819df010ab85678ee4b98e6e072d2d89bc1694ce6a44da05ac8a263ba8242", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:12", "1839600", "7f549f9ced4340acd00c91af78f5ad8f18a31a401bc3605705468aabb5830389", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:11", "1839599", "b47d96527c1a0093553b19e86689c4d00d016dfb745e8a6bf473c4a6d2c142f9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:09", "1839598", "318334eb727c1e2dc3b55e375a02c3dab34623b00da0599a3fec5a23d33d1eb7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:07", "1839597", "34599e347fe26274530c72837dde3e0863f4580183c810ede147451c2ce09296", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:05", "1839596", "5bf1e723ddb4b40a06f219c54744e320203470552d3dff10faf5cad5b5bd0594", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:04", "1839595", "b5ec3792db03894b0d53b5b622d65b240f91e9719be10e26e2ae54e4787c7b35", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:44:01", "1839594", "e6eb81ceffe4d2da7f5abb14935949a8a8fb532d728bde9a0619d4844c1379df", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:59", "1839593", "af407cdca6cca6f89eb724570043c397e7e80f571bae1a9ffdcafb96581bf184", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:58", "1839592", "841fa9387b613794a777a69ca981a68cc7e6759e75413d39b0efae1650bfd765", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:56", "1839591", "4daff2f890ba8ee9f81acb6990cc8176eaf13c9837dc19ca91022e8d2b0430d9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:54", "1839590", "4df6389bca569490a69b1767f6fea270aa75f5fd228c3df57c5671709957f61c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:52", "1839589", "f1fdd609cd195d741589de152285f3e0d8ff3ae2e8a3b347613816f3972fce5e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:50", "1839588", "809600841a77234d48f4673c3d1483e71181ca6211e28d74d000204830753b9f", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:49", "1839587", "5b109aed6bd06b368dc575b29d5521bbcb32da942677ba4454704a941dc362fa", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:47", "1839586", "6e9a1942ff912a8d8a01b498f5365e06d1e64379d900b0f6f0a5a589ece76746", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:45", "1839585", "perspolis.pro", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:43", "1839584", "68436ac984740ab03ff5f0c198d3622150fec050989c54df036190a7a4349d05", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:42", "1839583", "b0e405b7969d79c95e85cdbf48ec8db4bfe5222b3d6ef116777c14d0524bbc76", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:40", "1839582", "1xdlbet.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:38", "1839581", "26e27313a713e26b71566d81e8b506831bb35cdf6901a7884b1078daaaad256e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:36", "1839580", "90be7b9a7efaee3ee835fa37fcc7e26cecf316a0f0d03cf5f96cd85c6b81530d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:34", "1839579", "60b0adc84b36b5370ca63eb7101bd2d342b1dfada35903ca1efc563d9640afa5", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:33", "1839578", "12a625b3b98a1ae59b3fa7dddbcd2fdb489dd5f1876f21bb69642f13cd1c6d19", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:31", "1839577", "027c4491da7279ef0c28f0e7b5bf4c103a2df1a3eab895ab3f46617fe2d7f396", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:29", "1839576", "6d31d8c7017bc3fc7b8589e03e90effcd5a9b64950a2ea6c2eaebdfcbc5087bb", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:27", "1839575", "31784b99a423d7d1c292bb673ff136f62125f030ad1887127ed06a0080b69eac", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:26", "1839574", "c00335daffc6d8dda56d6dafe6551d1f7ca26afa8f929c24db9d0431b81218a6", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:24", "1839573", "af8127cc83b6b7da5ae28ad3eea96174200edfcc5aa45b2ab7925187dac2d36a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:22", "1839572", "d43205e1ca5f39e2d38d02ba0b222a0d20411626fee0590459a346c67c119dd7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:20", "1839571", "8de1757b00b31e1c26229768be740f3e9493145261245b057ee98229970faa75", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:19", "1839570", "b07d7eaef7316e9866faa602c360c46c6cfdc3cbee145de77fbcacd63f640214", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:17", "1839569", "42e4659714519f1f7a12695b5f7df203440bb08954f5f6f84bb1491cdf74e4f9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:15", "1839568", "a5fb0f40715d9c4524d9c1c334719e36668ac48bb9ad8be8f503e1a6f1f04d7c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:13", "1839567", "9c4e285c0e35294e5f1336cdf48104e505b960bcf99532992cb54f8f5ca2c5f9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:12", "1839566", "48ca7d574ff68e03deea2a4858dd7b1ca66779fdca1f454054efcd31787f7937", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:10", "1839565", "b6bc8273370510fffea71ae09b9f560de201c6aeb28c4ed654ddc3757795f5fe", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:08", "1839564", "f4d64d73113d5ec2bbacaa6e2c0ccd8ede0a1ff7edf82724b654d367d7c32695", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:06", "1839563", "8f0bb1285c7e74d5cf735ea3e1b81f19af7bb66ce0fbc20ef0ee3d0cc2af81eb", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:05", "1839562", "b24acb0323702ab6211d419f31461b439ee26bdc0e30f25ccda2c8fd0f9b0d77", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:02", "1839561", "8c9c44d251459cdd066bea683a01af4633eec6c86e719172045e72dd2614fe02", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:43:00", "1839560", "bbf309009e1fb66866589176949d9e6a3c6ba13d6e6727f91c255730bcd1f7cb", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:58", "1839559", "2b639ad209bc9363dbce8cd57dd6270c65740ca44375a8571b91de09e165a765", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:56", "1839558", "3247c537d03122555bd73b70ef56fd898064a87231ae5f9a3abb8dd83984225d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:55", "1839557", "de3ad35d58bce028653189234464f208af3eab813c00d2239dbd3e4aaee04823", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:53", "1839556", "c04f175ff36ec2876115428b24a12163c6a217dcabb53b5323cc8c02b7f0782e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:51", "1839555", "fe3278cc70a425a9828203206901d669263714b22bce0c64462a044b2426ed7b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:49", "1839554", "61ac3e1e2c1a0454b798ed0fbc828b546423a8dc9fbc8237de82372b5381da5a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:48", "1839553", "0ca79a99e57a7e4a45d489d679cc36e5e8771eb5a5af52fb1353b827ffc224c4", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:46", "1839552", "1d092d05264c92d0a9b1eae7150c074ff71fe3a463476efcfa1c60276829865e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:44", "1839551", "4e3cc984819d56ad857cc4f93d86057a639f812aa20d48451c31c0b6894eb62b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:42", "1839550", "95970cdc48e9404ecb9b3a0368b1f31e047bb586b31086d8e45baeccd84febca", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:41", "1839549", "78b97b069a00375c63a70cb9954578c3cf9bc3f6f139094bb45054a350392d73", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:39", "1839548", "0a47701df259fdd10cfc0135819223158ce2b69f8e96c168576067fa2bff6448", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:37", "1839547", "fab3dfd516c69911e1695772c47a4affd6c199a9de8755ecf58f4cd268853e0f", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:35", "1839546", "a70a678ea4e494560339a21c449334fbb66860de6edd144bc4901b44b1bf4b4c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:34", "1839545", "37d2aba18a98d7fb8b871286632d5ed14df199ff5a9aa8f1fb0494060c41cd45", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:32", "1839544", "1d5f9df365648f47db3db692f3bceb69abf534da058d88dbf7108d7ad45f12a5", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:30", "1839543", "8f4aaee9a0badd34cfde16ccbb6c31ef7bef714ddb8867e620e760f721b7e2a9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:28", "1839542", "4c77c9f363c981a01a4f158b734bd4b7a0f560e1fefbaf79b9118ded34cc85ff", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:26", "1839541", "838e73a12345f9238ed8028213ed1a066e66a44518f76629bfbd47cf62047dab", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:25", "1839540", "f3cf50681b9a2c9c52aa149e0f4a8480c51f55e1a33894e3197b8f97b68b9eb7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:23", "1839539", "66406130c77059a3ec991a0d4589a9a012647441f960393709d8f5b4e713d504", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:21", "1839538", "bee512e41ca7059ea138ccfd935821c50268dd46dd068fbdb43d9391149d2010", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:19", "1839537", "1f1e9e894034cc42e5763302c29651009b60b6fc6264ed3417164d70b8f001ca", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:17", "1839536", "fb8d0e1a1cff22efe0bf453262120ca73fc163e1e7e0b00b29f8c8b2da66799a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:16", "1839535", "71a699c8f9baf9f3edc0552449ef67e75d24945c7f927d9e4160daaad5e3e2d1", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:14", "1839534", "6115e0c365f3cc55930a66072e94652288d9b7ea1e43058dcd9d59c154fe070c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:12", "1839533", "baea8fc383ea6a60053c5f3e818c8b2cebfca06620c50f77395aff119606163d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:10", "1839532", "f995250dae5d395a2773c89f45811438a7ddeef81bfc507cc27efd9b2f9747cc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:09", "1839531", "25ff351860f87bc46f51b057cc477e5c9b3ccffffe580722503c31d909a0928d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:07", "1839530", "fcbca46952dfcaa8e2168c9af88c63868485e0fcb1268eba50ca525a60a324f6", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:05", "1839529", "5689cf5549ee44dd64ff1a5cb5ec991f5969faf9da3e296071e888963d1bfa61", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:02", "1839528", "b1fc61b373e74d936f76dc0094b6be9b8acb25bbf4e44a9beadbd730d237c703", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:42:00", "1839527", "70e3b0ee50ef4c2fd7fa66e7ec4804d675f160066e252c9aeafc65815aedb222", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:58", "1839526", "00714edd01306c6528d6d31e9aaf3b9ae0e7ef23102d99e892c705d49da260ea", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:57", "1839525", "a51f8c071270354e6aee544de2ad3dd8dcc3fc4424226d5599e00916ad81be99", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:55", "1839524", "6d8bfcffcb19e21cefda5f1a79fa332e4273cb0282f7741e69707c809b8396de", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:53", "1839523", "324d7d52c708c0b6b1f45a19b4c1a42d6e6affb79053c8ab9470454ee3ad4296", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:52", "1839522", "e947300b142e4a3ad1a4a9879a4b835277bce783ca3176e9b42b0cd46a035557", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:50", "1839521", "65c64c33f378b0e81a073cf918b1b72a3e6259f811aec8d5cd007171a15ccf78", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:48", "1839520", "6264a5ea18a9e322091f97896f45f3da6d5ca8a788e01d3c74d12ef524361744", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:46", "1839519", "da180ca961b9acc2dccbfccb68f0bd5acddd2658fb77bd1495b826c71a5a12df", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:45", "1839518", "8186041eef61d4e4fe4816aec2176399ed26242bd171c9792ef009f2f3a19460", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:43", "1839517", "9e1a0efff2255bc8f7935374b962147c30b2ceffb25ec7211886ac375778e872", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:41", "1839516", "7ac1baedbfedac58a53fa8f0797fa5fda1569dfa3ac892076d53ced667ec0006", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:39", "1839515", "78d0a38af1400fe5420e13b7a19bf1fc4e8e89f81a786b339132cdd10780676e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:38", "1839514", "34f190408932922582014839d495222b25a96c54bbf761429ee2dfbd96f7884b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:36", "1839513", "b4d92af2eaf8e863909cb1224048987406ebb850f88b9db1d19e2ab2ec63bd36", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:34", "1839512", "7388844112b97c2915f15a2b52ea169fce9d42dfa9b77235060328a6bf9aff65", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:32", "1839511", "42f3770fe595e84b5c5ef2ae07fd1ca822678d1fe65c2cae6cb345ba8db86b48", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:31", "1839510", "cc429884cb3742aae383942530592ef8a4964e484f51d9467f7b8ec8352ab4f4", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:29", "1839509", "0116d85f1d356ede1353a834d543b0b72bdadc557e475292cc146b4b2dc1ba75", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:27", "1839508", "2a6528347432f410bf4a961fbb50571b65f5998e6390ee38eaa8960830fc6f82", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:25", "1839507", "e7d14cfd4f8b45cad80901f57d582c2841df729847cb794ea465e6ba34efe999", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:24", "1839506", "13f925f0219f5309f49dc851ec39c26565f89b5405fda42c2ee142b0f1048d4b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:22", "1839505", "48eb97efd3e3e211b425292e939e99a1d06d142cb9a53b13065641ff92431118", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:20", "1839504", "8343e254b3a9e9d7f64eab23fc5ba9def80702993e00de22c34df6efa2f4763e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:18", "1839503", "724b129fa7ff06e95349d7d63b9b5bf109d1ac30d457dd53c1408becf20f4e29", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:16", "1839502", "671bd644e938f22c30ba8a90a244f0d2169b3e6d88d3ecc5f1f6631d0fc720a1", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:15", "1839501", "4c7a76f7163dda816593eecfff94da7074eaffd617d06a6d96d63c01aa5f04dc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:13", "1839500", "667e19d7c08f44ab9f3a80916120d153a8a0bbc32b187e547b8eff3d7236c639", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:11", "1839499", "ddfefdfd08832a727ed070b3edd3d688787fac6396ec31c99215b4a41f166fa7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:09", "1839498", "8c825cbe0e7ed81c4b03a88c5dff945bcd6e13a03f8f53a40410c5b6fa269b86", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:08", "1839497", "86c6f49546cc30759ee2e8d61aab50fb4224dc6ed95a4ae57ad21e36610dfb48", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:06", "1839496", "b3c918289700c93eb750019d8be29bec1d37b7b81fb1ef07a519024d8b0f09e1", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:04", "1839495", "fagaheestedlali.xyz", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:41:01", "1839494", "79df00e83284bb595b4cac69469a13eb0bca11fc372d922ec4ae4bf71b984fd9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:59", "1839493", "813ec0783de84f38dd7068da62fa4447c70ae0a06f4635adcffe22e3b76a3b8c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:58", "1839492", "245563c4bb30f6c72616fa4c72d3d81375a1414443e8c6eb534dcad52161aae7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:56", "1839491", "5625f657d305c8447f4a7f672ac93aa505ced15d64a7e59db75798f85d37603b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:54", "1839490", "44dc5e00cc396fbbc96f6a806c086c17aa053ad68fcc78cb0e9927ea77be5362", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:52", "1839489", "10d07eba8bc5f480f10cbc3760be001f99310905be8ce570b949d50d49f20368", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:51", "1839488", "3394b6df051021f4dfe524b79e6f9dc89f3af1cae34ba05c865239238bcae9a4", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:49", "1839487", "cc4a10d8c63e14b84e159db36c46f19f26a75bb3aee7ef753e0aa3e090d1039a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:47", "1839486", "fce543be52c93a9dcf579ecaa762e6cbaa441294689b6030b693c23478b5f793", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:45", "1839485", "be655712b59af79f0f654eeaef22e66fa30da6ee635fcf5627caf5caf3a9eae4", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:44", "1839484", "6e3653a3e9a72753b8945a8f735fc04502703b05967a407846908863576681e9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:42", "1839483", "iranfitness.top", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:40", "1839482", "a1e3eb31cbb58f41a30293286b0393d7b24deacea24881248c8acfe615e22278", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:31", "1839481", "jarayemaleyhamval.xyz", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:15", "1839480", "6fd543bd45878c56418593990fd798629098f9fbe277214875445e5ed9129b65", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:40:06", "1839479", "mokatebatedari.xyz", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:55", "1839478", "antigravity.study", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:53", "1839477", "chatgpt-web.vip", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:51", "1839476", "defi-xstocks.vip", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:48", "1839475", "clacndjsvulnarbi.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:43", "1839474", "194.76.227.172:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:41", "1839473", "2.27.5.153:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:37", "1839472", "https://devltd.top/flomowk2.zip", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:36", "1839471", "83264e9216fb747d9e0048c6559d66dfca05cf50a1d415ecf212c879d08741ce", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:30", "1839470", "nero-ns-cdns.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:29", "1839469", "cash-js-server.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:27", "1839468", "ns-server-isdjs-icons.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:25", "1839467", "ns-cyber-server.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:23", "1839466", "lcates-vs.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:22", "1839465", "cloud-save-image.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:20", "1839464", "verification-cdn-cloud.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:15", "1839463", "ssg-cdn.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:13", "1839462", "stabcdnvlc.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:09", "1839461", "lckcdnjs.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:06", "1839460", "teamcss.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:04", "1839459", "vsbnsbootstrup.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:39:01", "1839458", "dncloteam.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:57", "1839457", "exdanteam.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:55", "1839456", "neiwteamcdn.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:52", "1839455", "vnmstokns.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:50", "1839454", "bnsclod.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:48", "1839453", "mnoskemp.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:47", "1839452", "bnnsbdsdn-js.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:41", "1839451", "bilfojsclod.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:40", "1839450", "fijscdn.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:30", "1839449", "77.239.114.108:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:26", "1839448", "94.154.35.155:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:24", "1839447", "94.154.35.157:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:22", "1839446", "94.154.35.164:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:19", "1839445", "anlytic-js-cloud.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:17", "1839444", "api-server-cdn.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:15", "1839443", "awesomeisojs.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:09", "1839442", "bkscndclou.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:07", "1839441", "bootstrap-maxcdn.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:05", "1839440", "bootstrup-cdnmaper.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:03", "1839439", "bootstrup-framework-js.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:38:01", "1839438", "buck-cdns-server.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:59", "1839437", "capcha-cdn-js.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:57", "1839436", "cdn-compress-image.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:55", "1839435", "cdn-plugin-js.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:47", "1839434", "0150605913e5cc05dbe79ed8f488d58140ac7c2853ca7853a7a78e9885628b9a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:43", "1839433", "ldt.sequareeus.online", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:36", "1839432", "https://telegram.me/nwwfh8", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:34", "1839431", "https://steamcommunity.com/profiles/76561198719385745", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:31", "1839430", "18ac4062d773325076eaea0844bebb295b18100bbb669c351b02ed79354da157", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:22", "1839429", "www.robinamedicalcentre.com.au", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:19", "1839428", "www.mcttt.gov.fj", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:17", "1839427", "www.woodwardlg.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:37:15", "1839426", "www.hotelmontenegro.cz", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:36", "1839425", "insta360.co.id", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:33", "1839424", "bca.edu.pk", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:29", "1839423", "opportunitiesforeveryone.net", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:28", "1839422", "6bfb75b0f69099db4778abbdad7bb65f3661d2d23cba6552cced9002f1440ae7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:26", "1839421", "gustoantico.ch", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:24", "1839420", "lastoriadelcaffe.ch", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:22", "1839419", "meierhealthcare.ch", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:21", "1839418", "sparkleup.ch", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:19", "1839417", "650ded564d3297b2c4dd55fb9e85e67355a43923c17767788fa6f441a59391c4", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:17", "1839416", "initial-scale=1.0", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:14", "1839414", "ae77b39f852383ae85c438497d7b528b9e60d082e9c6abc80962d914736f8174", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:14", "1839415", "890193eca05d38dffc646205959a67d0dd6e9b4d0a537f68d515b69646caf17c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:12", "1839413", "435774098eaebc446f24f977b26cfc432a8b04d4bc9c10c96f802214707d32bd", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:10", "1839412", "deae4e644e8025371cee37a3562975c46de03ab742aa3b74c026812a747efcf9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:08", "1839411", "4162dfc409dd2855deb33cdc2828e9aa866985d187b1463550feb359f3cbd954", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:06", "1839410", "e5be3d8543f00a59e9694d68bd1ea3b085b654a24a6113444bbc0ef8640343e5", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:05", "1839409", "50482c70750d30c2d8ad24c5f6ee46ecb6cd28162de7a6d2d23876ca17d4ed89", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:36:02", "1839408", "994a5f1d261229dcb3b89233d540b9edb5015c62780171ad1fcf40646d206f61", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:59", "1839407", "f6468f29494501aaaee6df60e848aca18774611c9fa3a76e659e686c8c25954b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:57", "1839406", "ad63118ec4e540d2f4c0419d4d6f253fc378611aa82c78677a9eabe3489cbc7e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:56", "1839405", "d6c7108abcfa11e5e20e5c80d6bbf6fbeaf0695f5e13d25ef3c16779e38118f3", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:54", "1839404", "ec59831e37a33f9206c1545125d4ccfd64da2ccc52f0962bbcc6a4fa1af7ea65", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:52", "1839403", "71f413c994c2440f30bf04dc27c5267c5bb033d38ad1fd0f25d32de4f27e95da", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:50", "1839402", "bc56317243189038f87628f895aa739b1fd5fede6b3ea98e02dbbe634e0bd7e4", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:49", "1839401", "aa89ad65c2434a64ad5482dfccf0d9b2a799e077141be3f9daf573793d96d528", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:47", "1839400", "ed257c6c25bf11eeb7c43db19686f5d846dc082013bc152b3694d819d64c7e5a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:45", "1839399", "7b73d35a97658a13599a8233ae1c2d9dbf25f5b672865b32a80f98e22671dd94", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:44", "1839398", "8aa06f1bb5a4aa843d803bcf0a646f9ab094b8afc9dfa4cf639ea3118e6c6bb9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:43", "1839397", "d78d9fb3655e9a82462b84bb1da4a167d2c7fb43a334e2575e3c3d5a9cf1355b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:42", "1839396", "409c84781854d26a3b4a0e61b7873dca642dd0f848f1bcc75d95beacf3f0ad9a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:40", "1839395", "55b45570bae5a8268fe1cbf943f3cd2615c80234ffde342569d0e44ad58b2dad", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:38", "1839394", "59466a6f6e4471e68ca42a85e3bda70794d023c541013fa2df357b8e4d238e61", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:36", "1839393", "1dcaf8ff52269dca2c224e2f6d868576155cdd9d2ceab2f206d0c37b59ed38db", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:35", "1839392", "0ab2fe60e6a9c59a3c2a645653883151b80883079d78099179d4a256c10c554b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:33", "1839391", "b830f043076a12748b6a2dc0810ece85439ee77434d991ae7d84201b09ead756", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:29", "1839390", "454850749d874755a8e1e43e5a128a9fa39ffe49f5ffdbe9f264b5997ccb039c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:28", "1839389", "acc38d4b54fbcfd60d86551b4a06771f4b29f1ac7dc4392d86ddeded18b110d5", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:21", "1839388", "4039f4b7894969cd03b96e0e004b2da18445e24eb6dbfdec09a1a0de685e4215", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:16", "1839387", "3ddd8f09dc777f42558989e0e32631982ecdb93300dfbd7f9bbfb8f462c14022", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:14", "1839386", "1e2e4e41198b8497b8e8a2853645fc10f763b0e4e299a68f614b8a22b3e30022", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:10", "1839385", "b6912c23cccc4b0964d55608916297f6978f0b38c80a4beac472004a786fcef7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:06", "1839384", "f7ae66c8b93850663c6c20d6a405189e4fdef2c9de46dee7c283de24bf0c2137", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:05", "1839382", "0741ef664b10674534eba0e77c162b901d1efdb2863e2f8046ed4adc2ac6865f", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:05", "1839383", "df15eaf4f30afa77031861ce664291dc880977506b09e747a065edf41a6faf3b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:03", "1839381", "9e6b554e7a442878b6d5f60bd82ca28cb22ef29e41f2bd13e8fcb05dd81d4562", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:02", "1839380", "fa868603841380979823c72d0eb9c18fdf4bc877f0f8f0982bb647151fad9906", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:35:01", "1839379", "4dc8daeb8563b9fe0eec40ce0d32d9987d1280cb69a588dd4f6ea41b6fefc218", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:58", "1839378", "f609202eaeec428706aec08f32c50978bc49515fe11e9146afa03e8e472a8883", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:56", "1839377", "b4d18f3e85c518921941aff9cbc10d92c48087fb013fec78b41907223662163c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:55", "1839376", "41c6a9b7cc368a6f5e4d63ec7dc407eb66b1ccdb2dc727f2520b894c87b0ae3d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:54", "1839375", "924138f5d487abd853e2d6bd792736112054504b7c8e324556f5ee01f54d2fbc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:52", "1839374", "fcd3b80ec4b61eebdec2785ea74fefffdf1e5b580f329a1717972225c78b8133", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:50", "1839373", "fd7a3cdd0fa8481dab663c5d58d63667011e8dc3fba310f83e59b26c74521fe4", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:49", "1839371", "2b977fcbd6f3587d1f680d26eeed21981a9029bd57874a0d526f3f4d0d122da1", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:49", "1839372", "b751b3e82e1fe57e8c32fef2373694ff889bfe4336124ec9ec61d22920e26d23", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:45", "1839370", "2d3200584452bf1e11a3f00373ee82fdd419cc0ec455d720ebf6d1c414e46275", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:44", "1839369", "0f7a4ed93500ae446ab6cb923125c4bd220b9bae4ab0ad418599aceec324d04e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:42", "1839368", "514a4732ccf9faf6f43478e0424a3f8803e261fea97ffd428cb8329a61226659", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:06", "1839367", "chicago-bbq.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:04", "1839366", "clainasns.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:02", "1839365", "claudesave.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:34:00", "1839364", "claudjaframework.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:58", "1839363", "cloudcdnginx.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:56", "1839362", "cloude-js-server.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:55", "1839361", "createbeer.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:53", "1839360", "darndcs-js.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:51", "1839359", "dhnsdns.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:49", "1839358", "exp.in", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:48", "1839357", "fetestjs.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:46", "1839356", "fontawesome-js-cdn.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:41", "1839355", "fonts-fontawesome.click", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:39", "1839354", "framework-jsoncdn.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:37", "1839353", "frameworkjsbns.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:35", "1839352", "fredcreate.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:33", "1839351", "gdnssljs.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:30", "1839350", "graciasdenada.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:28", "1839349", "hahletsgoagain.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:27", "1839348", "hcountry-cdn.cfd", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:25", "1839347", "hpscdn.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:18", "1839346", "las-js-claud.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:15", "1839345", "ldnscreatejs.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:13", "1839344", "lmstles-bootstrapped.click", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:11", "1839343", "lnfcdnclad.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:07", "1839342", "mcdns-imager.click", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:06", "1839341", "mistraljs.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:33:01", "1839340", "ns-claude-js.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:59", "1839339", "ns1cdnclaude.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:57", "1839338", "nshtjscdn.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:55", "1839337", "nsserdns.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:53", "1839336", "nsserv-bootstru.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:52", "1839335", "nsservclod.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:50", "1839334", "nstdcs.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:48", "1839333", "nvbfcdnclaud.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:46", "1839332", "olnsclaud.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:45", "1839331", "oplod-cdn-bootstrap-28.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:43", "1839330", "panelwork.cfd", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:41", "1839329", "polygon-cnd-stats.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:36", "1839328", "sane-cdn-js.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:34", "1839327", "sbnsdns.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:32", "1839326", "sccdnd-ltyles.click", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:29", "1839325", "slndcdnclaud.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:27", "1839324", "slngftr.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:25", "1839323", "smetana-js.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:23", "1839322", "smfcdnbb.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:20", "1839321", "sns-clauder-cdn.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:18", "1839320", "sr-hostes-js.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:16", "1839319", "ssjscrybootstrup.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:15", "1839318", "ssns-cdn-ns.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:11", "1839317", "testesclaus.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:09", "1839316", "travel-js-ns.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:08", "1839315", "unacerveza.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:02", "1839314", "virtual-cdncloud.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:32:00", "1839313", "viscdnclaud.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:31:56", "1839312", "vlns-andb-cdn.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:31:55", "1839311", "vrfimgjs.click", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:31:53", "1839310", "vsactivens.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:30:39", "1839309", "09120c6637578e163ebad21e650c77bf0a23d8b48aaf887d72fb971a17e0327c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:30:34", "1839308", "caea180952b57ccf9ce66b81578fa3096bc877ec6a6a7a1ac8352eba3100edd6", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:30:32", "1839307", "0b1f3390d9fc8cba8725e19adcf30bd6fef8651fb85c5cb919775eb14286d599", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:27:17", "1839306", "d7396fd0f9509212d99d653cc91bc99d64281447af4aa7db66a7c049a3b75b67", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:26:12", "1839305", "gasshopper.sale", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,ErrTraffic,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:37", "1839304", "matrix-config.net", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:35", "1839303", "openandopen.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:33", "1839302", "meetinformation.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:31", "1839301", "getimageinformation.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:30", "1839300", "tryinformation.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:28", "1839299", "documentmanagement.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:26", "1839298", "45.143.166.36:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:24", "1839297", "188.119.122.123:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:23", "1839296", "51.222.96.111:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:21", "1839295", "153.75.90.37:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:19", "1839294", "153.75.90.64:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:17", "1839293", "153.75.90.66:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:16", "1839292", "153.75.90.67:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:14", "1839291", "1-you.njalla.no", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:12", "1839290", "2-can.njalla.in", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:10", "1839289", "3-get.njalla.fo", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:25:08", "1839288", "c23bf7fd69a2cd8c3d5eb8bd1e7dac371a207e95b77ce05047193764cbc0a897", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:56", "1839287", "findyoursoftupdate.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:54", "1839286", "personalprogrammupdater.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:53", "1839285", "popularsoftupdates.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:51", "1839284", "captchadefence.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:49", "1839283", "gatekeepernet.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:47", "1839282", "topclouddefence.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:46", "1839281", "cloudbreachdetection.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:44", "1839280", "cloudsupergatekeeper.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:42", "1839279", "premiumcloudguard.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:41", "1839278", "perfectcloudgate.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:39", "1839277", "powerfireguard.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:37", "1839276", "powerfullcloudflare.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:35", "1839275", "cdnstatus.us.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:34", "1839274", "5f1b5a914ec38e997b077a93a9c7d174165756b8b5f8dd731dc2f98f14f06cde", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:30", "1839273", "fc76860e01af5e28fa484927559f9a5138d64d8dcea4c23bf1e361f046e2e156", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:28", "1839272", "50868954dbd4daa70e117c58ae8426cb9f5c13ed96d0f60d764590517e95e7cc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:25", "1839271", "08e8efef3bd0fbb1ec1e098ec83563314dddbf28d8801b1ab3c77cb86c1b3838", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHide,EtherHiding", "1", "m_govcert_ch" "2026-06-29 13:24:23", "1839270", "2362ed8f4009e137a598ae749dacee4612560fdee4b2cc8b71d712fe0c7d1dcc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 13:24:21", "1839269", "b9befdb3bd01faf9dc6cdc1f6f5ec5931a4f4560f2917c1e6ce97208c0504747", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 13:24:15", "1839268", "1d4dab0bc6e3d654d4f7cd3be4a2153d1b4821199765d77cb0de48a0d533f122", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 13:24:13", "1839267", "881be71c4df6c699d18688b98e554d9c63374b1409ecd8ac63d3562288dac53c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 13:24:11", "1839266", "91359861a6912d074603eaba0cbe61dd2a5e6800df9db4b8942ddaf50ef042bc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 13:24:10", "1839265", "cd8b89cac64af045e8720d959016027bbe3f4a6e893fc0611a934fe7f0b1eddd", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 13:24:04", "1839264", "b421e8f0903263e37fe4d9830e67afec9f69d7c80d76c1a5f446944715d6f8db", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,EtherHidingMagecart", "1", "m_govcert_ch" "2026-06-29 13:15:49", "1839263", "154.12.19.70:22012", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/ffe98374173d7c2084a1a6953b308c13a8b9493294af831c23542b0d88654036/", "valleyrat_s2", "0", "abuse_ch" "2026-06-29 13:15:48", "1839262", "154.12.19.70:22011", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/ffe98374173d7c2084a1a6953b308c13a8b9493294af831c23542b0d88654036/", "valleyrat_s2", "0", "abuse_ch" "2026-06-29 13:15:02", "1839257", "https://caribe-lawyers.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-06-29 13:05:09", "1839250", "39.107.238.247:5666", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-29 13:05:07", "1839248", "83.228.214.187:443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "True", "None", "quasarrat", "1", "_ik_" "2026-06-29 13:05:07", "1839249", "110.42.252.147:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-29 13:05:05", "1839247", "102.220.160.222:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-29 12:38:11", "1839245", "https://alphakey.ae/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/alphakey.ae", "ClickFix", "0", "CarsonWilliams" "2026-06-29 12:38:10", "1839237", "751.lol", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/bee4e24128c232853bc1decc9e5db2cf0fcb14538936adf01d6356beb4ac820c/", "751Stealer,c2", "0", "burger" "2026-06-29 12:38:09", "1839242", "https://crown-seema.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/crown-seema.com", "ClickFix", "0", "CarsonWilliams" "2026-06-29 12:38:09", "1839243", "plaguec2.cc", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/bee4e24128c232853bc1decc9e5db2cf0fcb14538936adf01d6356beb4ac820c/", "c2,PlagueStealer", "0", "burger" "2026-06-29 12:38:08", "1839244", "51.195.202.236:5173", "ip:port", "botnet_cc", "win.overlord", "None", "Overlord RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/db29882c1be518e6addf815fd941d3c29c60d3c225dc693afb5adefb07831ce9/", "c2,OverlordRAT", "0", "burger" "2026-06-29 12:38:08", "1839246", "https://www.sosolidworld.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.sosolidworld.com", "ClickFix", "0", "CarsonWilliams" "2026-06-29 11:46:48", "1839241", "209.200.246.194:35885", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:03", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-29 11:46:28", "1839240", "116.213.42.110:5006", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-29 11:46:18", "1839238", "updatesrv.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-29 11:46:18", "1839239", "web-analyzer-serv32.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-29 11:15:03", "1839236", "https://jasyn.kz/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-29 13:31:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-06-29 10:54:05", "1839165", "178.62.3.223:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "90", "False", "None", "c2,erebus-v14,nation-state-hunter,t1055,t1059_003", "0", "Erebu" "2026-06-29 10:54:05", "1839170", "111.229.114.105:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 10:54:05", "1839171", "172.104.173.62:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 10:54:04", "1839172", "23.234.72.111:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 10:54:04", "1839173", "59.110.241.158:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 10:54:04", "1839174", "95.182.96.193:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 10:54:03", "1839175", "95.173.222.59:5432", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "postgres,takeover", "0", "nullblue67" "2026-06-29 10:54:03", "1839176", "3.129.187.38:5432", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "postgres,takeover", "0", "nullblue67" "2026-06-29 10:54:02", "1839177", "112.52.34.18:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:54:02", "1839178", "134.209.202.49:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:54:02", "1839179", "167.94.146.49:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:54:01", "1839180", "172.236.228.227:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:54:01", "1839181", "173.255.225.25:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:54:00", "1839182", "193.32.162.60:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:54:00", "1839183", "199.45.155.108:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:53:59", "1839184", "2.57.122.202:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:53:59", "1839185", "20.150.193.32:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:53:58", "1839186", "20.65.195.35:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:53:57", "1839187", "209.50.170.112:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:53:57", "1839188", "45.79.5.11:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:53:56", "1839189", "47.84.194.39:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:53:56", "1839190", "65.49.20.67:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 10:53:56", "1839235", "129.212.233.8:9034", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-29 10:00:21", "1839234", "https://jiy.psgiran.news/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:25:51", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-29 10:00:20", "1839233", "jiy.psgiran.news", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:25:51", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-29 10:00:19", "1839232", "https://jiy.jangkarsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:25:39", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-29 10:00:18", "1839231", "jiy.jangkarsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:25:39", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-29 09:55:17", "1839230", "39p49guo.mokatebatedari.xyz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-29 09:47:08", "1839222", "178.104.119.162:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:47:08", "1839223", "77.42.88.66:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:47:08", "1839224", "167.233.114.81:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:47:08", "1839225", "167.233.207.52:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:47:08", "1839226", "167.233.193.229:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:47:08", "1839227", "91.98.87.85:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:47:08", "1839228", "167.233.198.35:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:47:08", "1839229", "167.233.204.162:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:45:40", "1839221", "5.8.19.155:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-29 09:45:31", "1839220", "45.92.158.150:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:45", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-29 09:45:28", "1839219", "45.74.7.168:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:43", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-29 09:45:08", "1839218", "27.102.137.139:14645", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-29 09:45:07", "1839215", "fog.psgiran.news", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:45:07", "1839216", "gpy.psgiran.news", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:45:07", "1839217", "iii.psgiran.news", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:45:06", "1839212", "fog.jangkarsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:45:06", "1839213", "gpy.jangkarsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:45:06", "1839214", "iii.jangkarsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:45", "1839211", "https://167.233.204.162/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:44", "1839205", "https://77.42.88.66/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:44", "1839206", "https://167.233.114.81/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:44", "1839207", "https://167.233.207.52/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:44", "1839208", "https://167.233.193.229/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:44", "1839209", "https://91.98.87.85/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:44", "1839210", "https://167.233.198.35/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:43", "1839199", "https://gpy.jangkarsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:43", "1839200", "https://iii.jangkarsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:43", "1839201", "https://fog.psgiran.news/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:43", "1839202", "https://gpy.psgiran.news/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:43", "1839203", "https://iii.psgiran.news/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:43", "1839204", "https://178.104.119.162/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:42", "1839196", "https://steamcommunity.com/profiles/76561198680197300", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:42", "1839197", "https://telegram.me/af97ri", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:42", "1839198", "https://fog.jangkarsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-29 09:44:11", "1839195", "193.35.17.42:9956", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-29 09:44:08", "1839194", "192.162.199.149:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:16", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-29 09:43:49", "1839193", "178.128.133.69:8080", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:55", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-29 09:43:13", "1839192", "107.174.142.104:5543", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:15", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-29 09:43:10", "1839191", "104.168.38.165:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:11", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-29 09:34:19", "1839169", "dsr.bet1forward.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-06-29 09:30:42", "1839168", "203.159.90.247:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/aff8f851155a1e45b120dfcf0ccd0ff9679ee0d3ae4284b09d01c88ff46b48bb/", "remcos", "0", "abuse_ch" "2026-06-29 09:05:07", "1839167", "151.239.25.40:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-29 08:19:40", "1839166", "idverification-cdn.info", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:30:22", "90", "False", "None", "ClearFake,ClickFix,EtherHiding,Polygon", "1", "m_govcert_ch" "2026-06-29 08:11:17", "1839164", "137.220.140.4:8888", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/54ad3d4d8342ddea5cc6adea83d26a574a11d7e5133a04af6999a87adbbc2336/", "valleyrat_s2", "0", "abuse_ch" "2026-06-29 08:11:16", "1839163", "137.220.140.4:15443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/54ad3d4d8342ddea5cc6adea83d26a574a11d7e5133a04af6999a87adbbc2336/", "valleyrat_s2", "0", "abuse_ch" "2026-06-29 08:05:06", "1839161", "122.51.108.168:4444", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-29 08:05:06", "1839162", "192.243.120.239:8089", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-29 08:05:05", "1839160", "103.101.176.234:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-29 08:05:04", "1839159", "38.38.250.68:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-29 07:53:26", "1839082", "27.133.154.218:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "c2,erebus-v14,nation-state-hunter,t1055,t1071_001", "0", "Erebu" "2026-06-29 07:44:17", "1839158", "1j4lxwuu.1xboropartners.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-29 07:40:45", "1839157", "107.172.13.198:8080", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/5b88eb2c33e9389324abd2f14064a0c1861bdccd5ee12c49e6620112c2c8dfaf/", "remcos", "0", "abuse_ch" "2026-06-29 07:40:23", "1839155", "backupper.pro", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:24:08", "90", "False", "None", "BSC,ClearFake,Magecart,WebSkimmer", "1", "m_govcert_ch" "2026-06-29 07:40:23", "1839156", "cdn.api-middle-connect.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:24:20", "90", "False", "None", "BSC,ClearFake,Magecart,WebSkimmer", "1", "m_govcert_ch" "2026-06-29 07:40:21", "1839154", "178.16.53.219:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 16:01:48", "90", "False", "None", "BSC,ClearFake,Magecart,WebSkimmer", "1", "m_govcert_ch" "2026-06-29 07:40:19", "1839153", "wiciauth.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:24:32", "90", "False", "None", "BSC,ClearFake", "1", "m_govcert_ch" "2026-06-29 07:40:14", "1839144", "be32773534e3d4cd7618194949f7628882992f3dfb048c37f4c960505a005b1c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:23", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:14", "1839145", "ada4690c212b7b983e65986c2528c9bdf7cff75589b043ee223a021465c43920", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:25", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:14", "1839146", "833e888570c0873e3ce1f026bf6fe7d5abdc0efdd9e55399084ec6fabe9df21b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:26", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:14", "1839147", "0c86f5737476c1efc6dffed41e548e75ef9aa4b3dd36b59a30edd320bd65a429", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:28", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:14", "1839148", "c6d22ebf9dce5fef2d5f1d87b3007457ef3c6d0193f121305b3d14e85441b43f", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:30", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:14", "1839149", "5239a198297149ff5440bda18c94ce9c8cc2a2212bd95b3c4bedc197c1b9fb1c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:33", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:14", "1839150", "550fe153238e6a8c2cc6cf6a882bdc853fa4bb00721ebf5e7eae863124fd316b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:35", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:14", "1839151", "35f619453b4ab2c491b29d880c6bee8f3ae16700b293bbf31deeae975caa71c3", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:36", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:14", "1839152", "c2ee091e95cdc4b4d677e55dc361d76867367a771b540dade1c698a05a2d5f0d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:38", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:13", "1839135", "ab101c1996f424300c3eddd06c10575585eeca9d2f7c892f3c45c50e9719c690", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:04", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:13", "1839136", "acf4462915e81d81deac3f8e34de6b8cee64cc30dd9f57945794ba0f6dd0a0a8", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:08", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:13", "1839137", "46a8a3d6131259e53ec07ac725c12dcf5a07d677ac35583982038ad397c19ad3", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:10", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:13", "1839138", "42624224dfce7a43fcb9d806db2082c30227a815478b1feb74e8cf8cb64f71d2", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:11", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:13", "1839139", "fa6e5f8bb72cc6b04bafe95f01d664b21c1654381b74154897c3efe32e01104b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:13", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:13", "1839140", "2d32bf0acaaf5ab032313ec4476774390ebc084d9b8459afd284223fcfb6021d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:16", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:13", "1839141", "3f6b065ed2f63b461f23880aee569b9522dd136c20c65bea450f305e9c93f22c", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:18", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:13", "1839142", "0c964ea5e7a7809b665aa2517d078d50020ddc3b0868f11dc77e625ceb9e9712", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:20", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:13", "1839143", "d18d2f76bc553fdecc640c00a548602979c0fcc281b5a626d394937951896822", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:21", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:12", "1839126", "1fd793fc4db29dd42133cb20ea217f29b036d6d0a18d1753ebe56f4544537c32", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:28", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:12", "1839127", "d92133d8434307a99c4c5bbbc905e65c330b38fe991fdcb5b14bd26f70333df9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:32", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:12", "1839128", "5071b6b49624a35b28f6cc66537be58e76daf2fa3de33a1b106bbd1c7c07561d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:33", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:12", "1839129", "b481fa88ec61057add0348646d4c703bf7ee3cfc3c98c8547371e6f3cd2ad0b9", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:35", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:12", "1839130", "d0ab588b2b93e141b7dc39722f92711dd2de0ae5ad0e764f957ba01f92155820", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:37", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:12", "1839131", "cd94f3a58d58d6c3e5c317fae03cc845d2368c42dba736386c1699c4c157d7f3", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:39:57", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:12", "1839132", "9623feb7944da035d38aa653477951b809b4a1c2f6500cd20dd0492889b776f8", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:39:59", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:12", "1839133", "8aaed4d47ae246059967342ee86a0420793c5751dcf86730e8800f31e26ec866", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:00", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:12", "1839134", "c43c3397154a1f2d89b34cc4122842c2abbfeab139486e55e1e2b71b978959cf", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:40:02", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:11", "1839119", "9afbc96639fa400657630e2a3cf4e021a0ab685215b18a03b808e9f27f19fac7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:15", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:11", "1839120", "55abd984d38cf05764b4c7ac4d636dfb827a379be7c975aae6d0a88d545fdf25", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:17", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:11", "1839121", "7448dccda7b3a82c715869498870f0d0216b31f015fc1324aadf73636a9f0af1", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:19", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:11", "1839122", "876f875e31e95dfc8b592594f17e6da1a271293de61fade030ea679b815ca817", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:22", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:11", "1839123", "f95432faa54a492129454056a396b4b31b5211899d0f9611bee7189661ca3188", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:23", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:11", "1839124", "3ed8020622796f70bdf3c16de772b8b45bb542f0af0d9fb639b1513c5c722b53", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:25", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:11", "1839125", "3e2820527d8eb9a5396cc533f976a929ceb016168a5bce6150fc3ba061e04218", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:27", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:10", "1839111", "4d24fab4342c0b19a2ea0d0ca36392f4053331ce57deeb7115eb34aeb35313ca", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:58", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:10", "1839112", "6b3f8442d21103d11bb232c3dfb1dcbac8c576f3e4094c0542baed6b3e4fb657", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:59", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:10", "1839113", "75c3961a5e1e88b1d8599111df547fe8bec37388eede78f121568417de635ffb", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:01", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:10", "1839114", "8bfc5d83dd86d69937a22a091d8aacafbbf0fa7f0c7faa34674fccb1e5b6b657", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:04", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:10", "1839115", "4004d3a14a3c7810c44b363927adea33cd55f4a28f6f0baacd937021fc8ed563", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:07", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:10", "1839116", "6103c24bf10fa4e282d27d63c38934d66bf999b81eb880b9e5761da6496dd575", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:08", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:10", "1839117", "efa24e6d66c558ef12539fbf615c8a607181e676b4da98e96203910fb9cc0e61", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:10", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:10", "1839118", "af387603dc23f60d2bcd1269e6a1b18f4dceb90575f44b15b36e9c04170f14c8", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:36:12", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:09", "1839103", "02e0fb035d480b199f0f2173ed4a8a7b8d6b8340bda05a2af7a20b166a716fe0", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:41", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:09", "1839104", "18338778e3114e19b28f64e4c1bf9d4ccf0cfc4b2783b46b86862fb6bab12a80", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:43", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:09", "1839105", "201c5e3d0a94d4ebe356e8280f430f87bdf6d04d8116aac59e04d7ee3951bae5", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:46", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:09", "1839106", "627867b7897597d74d64f2f722771b87df1796f8a7e7bbff2e0941d25da96a87", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:48", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:09", "1839107", "a2009f634a5dec6911655bb282d95487bf53100a72c70a62e56044a31594aefd", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:49", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:09", "1839108", "425607e394b6da612043b6d91e485c3c4b12910af1c27c1df41397b59d832096", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:51", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:09", "1839109", "e021ef11104505f017fad54273c00d29bf87f537dd102c6fc2f519f8bc6e3f64", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:53", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:09", "1839110", "7c8f07dabe3eedee00f7de27fabc5689b699ea7c932c9c29bde9f5c3e59f9fd7", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:54", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:08", "1839095", "cdc845c61341126fa2a784dfc27a11eef47d05cc323530be7b7a4515d202d838", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:25", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:08", "1839096", "f62af451ebc1e8ef181d022bdcd25af8d152fa0fc8e408eb610d4075efa1e02f", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:26", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:08", "1839097", "d246a63fcffa767c9407a4090489db5986233c63c79f79292ae6e0715673ddad", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:30", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:08", "1839098", "039d75c7bfe0c3917aba98362c636198eafea3f93e4760796abbcd84c2c7e3d1", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:31", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:08", "1839099", "e1287b14eaa142e26a4bb988d8e3431c80d0ffc4401810c07b0d954960738e0f", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:33", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:08", "1839100", "3f18be9db505a0ee69a528269e8bbe2f85cf2116ca465d8f618946013f4bedee", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:35", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:08", "1839101", "80d4451d914a701e293e643ed33ec53c47b0692793c4d7e1a00368170c5cd739", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:38", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:08", "1839102", "c0ac7be40b90efa93340d26787074f5ba40f02762039bdc84d8778419fb8bf46", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:39", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:07", "1839088", "a580e434ed06f2bd779c0e6674a0ff31b69a6aaa5f908d95564b17e23bcb714d", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:11", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:07", "1839089", "058e9c0b3c714b83e131d4990ac5199ee5622ef92dc5d7503f6eaffadb3347a4", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:13", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:07", "1839090", "19d2c2c8f842d70bdd8a9b91ed168e45fbb9a0e3587027e863b3df051f4d3a82", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:15", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:07", "1839091", "6433b5122e362359e61c61ff2a35b885a229fc41d4d9a942be169f711f81173e", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:17", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:07", "1839092", "25009746f1960f36bf2efdea616a087c1cbe8cc00e88d6e5a562e76bfc2e2ec5", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:20", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:07", "1839093", "fd79ca089f7fef7acb21457cde1056c09d36c1fabea56b6333c61171363d320a", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:21", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:07", "1839094", "f943eb5158841d992932c2502e0075eff351cbd368922e9ab256827c4b707c9f", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:23", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:06", "1839087", "22439bc9a2b6716ae7eb5c1aaa9f3ff3ff91cefcbfe27b52763546861121adbc", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:08", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding,GoStealer", "1", "m_govcert_ch" "2026-06-29 07:40:04", "1839084", "qiuy.org", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 07:40:04", "1839085", "abt90shart.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:50:39", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 07:40:04", "1839086", "yekshart.app", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:49:36", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 07:40:03", "1839083", "1xbet.sex", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:35:10", "90", "False", "None", "BSC,ClearFake,ClickFix,EtherHiding", "1", "m_govcert_ch" "2026-06-29 07:24:11", "1839081", "https://rpc-cloud.beer/api/", "url", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake,ClickFix,EtherHiding,Polygon,Stealer", "1", "m_govcert_ch" "2026-06-29 07:05:07", "1839080", "38.190.224.61:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-29 07:05:06", "1839079", "34.181.236.49:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-29 07:05:05", "1839078", "154.94.233.166:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "True", "None", "viper", "1", "_ik_" "2026-06-29 06:43:58", "1839070", "http://103.26.86.217:52895/Mozi.a", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "75", "False", "https://honeylabs.net/lookup/103.26.86.217", "elf,iot,Mozi", "0", "HoneyLabs" "2026-06-29 06:43:57", "1839071", "http://103.213.112.214:49082/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "75", "False", "https://honeylabs.net/lookup/103.213.112.214", "elf,iot,Mozi", "0", "HoneyLabs" "2026-06-29 06:43:57", "1839072", "settra5ldqwgtw5q7z5awbsvlksakyfojuc5slgrz5lvapune4fantqd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Settra%20Ransomware", "ransomware,settra", "0", "TheRavenFile" "2026-06-29 06:43:57", "1839073", "pbxvml6h3wz35qlr5muy2cg5jvjsd4qhjlsztmxj4lqkyohnfdrntqyd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Settra%20Ransomware", "ransomware,settra", "0", "TheRavenFile" "2026-06-29 06:43:57", "1839074", "26z3gms2rshr2zzedxhw5fbucilmgt2inhmxzmuhteyztpxohoqplgyd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Settra%20Ransomware", "ransomware,settra", "0", "TheRavenFile" "2026-06-29 06:43:56", "1839075", "ttfy4zmtiaywfkkmykpxiwtlxkcr5ofvrhqgxxyspgwzbxkc3uze7jid.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Settra%20Ransomware", "ransomware,settra", "0", "TheRavenFile" "2026-06-29 06:43:56", "1839076", "c3u3g7dz2yxkefci3x34jfvfa4gka4iogi4zfjkyxx2c536oqdld4kid.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Settra%20Ransomware", "ransomware,settra", "0", "TheRavenFile" "2026-06-29 06:43:55", "1839077", "https://aheadsupport.co.uk/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/aheadsupport.co.uk", "ClickFix", "0", "CarsonWilliams" "2026-06-29 06:10:48", "1839069", "130.12.182.90:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/47c3f86cd33b11cb9c57df1f9ab4363eab0306e230936cbf45321b17c11fb012/", "remcos", "0", "abuse_ch" "2026-06-29 06:05:04", "1839068", "151.239.25.40:9090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 09:53:51", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-29 05:55:21", "1838807", "103.214.9.20:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:39:58", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:21", "1838808", "116.162.216.223:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:20", "1838809", "123.57.92.77:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:20", "1838810", "134.122.1.61:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:01", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:19", "1838811", "159.203.64.55:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:19", "1838812", "159.89.172.54:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:18", "1838813", "165.22.8.2:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:05", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:18", "1838816", "188.166.154.126:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:17", "1838814", "172.104.63.215:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:08", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:16", "1838815", "174.138.39.122:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:15", "1838817", "194.163.181.15:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:15", "1838818", "213.136.84.163:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-29 05:55:14", "1838819", "217.216.66.74:5432", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:22", "80", "False", "https://twitter.com/NullBlue67", "postgres,takeover", "0", "nullblue67" "2026-06-29 05:55:14", "1838820", "185.76.9.35:5432", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:20", "80", "False", "https://twitter.com/NullBlue67", "postgres,takeover", "0", "nullblue67" "2026-06-29 05:55:13", "1838821", "23.234.72.111:5432", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "postgres,takeover", "0", "nullblue67" "2026-06-29 05:55:13", "1838822", "139.59.67.197:5432", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:18", "80", "False", "https://twitter.com/NullBlue67", "postgres,takeover", "0", "nullblue67" "2026-06-29 05:55:13", "1838823", "138.199.15.161:5432", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "80", "False", "https://twitter.com/NullBlue67", "postgres,takeover", "0", "nullblue67" "2026-06-29 05:55:12", "1838824", "104.207.47.232:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:12", "1838825", "104.207.59.109:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:11", "1838826", "109.91.201.209:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:11", "1838828", "159.195.76.136:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:10", "1838827", "157.245.123.148:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:08", "1838829", "162.227.109.103:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:08", "1838830", "169.150.201.135:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:07", "1838831", "172.185.40.47:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:07", "1838832", "172.202.118.46:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:06", "1838833", "173.177.131.92:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:06", "1838834", "174.170.194.116:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:05", "1838835", "174.18.49.143:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:55:04", "1838836", "176.144.233.36:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:39", "1838837", "176.146.33.242:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:38", "1838838", "178.26.11.44:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:38", "1838839", "185.214.96.150:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:37", "1838840", "191.44.125.4:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:37", "1838841", "191.44.71.181:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:36", "1838842", "191.44.71.39:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:36", "1838843", "191.44.91.71:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:36", "1838844", "2.15.88.196:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:34", "1838845", "20.102.108.84:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:33", "1838846", "209.50.168.38:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:33", "1838847", "217.253.14.112:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:32", "1838848", "217.253.208.240:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:32", "1838849", "37.65.13.51:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:32", "1838850", "37.67.104.221:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:31", "1838851", "37.67.75.82:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:31", "1838852", "45.156.129.127:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:30", "1838853", "60.191.137.103:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:30", "1838854", "64.62.156.10:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:29", "1838855", "65.49.1.182:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:29", "1838856", "66.132.195.118:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:28", "1838858", "71.226.150.30:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:27", "1838857", "70.95.146.19:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:25", "1838859", "73.146.198.16:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:25", "1838860", "73.198.29.237:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:25", "1838861", "74.15.98.76:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:24", "1838862", "75.184.86.154:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:24", "1838863", "79.197.154.178:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:24", "1839067", "4cfyhd61.fagaheestedlali.xyz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-29 05:54:23", "1838864", "80.134.27.93:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:23", "1838865", "82.226.177.82:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:23", "1838866", "85.217.140.1:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:22", "1838867", "85.217.140.9:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:22", "1838868", "87.160.124.215:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:21", "1838869", "88.151.33.203:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:21", "1838870", "88.162.196.213:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:21", "1838871", "88.168.217.152:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:20", "1838872", "88.170.161.23:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:20", "1838873", "89.92.248.142:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:19", "1838874", "90.114.76.109:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:19", "1838875", "90.21.61.108:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:18", "1838876", "90.62.187.41:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:18", "1838877", "90.9.80.38:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:17", "1838878", "91.166.6.193:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:04", "1838879", "91.55.174.82:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:03", "1838880", "91.96.255.15:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:03", "1838882", "92.209.188.108:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:02", "1838881", "92.208.25.142:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:01", "1838883", "93.128.162.24:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:00", "1838884", "95.182.96.193:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-29 05:54:00", "1838885", "162.248.100.101:2", "ip:port", "payload_delivery", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "Mirai,nc", "0", "botnetkiller" "2026-06-29 05:53:59", "1838886", "162.248.100.101:23", "ip:port", "payload_delivery", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "Mirai,nc", "0", "botnetkiller" "2026-06-29 05:53:59", "1838887", "162.248.100.101:4567", "ip:port", "payload_delivery", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "Mirai,nc", "0", "botnetkiller" "2026-06-29 05:53:59", "1838888", "162.248.100.101:8512", "ip:port", "payload_delivery", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "Mirai,nc", "0", "botnetkiller" "2026-06-29 05:53:58", "1838890", "43.241.19.155:9327", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "", "C2,Mirai", "0", "botnetkiller" "2026-06-29 05:53:57", "1838889", "162.248.100.101:2049", "ip:port", "payload_delivery", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "Mirai,NFS", "0", "botnetkiller" "2026-06-29 05:53:57", "1839064", "https://3king.ai/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/3king.ai", "ClickFix", "0", "CarsonWilliams" "2026-06-29 05:53:56", "1839065", "https://3king.live/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/3king.live", "ClickFix", "0", "CarsonWilliams" "2026-06-29 05:53:56", "1839066", "https://3king.app/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/3king.app", "ClickFix", "0", "CarsonWilliams" "2026-06-29 05:53:54", "1838781", "https://vacante-ieftine.ro/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/vacante-ieftine.ro", "ClickFix", "0", "CarsonWilliams" "2026-06-29 05:53:53", "1838782", "https://genova.com.vn/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/genova.com.vn", "ClickFix", "0", "CarsonWilliams" "2026-06-29 05:53:52", "1838787", "http://103.176.16.92:42446/Mozi.a", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "75", "False", "https://honeylabs.net/lookup/103.176.16.92", "elf,iot,Mozi", "0", "HoneyLabs" "2026-06-29 05:53:52", "1838791", "147.182.217.141:8080", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-29 05:53:51", "1838792", "143.20.185.89:18129", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-29 07:40:23", "100", "False", "None", "Mirai", "0", "elfdigest" "2026-06-29 05:05:07", "1839062", "107.173.84.132:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-29 05:05:07", "1839063", "161.153.82.75:10000", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-29 05:05:06", "1839061", "199.30.90.240:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "True", "None", "supershell", "1", "_ik_" "2026-06-29 04:52:42", "1839060", "6xbjz1e7.1xfa.bio", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-29 04:05:04", "1839059", "42.194.195.248:8090", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-29 01:52:52", "1839058", "9lw19l8l.betbuf.live", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-29 01:52:12", "1839057", "xmsjdtn0.betbuf.live", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-06-29 01:23:47", "1839054", "139d50b674112ca42a6f9e2aea789d0a1f3bd64e7ed5584d54bbfa6c7a418f72", "sha256_hash", "payload", "py.venus_stealer", "None", "Venus Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:47", "1839055", "41f8ffacbe031d1db7828d62a8e3a868f8599342", "sha1_hash", "payload", "py.venus_stealer", "None", "Venus Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:47", "1839056", "787d7a0b27f676de5986ff2aeffa694d", "md5_hash", "payload", "py.venus_stealer", "None", "Venus Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:46", "1839051", "e19f312bb3c65120c5faefbded0ce63abb79ae5871fdff02cc1c399c58ff5236", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:46", "1839052", "24aa148b9aa0a391ec5fb157ef1c467f2eb75763", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:46", "1839053", "796c75cc4d7986e8088deeac118b3ff8", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:45", "1839047", "e2ea34aa55123dd1c1c4ca7027b12053", "md5_hash", "payload", "py.venus_stealer", "None", "Venus Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:45", "1839048", "046ead5e49940d24ad2249ff10375d6d1a9057c08d00d1874a2669d7a7b57058", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:45", "1839049", "50619615547d3f65f46546f21c9935913bc5ec44", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:45", "1839050", "83286b40935dc23576b57950f1fe9e62", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:44", "1839044", "ccdd5b209678728be86711582b64f86c", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:44", "1839045", "99fa87f8885cd8d4f0afb63b6c43c0f00d3cdd3edf535c1730641c8f919449b6", "sha256_hash", "payload", "py.venus_stealer", "None", "Venus Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:44", "1839046", "e12a2429c946114b6beb8921b7326b284250ebc8", "sha1_hash", "payload", "py.venus_stealer", "None", "Venus Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:43", "1839041", "496caac1fa6369e93cb48970f72e26da", "md5_hash", "payload", "jar.crossrat", "Trupto", "CrossRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:43", "1839042", "9a9e73edcf3b0732bb82ebcd530d4d9591cd057cbf080fb5f00eecc6366190b8", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:43", "1839043", "e861ed732b772e44994486dbfd62e0d49fb1fcb8", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:42", "1839038", "9f18eac675b554fd802aa4641f61da47", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:42", "1839039", "40079f05ba7cdccac1f62f8e7e1b644bc0a806b58465f5c005725bc54ee73ef1", "sha256_hash", "payload", "jar.crossrat", "Trupto", "CrossRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:42", "1839040", "bd2a22a6bab8f5d5c146f6162ad28244ab22985b", "sha1_hash", "payload", "jar.crossrat", "Trupto", "CrossRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:41", "1839035", "80b9ce821562da8e4178c2e08e761aca", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:41", "1839036", "946754adecdf78d5d3fc21edcf01023405faf7bf698f3a5bf5b98df2060bbc3d", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:41", "1839037", "773b2f09868d6a0ff62927d59f09f9e4d34dc726", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:40", "1839032", "a439f3ed1a23f8fad8a1b5b0e22bbea0", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:40", "1839033", "8ee29f72021306cf5ed6e3a5e7ec19a8e4de837ec77c6dc307ce5dcc96d833b3", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:40", "1839034", "e7ddbec4cc309a35f40ed6127fa108363a56ffd0", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:39", "1839029", "2695e24e6d062fe97e0e3ae4238ecc11", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:39", "1839030", "643812d9c9cc62a10d46401fcca897897d2fbe843014d175206131ad4aeaa576", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:39", "1839031", "9edc9d2206b28c939176a2fc4970ee7c4ca3a65b", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:38", "1839025", "f53a40ad6fae35057880eaf1dbd0624e2ac7c7f1", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:38", "1839026", "3993e71fea3db426410909d3752d4932", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:38", "1839027", "2f33698f3e24d9f7633782c67097b67973630bbf16b51dbb493d59acaf36f5b7", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:38", "1839028", "4a22a0aeef82e9e9094f100e714ad71919ae8a84", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:37", "1839022", "5d465ee2e2567bd59a1110597045c87d14a7a611", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:37", "1839023", "fda577720a8c60c46a37650398fc0144", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:37", "1839024", "be245c2e6674ae197b407cd08b7d995909f79f4b2ea128f2a049ce7227ac5b93", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:36", "1839019", "449b411859b06e87e62ea42985d02ba8c5134716", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:36", "1839020", "d5e9cd5cd5ba38ae51a114cbc2189efa", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:36", "1839021", "bc5a6386c6ecdc49d1714ebf156059d392c8d40def48eca333aee821da492e0a", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:35", "1839016", "ea8402d8d42601b6c8efb38dd19c60e52bb60f09", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:35", "1839017", "d6d0aff94ec9c1d794fa31daf5fad87a", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:35", "1839018", "4a087a74df20ffa9f4acc2427cea2158f76f32ae85389fe396282c8c44fa794a", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:34", "1839013", "2c707ca426222f790dc10216f9784127b386bf75", "sha1_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:34", "1839014", "c21c6962c9902ddbf4d08537ea7d96a4", "md5_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:34", "1839015", "823aa0257a4c971b780e5569f4f93a017db7337f9ae6eb16692c37f68920b6bf", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:33", "1839010", "fab8258cfc30c4a88de0ca122513ea8ddd306f9d", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:33", "1839011", "7e359d8fdd0d72a0971d639c20197d40", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:33", "1839012", "7317d297686d154b4d78217e100df5f57949f05efe095f1a017b5988cddef98b", "sha256_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:32", "1839006", "fe566ca92d40914438c7ce3157a6a0936ac7be94e71e6c37b95ac84177511874", "sha256_hash", "payload", "jar.strrat", "None", "STRRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:32", "1839007", "38fe8d2da94de97b0a6c0e7648dba85e00eeecca", "sha1_hash", "payload", "jar.strrat", "None", "STRRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:32", "1839008", "41251868de0e68da924595a9e4b6b899", "md5_hash", "payload", "jar.strrat", "None", "STRRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:32", "1839009", "f89d864f7d2382e8e2e34c35ef0b435eb6fd3f1e43cc4c2a9e3d2e96faf452f7", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:28", "1839005", "3e7ca33a0746e65cc08a92035af226c0", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:27", "1839003", "b8b16633d9cc1eda12aa9415d2fa2e91f39ffe8b7a94e38812e5c49ac88fe9ca", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:27", "1839004", "ec6c1aa469dea25359080e6e2f22a7dfecb8a14e", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:26", "1839002", "dced1923790be572edf4191106a6dc10", "md5_hash", "payload", "win.dostealer", "None", "DOSTEALER", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:25", "1838999", "d070cecbc810cebe7c1cf373ea69b5fd", "md5_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:25", "1839000", "d6d38c1850e229809385420e9473ebd68fc9ade8d3d2b25052c476741db52bda", "sha256_hash", "payload", "win.dostealer", "None", "DOSTEALER", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:25", "1839001", "2b671eb88103b9af4fb79f494eab79f80f0d7899", "sha1_hash", "payload", "win.dostealer", "None", "DOSTEALER", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:24", "1838996", "4322706ec257b3612d493aec83709abd", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:24", "1838997", "afed5328d5778877ed29130d62987f9492177080a067d249ee303502ef9530d1", "sha256_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:24", "1838998", "87452ff24f31736f014cc9852c6e879d3f3c3b8f", "sha1_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:23", "1838993", "28a483eac56dcdc47c904ce010f34d65", "md5_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:23", "1838994", "123450a779753bd0045cb82de9179cd7a3aad2d560b16a8201ca4eaa7da52ba3", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:23", "1838995", "45bbb23402b9d86278b9953820c9252d33ee85a1", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:22", "1838990", "029714671183c6988e3067a1d2fdec6e", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:22", "1838991", "b30a55c62ea914a9dd179a56583cffffdccdf03b38210b87af7f4064a2a941b5", "sha256_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:22", "1838992", "af51eb484b38c2084bdfca42d5178821238ec5a3", "sha1_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:21", "1838986", "30f5f001631cb48f37b684fcbb7791976dbdadb2", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:21", "1838987", "77ac1472bfb41dcc80e160bc87691abc", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:21", "1838988", "acb2f08fd49a1958c809389b01141248f19bde31dc70b44b9f466ebd8c6dcbd0", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:21", "1838989", "79bb656381c24aacdd3bdae1e6c3ad8448eaf34a", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:20", "1838983", "cbaebbe158ff69d922a67b61eb93b19e3a92306a", "sha1_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:20", "1838984", "948b712d99e0c5cad05416e7f13841bb", "md5_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:20", "1838985", "4ed6520516e5f756f1d020510d5e508c03811b3cb5062eed4bede73df641b779", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:19", "1838979", "4a465658121a15449fadbeed82d37c461e601ae45c08a3d6c992285d31ebf804", "sha256_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:19", "1838980", "f8feca6cc45f6b934201c28a8c0d86409fce8836", "sha1_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:19", "1838981", "a040670ccbe6b4c9841d8706c433997c", "md5_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:19", "1838982", "e21f70aebb96b545be30ba9b92fb7a77321d78da5641ce9f4d7b3ab8f6d09e70", "sha256_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:18", "1838978", "9fc877b010e2c630c4db9efd1e0c5ffe", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:17", "1838976", "a3fed15f05903e3bb645f059a65f5e56ffeab45ab02f535d6df263d4363a6628", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:17", "1838977", "64dda3b0dc00c304bb3b65db472548d7d4c7204c", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:16", "1838975", "390929763242f8f854188b405ac7f5ba", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:15", "1838971", "b7d45389d4acc560c93215f1096befb28cda75f8", "sha1_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:15", "1838972", "e2f13f6d216b70e66ce859e3e0cadcb7", "md5_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:15", "1838973", "39cbd2d2299ebbc1eba6bb1ffab7d87f0016715fb237d0a1a253262b4b9cea13", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:15", "1838974", "6d20314cdc9d3ba60bb44a2ff17666054394dfcb", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:14", "1838968", "7542b7b567d58fde29869a84038ce49f20a8ffe4", "sha1_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:14", "1838969", "4f32445270d6f1a4b3a1692aebce68b0", "md5_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:14", "1838970", "8928d35f3e18435f6c17940a5a9a2515186b5a7a4faa6f681b7d244249daaf0b", "sha256_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:13", "1838964", "94dc6a521549029a2bcd479bf04327518ea0cf0a3a4675d98cb421f256340122", "sha256_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:13", "1838965", "5c7fc0c75b357a21fb920bdb78eaa3a236c7b634", "sha1_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:13", "1838966", "e0227ae2a175af87b2e31d1a47cb3276", "md5_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:13", "1838967", "542ab12e9aa46a0a19d380e7390a84c4628c7316cb7a4bd01a85a8b3a45ca421", "sha256_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:12", "1838962", "a39c3459c3a86a8e1ab58323e878320c85b43b51", "sha1_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:12", "1838963", "7e87c40331ad08fecfeb53c22fccd9d1", "md5_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:11", "1838960", "011c4ffba12eb2a298ff83159177ca7a", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:11", "1838961", "e207ce6f845f84bd247294390e12fd94df499436b8170ec143266405735d36fe", "sha256_hash", "payload", "py.blankgrabber", "None", "BlankGrabber", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:10", "1838957", "c1cda5f5016b812993dd4858fa6fb949", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:10", "1838958", "b2687e641c114589ef0f3e96abb7bdf5758009b72a0ef74f2e7f30fafe7bebe7", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:10", "1838959", "71f8c01b5819fe2d77519326317a1922cbd92a40", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:09", "1838954", "6f9edbfed883db4efc7ede0460ecb3ff", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:09", "1838955", "c942ecd62cc2de17119903a9adb79dc9a382136288a2a5e9385e856a668a3d7a", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:09", "1838956", "75b70ffacf08e1d1cc7d77fbf3dc719c8711f150", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:08", "1838951", "38d02de220bc3849fbc8632696f8dd6c", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:08", "1838952", "ed7a9ad7284781a6961eb2b9715e813c430f732f7535813c0c6285a34e29b67b", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:08", "1838953", "78ecd6ea99e2b709bd1fda2554069451edebd56d", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:07", "1838947", "803dd34dfa729441444bc19a74db9cf5b7fd73a7", "sha1_hash", "payload", "win.wannacryptor", "Wana Decrypt0r,WannaCry,WannaCrypt,Wcry", "WannaCryptor", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:07", "1838948", "2e4931fc4f7fcfcea1192df30ffcb858", "md5_hash", "payload", "win.wannacryptor", "Wana Decrypt0r,WannaCry,WannaCrypt,Wcry", "WannaCryptor", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:07", "1838949", "147c4f3da4b13ba13048e762128aeaf1270a9c9a47c7caf481feb947e4428794", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:07", "1838950", "4b02778c2e6387e73baa0b8404cf7346cd625695", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:06", "1838944", "56210b7439f90f92eba1093292e3b23e6127f693", "sha1_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:06", "1838945", "b2930338fad806be737dd392270160dc", "md5_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:06", "1838946", "555cb9ec0842dce18895c26b81fc108cadc4958970235631fd703d31d7e6ba65", "sha256_hash", "payload", "win.wannacryptor", "Wana Decrypt0r,WannaCry,WannaCrypt,Wcry", "WannaCryptor", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:05", "1838941", "c817079b896094d9aaf6be570b7ee03f87323cea", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:05", "1838942", "1413fa8b1bc8437830fe7dcfc19ebd90", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:05", "1838943", "fcd0a4054eba07a6e2c6697c7e6f116afe494e43cce7ceb99cea6d1ba6faf0b4", "sha256_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:04", "1838938", "79b63082f73ed3cab60901b9256a81b78de4192b", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:04", "1838939", "29e09a2fdea6179f9ac0bbfffecfba99", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:04", "1838940", "0befde76298e1cd14983e1ed0c5858c29a46381f45592acfc9143deca6fc6ecb", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:03", "1838935", "e9e83354951260d9485f21cdaacf954034f1fe05", "sha1_hash", "payload", "py.venus_stealer", "None", "Venus Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:03", "1838936", "ce93846b8a4d42531f4e5950a817bcc1", "md5_hash", "payload", "py.venus_stealer", "None", "Venus Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:03", "1838937", "670482ef4243ca62c495b94b86af529e5b44fa449e524613cee373dd0aa549af", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:02", "1838932", "896235eebadf15fb2fe4333e109b9c7d3e2b7432", "sha1_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:02", "1838933", "3dcd3e2a1919055bd32c83dab86da59e", "md5_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:02", "1838934", "bb9433e362bc054482b4dda309b67271b0de66bd4facb5370d2c48c3a2f69b17", "sha256_hash", "payload", "py.venus_stealer", "None", "Venus Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:01", "1838929", "1db264fab7a33a9962423109aa9fdcf1688eee74", "sha1_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:01", "1838930", "8871665f04a761afb82cd425a9419130", "md5_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:01", "1838931", "8258d0072d4ce97403d82e6560f46d9e135ff8783ed04409870ad7df03035953", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:00", "1838927", "de295da07916a1e68e05fb9f6eb4fee5", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:23:00", "1838928", "536a20ad2c2de578288f060adba7ce718ca8b4ad3e9111e6e461dd482bd34cc8", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:59", "1838923", "007293c1ec4879705375c9f89dfaa78a8b45db6a", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:59", "1838924", "9ac45cd7937cadf8ee6e9b45484aaec5", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:59", "1838925", "d70a183081591e5760f750c5ecf24cac4bd9d9db61b3269ab4933401649cacfa", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:59", "1838926", "f66b4f00e56a4f100c6f179b30e06285ae4230fa", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:58", "1838920", "a8cbb1b5420146a7d3f57bf4115caa96d8930b42", "sha1_hash", "payload", "elf.zhtrap", "None", "ZHtrap", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:58", "1838921", "cdce6c8c32f041f574161f7e2edfd398", "md5_hash", "payload", "elf.zhtrap", "None", "ZHtrap", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:58", "1838922", "09f9d5761ddd83f5830852c9958b35c2f379dbdb1f2ad8a35a8a442911726c28", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:57", "1838917", "a136cb341ae29b97ce6cb1d980bc8c793d85d8bd", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:57", "1838918", "ca4f85f75f459c4963f7e3eb4e295394", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:57", "1838919", "9c9fd1ab06198b6d0aa3222006a7f97e2cb29c5ea3ab1d5f408784c008a32515", "sha256_hash", "payload", "elf.zhtrap", "None", "ZHtrap", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:56", "1838914", "e2885a36319e84ef9c8decc8d261192b13590754", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:56", "1838915", "b953f81730955b8883bc2e8baa9091e6", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:56", "1838916", "20160e27904a71a77b26aeb6edb37aedc6ed18aaffb5f7eb3fbbab035ab3c458", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:55", "1838910", "b435de3e50714d774f42cfdefd710519915e7f987f69da8d5fc1963961519844", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:55", "1838911", "0a5b8f09e60b8c9598e16e1ffb37d877da4d069d", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:55", "1838912", "0184f5f0b05f0bfb33f2657836f00dd5", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:55", "1838913", "11f50bd71ee026c644b2322d84b4a3e03b48455e34ebf478bd6afc32e0fdfbef", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:54", "1838908", "1d0bf06fdc2505d6947d4b2825e888ab5148b68b", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:54", "1838909", "3cc6072eca86948127764f87d84baa85", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:53", "1838905", "688f4b4ecfd26d2529d2c1b21a9d8be2f3245cc8", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:53", "1838906", "193177af43f8f24851b76d2866a11e1f", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:53", "1838907", "e9c6dda67b1da1be30f8b0d4c7ff329c6b9831ae2c413742bbe59cc66690a630", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:52", "1838902", "ed5bdffd8e51239effd147106709a026995deaee", "sha1_hash", "payload", "win.wannacryptor", "Wana Decrypt0r,WannaCry,WannaCrypt,Wcry", "WannaCryptor", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:52", "1838903", "388ed6c8e9e5ba54c49209337f0a71a6", "md5_hash", "payload", "win.wannacryptor", "Wana Decrypt0r,WannaCry,WannaCrypt,Wcry", "WannaCryptor", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:52", "1838904", "cd1ab1369c5b2090a046e27574158e038fabdabc695623b3e85810246990e351", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:22:51", "1838901", "ffb966fce55f67726e7f8084a1dc21b80650e5c05373529b35d93eafcfcc7e26", "sha256_hash", "payload", "win.wannacryptor", "Wana Decrypt0r,WannaCry,WannaCrypt,Wcry", "WannaCryptor", "", "95", "False", "None", "None", "0", "Grim" "2026-06-29 01:05:06", "1838900", "38.54.117.107:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-29 01:05:04", "1838899", "88.216.208.91:65523", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-28 23:45:51", "1838898", "38.54.117.107:6666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-28 23:45:35", "1838897", "117.72.159.96:8777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-28 23:45:30", "1838896", "103.73.161.60:9005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-28 23:05:05", "1838895", "82.157.191.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-28 22:05:05", "1838894", "104.248.201.191:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-28 21:51:44", "1838893", "8zdusrwn.xbetone.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-28 21:47:56", "1838892", "dows.sabad724.bio", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-06-28 21:42:56", "1838891", "htfll3q5.1x303.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-28 21:15:03", "1838806", "https://vihangamyoga.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-28 23:31:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-06-28 20:05:05", "1838805", "82.157.191.79:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-28 19:45:13", "1838803", "54.180.147.42:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:56", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-28 19:45:13", "1838804", "54.180.147.42:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:56", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-28 19:45:11", "1838801", "5.8.19.157:14645", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-28 19:45:11", "1838802", "5.8.19.157:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-28 19:45:00", "1838800", "45.94.23.42:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:45", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-28 19:44:54", "1838799", "45.150.38.95:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:38", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-28 19:44:04", "1838798", "199.247.14.228:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:44:25", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-06-28 19:43:47", "1838797", "185.115.164.59:2892", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:05", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-28 19:43:12", "1838796", "109.227.35.147:4433", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-30 12:43:16", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-06-28 19:43:05", "1838793", "103.11.41.10:8237", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-28 19:43:05", "1838794", "103.11.41.19:16666", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-28 19:43:05", "1838795", "103.11.41.20:1000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-28 19:05:06", "1838790", "106.52.59.233:39001", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-06-28 19:05:05", "1838789", "104.248.201.191:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-28 18:51:27", "1838788", "fjy9zygx.1xsignupbet.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-28 17:50:52", "1838786", "huz6wkqi.mokatebatedari.xyz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-28 17:50:03", "1838785", "mokatebatedari.xyz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-06-28 16:05:05", "1838784", "82.157.78.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-28 15:49:26", "1838783", "jarayemaleyhamval.xyz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-06-28 15:15:53", "1838780", "http://103.146.231.107:80/DFne", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "False", "https://bazaar.abuse.ch/sample/536a20ad2c2de578288f060adba7ce718ca8b4ad3e9111e6e461dd482bd34cc8/", "cobaltstrike", "0", "abuse_ch" "2026-06-28 14:38:00", "1838772", "https://geurtuin.com/?doing_wp_cron=1782651363.9469881057739257812500", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/geurtuin.com", "ClickFix", "0", "CarsonWilliams" "2026-06-28 14:38:00", "1838775", "vacante-ieftine.ro", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,FakeCF", "0", "varysz" "2026-06-28 14:37:59", "1838776", "genova.com.vn", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,FakeCF", "0", "varysz" "2026-06-28 14:37:59", "1838777", "geurtuin.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,FakeCF", "0", "varysz" "2026-06-28 14:37:58", "1838778", "engr-salahuddin.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,FakeCF", "0", "varysz" "2026-06-28 14:37:58", "1838779", "https://citrusocarpetscleaning.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/citrusocarpetscleaning.com", "ClickFix", "0", "CarsonWilliams" "2026-06-28 13:50:10", "1838774", "nqxr9m1i.iranfitness.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-28 13:48:55", "1838773", "iranfitness.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-06-28 13:10:43", "1838771", "http://lawofi.xyz:7538", "url", "botnet_cc", "win.remus", "None", "Remus", "", "75", "False", "https://bazaar.abuse.ch/sample/bb9433e362bc054482b4dda309b67271b0de66bd4facb5370d2c48c3a2f69b17/", "remus", "0", "abuse_ch" "2026-06-28 13:05:05", "1838768", "82.157.78.201:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 09:53:50", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-28 09:46:02", "1838758", "bcxmyrgq.betbuf.live", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-29 18:00:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-06-28 09:45:16", "1838757", "45.74.7.173:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:43", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-28 09:44:03", "1838756", "192.162.199.149:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:16", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-28 09:43:55", "1838755", "185.212.128.231:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:09", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-28 09:43:45", "1838754", "177.22.119.145:9001", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-30 12:43:55", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-06-28 09:43:38", "1838753", "167.94.81.175:62722", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:47", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-28 09:43:34", "1838752", "159.195.193.179:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:41", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-28 09:43:21", "1838751", "141.98.10.150:14648", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-28 09:43:09", "1838750", "103.83.87.87:25900", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:11", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-28 09:43:06", "1838749", "103.11.41.20:201", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-28 08:50:22", "1838745", "rjjgfvu6.vip1xbet.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 12:04:08", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-28 07:46:08", "1838635", "147.182.140.2:12345", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 00:34:55", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-28 07:45:56", "1838703", "bibliorock.lol", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:16", "75", "False", "", "c2,ClickFix,Polygon", "0", "varysz" "2026-06-28 07:45:55", "1838704", "mistertwister.sale", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 06:26:27", "100", "False", "", "c2,ClickFix,Polygon", "0", "varysz" "2026-06-28 07:45:53", "1838705", "memshowblob.forum", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:17", "100", "False", "", "c2,ClickFix,Polygon", "0", "varysz" "2026-06-28 07:05:07", "1838736", "149.50.96.57:8000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:32", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-28 06:36:01", "1838730", "47.236.116.9:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-30 13:00:03", "50", "False", "https://tracker.viriback.com/index.php?q=47.236.116.9", "Amadey,ViriBack", "0", "abuse_ch" "2026-06-28 04:45:05", "1838724", "http://47.236.116.9/y8jdGc5jS/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-29 08:41:24", "100", "False", "None", "Amadey", "0", "abuse_ch" "2026-06-27 23:46:10", "1838710", "45.227.253.121:52445", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-27 23:45:52", "1838708", "134.122.135.120:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-27 23:45:52", "1838709", "134.122.135.53:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-27 21:28:14", "1838698", "8cd1408dbe57b890cb7aac49c60567e659156f376075ef617d5d7afb588daa09", "sha256_hash", "payload", "win.darkme", "None", "DarkMe", "2026-06-29 01:23:31", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:14", "1838699", "6de94861e213b9b876edac4bdc716e141df735b7", "sha1_hash", "payload", "win.darkme", "None", "DarkMe", "2026-06-29 01:23:31", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:14", "1838700", "891776acc33d8c22e4667d51c8370d49", "md5_hash", "payload", "win.darkme", "None", "DarkMe", "2026-06-29 01:23:31", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:13", "1838696", "2b4e83cfdab5b79ae1aa1b4df8dd4503a9c99deb", "sha1_hash", "payload", "jar.crossrat", "Trupto", "CrossRAT", "2026-06-29 01:23:30", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:13", "1838697", "038112c489a65525aaa6c2ede6c33c2a", "md5_hash", "payload", "jar.crossrat", "Trupto", "CrossRAT", "2026-06-29 01:23:30", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:12", "1838693", "8c00b490332ca6af591294e1b2ffd01e708c612f", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-29 01:23:29", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:12", "1838694", "2549dc1f259917a6179f726de0ed45e7", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-29 01:23:29", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:12", "1838695", "737646392a7c882064e22ecb9fc0b2732399e44ced2f56d873e656d0035af288", "sha256_hash", "payload", "jar.crossrat", "Trupto", "CrossRAT", "2026-06-29 01:23:30", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:11", "1838690", "3eae959cc134d89dcfab4f8388569626e166be0e", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "2026-06-29 01:23:28", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:11", "1838691", "885e4c62d17993ccffbfd44a1c128ddf", "md5_hash", "payload", "win.vidar", "None", "Vidar", "2026-06-29 01:23:29", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:11", "1838692", "feea6bd8a190f0820c19df24b870a205d5799a9c75ace8044542496650a91ef0", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-29 01:23:29", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:10", "1838689", "bac12c7b2bc08d4d552e4692bc1566d7d54efc67c3a1131628c491c23626d773", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "2026-06-29 01:23:28", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:09", "1838686", "f2cd38b6c081535971bc76d9aa3560ce3bf33e02986a430464a75e3261c4a8f1", "sha256_hash", "payload", "win.wannacryptor", "Wana Decrypt0r,WannaCry,WannaCrypt,Wcry", "WannaCryptor", "2026-06-29 01:23:26", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:09", "1838687", "cc0ae92edb66b42397a1f91894c0e14d12c83454", "sha1_hash", "payload", "win.wannacryptor", "Wana Decrypt0r,WannaCry,WannaCrypt,Wcry", "WannaCryptor", "2026-06-29 01:23:27", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:09", "1838688", "c0b5ba4fbb2d486362d4be79caecc2b9", "md5_hash", "payload", "win.wannacryptor", "Wana Decrypt0r,WannaCry,WannaCrypt,Wcry", "WannaCryptor", "2026-06-29 01:23:27", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:08", "1838684", "b10573574be99566629f6ca88ba82d0e7e2122a7", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "2026-06-29 01:23:18", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:08", "1838685", "f269378bb7d1c7817fa6200a1198b9df", "md5_hash", "payload", "win.vidar", "None", "Vidar", "2026-06-29 01:23:18", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:07", "1838681", "89eec27c0af96d4932891f02c0a7988b05526012", "sha1_hash", "payload", "win.socks5_systemz", "ProxyBox", "Socks5Systemz", "2026-06-29 01:23:16", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:07", "1838682", "52c76d9b7366f34a1fad3b5b0527e24f", "md5_hash", "payload", "win.socks5_systemz", "ProxyBox", "Socks5Systemz", "2026-06-29 01:23:17", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:07", "1838683", "abb0ddc5d6972b69a938f88cbc354dffbd14adcd13b8049e6654f51dd3f5836d", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "2026-06-29 01:23:18", "95", "False", "None", "None", "0", "Grim" "2026-06-27 21:28:06", "1838680", "716612c11982500cca51970f822ddffb5a4b3aa84fda3cb30ffab6daa94f5248", "sha256_hash", "payload", "win.socks5_systemz", "ProxyBox", "Socks5Systemz", "2026-06-29 01:23:16", "95", "False", "None", "None", "0", "Grim" "2026-06-27 19:46:07", "1838676", "103.146.231.107:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-27 19:45:47", "1838675", "85.137.249.185:8977", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:13", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-27 19:45:43", "1838674", "80.211.129.141:1234", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:08", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-27 19:45:40", "1838672", "68.64.178.130:48951", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:04", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-27 19:45:40", "1838673", "69.48.228.170:65531", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:05", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-27 19:45:33", "1838670", "5.8.18.155:992", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:45:54", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-27 19:45:33", "1838671", "5.8.19.157:14644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-27 19:45:32", "1838669", "5.206.224.226:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-27 19:45:22", "1838668", "45.74.7.170:3305", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:43", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-27 19:45:21", "1838666", "45.74.7.165:8455", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-27 19:45:21", "1838667", "45.74.7.169:7312", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:43", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-27 19:45:17", "1838665", "45.141.234.47:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:37", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-27 19:45:09", "1838664", "37.220.31.90:61135", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:30", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-27 19:43:58", "1838663", "185.212.128.139:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:08", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-27 19:43:49", "1838662", "178.83.121.60:48203", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:57", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-27 19:43:46", "1838661", "173.231.188.244:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-27 19:43:32", "1838660", "155.94.163.75:8797", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-27 19:43:20", "1838659", "138.124.84.7:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:24", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-27 19:43:13", "1838657", "107.174.142.104:6578", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:15", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-27 19:43:13", "1838658", "107.174.142.104:7790", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:15", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-27 19:43:12", "1838656", "107.173.160.177:2850", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:14", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-27 19:43:10", "1838655", "104.37.173.203:14643", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:12", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-27 19:43:06", "1838654", "103.11.41.20:2753", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:08", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-27 19:43:05", "1838653", "103.11.41.10:49584", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-27 19:43:02", "1838652", "101.245.74.162:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:03", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-27 15:46:40", "1838629", "47.86.184.71:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-27 15:46:01", "1838628", "test.officeplustool.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-27 14:15:03", "1838620", "https://rssssociety.org.in/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-28 15:31:02", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-06-27 09:43:07", "1838598", "103.11.41.20:9087", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:08", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-27 08:05:05", "1838554", "128.90.141.159:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:20", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-27 08:05:05", "1838555", "188.212.158.4:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:14", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-27 07:05:05", "1838532", "8.152.212.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:22", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-27 06:24:38", "1838464", "129.212.233.8:8080", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 02:15:12", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-27 06:24:33", "1838474", "147.182.140.2:9035", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 09:12:03", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-27 06:24:31", "1838478", "47.108.60.27:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:14", "50", "False", "None", "37963,c2,censys,cobalt strike", "0", "sojubear" "2026-06-27 06:24:30", "1838489", "147.182.140.2:34567", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 12:56:18", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-27 06:24:12", "1838176", "147.182.140.2:9034", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 09:03:51", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-27 06:05:06", "1838519", "62.0.120.51:82", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 09:54:10", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-27 06:05:06", "1838520", "114.132.199.129:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:38", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-27 04:05:05", "1838498", "27.124.43.249:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:24", "100", "True", "None", "dcrat", "1", "_ik_" "2026-06-26 19:45:25", "1838183", "82.165.79.60:1336", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:46:10", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-26 19:45:15", "1838182", "5.200.255.45:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:54", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-26 19:45:00", "1838181", "45.254.246.208:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:40", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-26 19:44:13", "1838180", "209.54.103.150:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:34", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-26 19:44:00", "1838179", "193.169.194.63:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-26 19:43:19", "1838178", "141.98.189.248:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:26", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-26 19:43:05", "1838177", "103.11.41.19:52814", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-26 16:12:29", "1838151", "147.182.140.2:8443", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 13:05:32", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-26 16:12:27", "1838156", "147.182.140.2:8080", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 12:42:56", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-26 14:37:32", "1838146", "147.182.140.2:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 12:33:35", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-26 14:00:06", "1838143", "64.83.33.240:5173", "ip:port", "botnet_cc", "win.overlord", "None", "Overlord RAT", "2026-06-30 13:00:07", "50", "False", "https://tracker.viriback.com/index.php?q=64.83.33.240", "Overlord,ViriBack", "0", "abuse_ch" "2026-06-26 14:00:05", "1838140", "192.3.16.35:5173", "ip:port", "botnet_cc", "win.overlord", "None", "Overlord RAT", "2026-06-30 13:00:06", "50", "False", "https://tracker.viriback.com/index.php?q=192.3.16.35", "Overlord,ViriBack", "0", "abuse_ch" "2026-06-26 14:00:05", "1838141", "192.3.16.34:5173", "ip:port", "botnet_cc", "win.overlord", "None", "Overlord RAT", "2026-06-30 13:00:06", "50", "False", "https://tracker.viriback.com/index.php?q=192.3.16.34", "Overlord,ViriBack", "0", "abuse_ch" "2026-06-26 14:00:05", "1838142", "185.103.166.53:5173", "ip:port", "botnet_cc", "win.overlord", "None", "Overlord RAT", "2026-06-30 13:00:07", "50", "False", "https://tracker.viriback.com/index.php?q=185.103.166.53", "Overlord,ViriBack", "0", "abuse_ch" "2026-06-26 14:00:04", "1838139", "192.109.200.233:5173", "ip:port", "botnet_cc", "win.overlord", "None", "Overlord RAT", "2026-06-30 13:00:06", "50", "False", "https://tracker.viriback.com/index.php?q=192.109.200.233", "Overlord,ViriBack", "0", "abuse_ch" "2026-06-26 14:00:03", "1838138", "107.175.115.123:8443", "ip:port", "botnet_cc", "win.overlord", "None", "Overlord RAT", "2026-06-30 13:00:06", "50", "False", "https://tracker.viriback.com/index.php?q=107.175.115.123", "Overlord,ViriBack", "0", "abuse_ch" "2026-06-26 13:48:02", "1838137", "87.120.84.133:5173", "ip:port", "botnet_cc", "win.overlord", "None", "Overlord RAT", "2026-06-30 13:00:07", "50", "False", "https://tracker.viriback.com/index.php?q=87.120.84.133", "Overlord,ViriBack", "0", "abuse_ch" "2026-06-26 12:25:27", "1838125", "https://k1h.fileboro.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:25:27", "75", "False", "None", "k5yss1,Vidar", "0", "abuse_ch" "2026-06-26 12:25:27", "1838126", "k1h.fileboro.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:25:27", "75", "False", "None", "k5yss1,Vidar", "0", "abuse_ch" "2026-06-26 12:25:15", "1838123", "https://k1h.hopesm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:25:16", "75", "False", "None", "k5yss1,Vidar", "0", "abuse_ch" "2026-06-26 12:25:15", "1838124", "k1h.hopesm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:25:16", "75", "False", "None", "k5yss1,Vidar", "0", "abuse_ch" "2026-06-26 09:43:14", "1837938", "107.173.9.99:14641", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:14", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-26 09:02:28", "1837922", "139.59.67.197:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-28 21:15:36", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-26 09:02:27", "1837925", "64.227.164.38:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:14", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-26 09:02:26", "1837926", "211.234.111.116:5432", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:23", "80", "False", "https://twitter.com/NullBlue67", "postgres,takeover", "0", "nullblue67" "2026-06-26 09:02:26", "1837927", "77.90.185.248:5432", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:25", "80", "False", "https://twitter.com/NullBlue67", "postgres,takeover", "0", "nullblue67" "2026-06-26 09:02:26", "1837928", "176.65.139.43:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "2026-06-28 21:16:21", "80", "False", "https://twitter.com/NullBlue67", "docker-api", "0", "nullblue67" "2026-06-26 07:39:31", "1837903", "xb.bet1bonus.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-29 02:08:40", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-06-26 07:18:44", "1837844", "superstarlog.click", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:19", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-26 07:18:42", "1837869", "68.183.8.109:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-29 16:36:32", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-26 07:18:41", "1837870", "167.99.36.25:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-29 16:36:44", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-06-26 07:18:38", "1837880", "122.51.221.207:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:45", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear" "2026-06-25 21:05:09", "1837848", "49.232.4.71:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:18", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-25 20:05:06", "1837843", "172.245.196.240:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:56", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-25 19:45:00", "1837840", "217.60.97.3:8899", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:20", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-25 19:44:59", "1837839", "217.60.195.194:14645", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-25 19:44:24", "1837838", "209.54.103.150:8080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:35", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-25 19:43:58", "1837837", "185.192.125.141:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:08", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-25 19:43:34", "1837836", "157.245.171.59:80", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:40", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-25 19:43:25", "1837833", "147.124.223.75:14641", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:30", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-25 19:43:25", "1837834", "147.124.223.75:14643", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:30", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-25 19:43:25", "1837835", "147.124.223.75:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:30", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-25 18:52:39", "1837543", "http://176.65.144.120/bc850000649f490e9617.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-29 11:25:48", "100", "False", "None", "c2,eu1,loader,StealC,stealer", "0", "Bitsight" "2026-06-25 15:45:59", "1837517", "boldtop.click", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-25 13:55:26", "1837358", "verificationscodes.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:30:24", "100", "False", "", "c2,ClickFix,Polygon", "0", "varysz" "2026-06-25 11:46:44", "1837335", "172.245.57.227:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:56", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-25 11:46:36", "1837334", "124.222.218.12:4848", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-25 11:46:22", "1837333", "1.94.187.246:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-25 11:10:48", "1837319", "http://64.89.161.67/3b250ef3f9e542adadfb.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-29 22:48:42", "75", "False", "https://bazaar.abuse.ch/sample/07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7/", "stealc", "0", "abuse_ch" "2026-06-25 09:47:23", "1837297", "8.130.74.111:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:21", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-25 09:46:55", "1837296", "159.75.176.139:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-25 09:46:16", "1837295", "88.198.11.120:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:46:15", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-06-25 09:45:52", "1837294", "5.101.84.82:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-25 09:45:43", "1837293", "45.74.7.166:1377", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:43", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-25 09:45:24", "1837292", "27.124.43.249:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:24", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-25 09:44:34", "1837290", "209.54.103.150:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:34", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-25 09:44:34", "1837291", "209.54.103.150:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:35", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-25 09:44:03", "1837289", "185.115.164.59:3731", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:05", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-25 09:43:32", "1837287", "154.219.98.36:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:35", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-25 09:43:11", "1837286", "104.250.167.40:9093", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:12", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-25 09:43:05", "1837285", "103.11.41.10:55483", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-25 08:49:58", "1837272", "141.94.164.126:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:02", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-25 08:49:57", "1837273", "143.244.165.24:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:04", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-25 08:08:03", "1837242", "101.43.24.136:8899", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-29 07:55:07", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-06-25 08:08:03", "1837243", "169.239.128.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:56", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-25 08:07:56", "1837237", "172.245.196.240:8899", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 09:54:11", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-06-25 08:07:56", "1837239", "8.134.255.60:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:21", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-25 03:14:06", "1837115", "207.180.232.121:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-29 09:40:09", "80", "False", "https://twitter.com/NullBlue67", "rce,redis", "0", "nullblue67" "2026-06-25 03:13:48", "1837153", "178.83.206.213:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-28 17:10:47", "100", "False", "", "C2,Mirai", "0", "botnetkiller" "2026-06-25 03:13:46", "1837154", "178.83.206.213:123", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-28 17:10:47", "100", "False", "", "C2,Mirai", "0", "botnetkiller" "2026-06-25 03:13:45", "1837155", "178.83.206.213:25565", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-28 17:10:47", "100", "False", "", "C2,Mirai", "0", "botnetkiller" "2026-06-25 03:13:15", "1837166", "147.182.217.141:8443", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 06:36:05", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-25 02:56:45", "1837180", "g3byemsx.xbetone.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-28 21:50:56", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-24 23:48:40", "1837171", "45.227.253.121:25338", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-24 23:48:22", "1837170", "130.94.59.160:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-24 23:48:20", "1837169", "121.4.76.54:8091", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:45", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-24 19:45:44", "1837093", "89.124.93.139:49999", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-24 19:45:41", "1837092", "83.136.210.74:7077", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 19:45:33", "1837091", "62.85.21.181:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:59", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 19:45:21", "1837090", "46.246.4.2:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:46", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 19:45:18", "1837088", "45.74.7.163:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 19:45:18", "1837089", "45.74.7.164:6913", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 19:45:17", "1837087", "45.74.7.155:1202", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 19:44:57", "1837086", "27.124.43.241:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:24", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 19:44:11", "1837085", "198.23.185.82:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 19:44:04", "1837084", "192.227.219.81:14645", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 19:43:53", "1837082", "185.115.164.59:65372", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 19:43:53", "1837083", "185.115.164.60:10251", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 19:43:46", "1837081", "178.16.55.214:55380", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:56", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 19:43:22", "1837080", "146.190.80.105:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:28", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-24 19:43:21", "1837079", "141.98.10.150:14649", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 19:43:12", "1837078", "109.199.97.174:6010", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:16", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-24 19:43:11", "1837077", "107.173.9.99:14642", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:14", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 15:49:05", "1836946", "157.230.237.88:8443", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 01:04:18", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-24 11:48:48", "1836925", "60.217.58.49:2121", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-24 11:48:29", "1836924", "43.131.240.236:8015", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:08", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-24 09:45:56", "1836784", "95.81.79.153:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:21", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-24 09:45:24", "1836783", "45.74.7.160:9405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 09:45:19", "1836782", "45.138.16.56:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 09:45:14", "1836781", "38.207.177.71:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:32", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-24 09:45:00", "1836780", "217.60.195.194:14642", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 09:44:09", "1836779", "192.227.219.81:14644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 09:43:58", "1836777", "185.115.161.32:6943", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:05", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-24 09:43:58", "1836778", "185.115.164.59:30023", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:05", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 09:43:30", "1836775", "154.219.98.36:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:35", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-24 09:43:30", "1836776", "154.219.98.36:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:35", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-24 09:43:23", "1836774", "141.98.10.150:14647", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 09:43:17", "1836773", "128.90.115.181:7011", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:20", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 09:43:12", "1836771", "107.172.140.187:32333", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:13", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-24 09:43:12", "1836772", "107.173.9.99:14644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:14", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-24 09:43:11", "1836770", "107.172.133.195:56001", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 09:43:04", "1836767", "102.220.160.222:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 09:43:04", "1836768", "102.220.160.250:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 09:43:04", "1836769", "102.220.160.250:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-24 06:36:16", "1836682", "cdn-speed.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:30:27", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-24 06:36:16", "1836684", "merkantalolol.asia", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:22", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-24 06:36:14", "1836683", "code.verification-claude-cdn.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:30:26", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-24 06:36:13", "1836685", "superboomer.world", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:21", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-24 06:36:11", "1836687", "129.212.233.8:8443", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 01:00:13", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-24 06:02:24", "1836710", "kyard07v.vip1xbet.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-30 10:03:39", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-06-24 03:46:33", "1836704", "49.233.9.4:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-24 03:45:54", "1836703", "www.rmsmarineservice.com.qwqqwq.ggff.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-23 19:45:49", "1836674", "91.92.242.235:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:19", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-23 19:45:42", "1836673", "82.29.100.224:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-23 19:45:22", "1836672", "46.29.166.65:3481", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:45:47", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-23 19:45:19", "1836671", "45.74.7.161:4509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-23 19:45:18", "1836669", "45.74.7.156:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-23 19:45:18", "1836670", "45.74.7.159:5691", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-23 19:45:14", "1836668", "45.138.16.56:8008", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-23 19:44:13", "1836667", "2.26.17.59:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-23 19:44:04", "1836666", "192.227.219.81:14641", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-23 19:44:02", "1836665", "188.23.173.69:8000", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:44:14", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-06-23 19:43:54", "1836664", "185.115.164.59:51227", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-23 19:43:47", "1836663", "178.73.192.17:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:56", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-23 19:43:29", "1836662", "156.239.47.147:4221", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:38", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-23 19:43:23", "1836660", "147.124.213.155:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-23 19:43:23", "1836661", "147.93.191.75:20500", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-23 19:43:18", "1836659", "137.220.59.55:80", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:43:23", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-23 19:43:05", "1836657", "103.11.41.20:5195", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:08", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-23 19:43:05", "1836658", "103.11.41.20:53523", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:08", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-23 19:43:04", "1836656", "103.11.41.10:53496", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-23 19:43:03", "1836655", "102.220.160.250:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-23 19:43:02", "1836654", "102.117.173.226:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:03", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-23 15:44:35", "1836345", "206.189.94.70:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 13:07:48", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-23 15:44:35", "1836346", "129.212.233.8:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 13:00:49", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-23 15:44:34", "1836347", "157.230.237.88:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 13:03:03", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-23 15:44:34", "1836348", "147.182.217.141:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-30 13:10:04", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-06-23 13:31:17", "1836338", "147.93.191.75:8008", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:32", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-23 07:14:51", "1836278", "111.231.173.74:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:37", "100", "False", "None", "CobaltStrike", "0", "abuse_ch" "2026-06-23 06:51:46", "1836178", "claudverification-id.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:30:36", "100", "False", "", "c2,Polygon,Vidar", "0", "varysz" "2026-06-23 03:46:19", "1836238", "42.193.15.237:9001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-22 23:46:20", "1836201", "62.234.22.228:51123", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-22 19:46:25", "1836148", "42.193.15.237:9002", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-22 19:45:30", "1836146", "72.56.68.200:8443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:46:06", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-06-22 19:45:27", "1836145", "64.89.160.127:60859", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 19:44:50", "1836144", "217.60.195.194:14649", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 19:44:11", "1836143", "2.27.5.72:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 19:43:50", "1836141", "185.115.164.59:50824", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:05", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 19:43:50", "1836142", "185.115.164.60:8455", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 19:43:24", "1836140", "150.40.117.39:4444", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:33", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-22 19:43:10", "1836139", "107.173.9.99:14649", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:14", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 19:43:04", "1836137", "103.11.41.10:9428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 19:43:04", "1836138", "103.11.41.19:5213", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 11:41:17", "1835600", "web-protection.beer", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:39:34", "75", "False", "None", "dead-drop-c2,polygon-deaddrop,SmartLoader,SmartLoader-MaaS", "1", "turnasmyth015" "2026-06-22 11:41:16", "1835590", "llc-image-ico.click", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:39:46", "75", "False", "None", "dead-drop-c2,polygon-deaddrop,SmartLoader,SmartLoader-MaaS", "1", "turnasmyth015" "2026-06-22 09:46:29", "1835573", "204.194.54.198:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:01", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-22 09:46:01", "1835572", "ns2.msgkg.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-22 09:45:59", "1835571", "ns1.msgkg.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-22 09:45:28", "1835570", "5.101.86.23:8455", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 09:45:23", "1835569", "46.161.0.48:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:46", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 09:45:21", "1835568", "45.81.243.44:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:44", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-22 09:44:56", "1835567", "217.60.195.194:14648", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 09:44:19", "1835565", "205.209.106.158:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-22 09:44:19", "1835566", "205.209.106.158:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-22 09:44:18", "1835564", "205.209.106.158:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-22 09:44:05", "1835562", "192.236.217.70:24047", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 09:44:05", "1835563", "192.236.217.70:24048", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 09:43:56", "1835561", "185.212.128.215:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:09", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-22 09:43:16", "1835560", "13.140.160.249:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:21", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-22 09:43:10", "1835559", "107.173.9.99:14648", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:14", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 09:43:04", "1835557", "103.11.41.10:7408", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 09:43:04", "1835558", "103.11.41.19:126", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-22 09:43:03", "1835556", "102.220.160.250:7829", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-22 06:39:32", "1835379", "74.48.84.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:20", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-06-22 06:22:32", "1835346", "3.132.75.97:55510", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-30 01:02:01", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight" "2026-06-22 03:45:53", "1835362", "119.45.166.6:9876", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-21 23:45:40", "1835339", "115.190.149.214:58848", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-21 22:35:18", "1834981", "freesoftupdater.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:25:00", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:18", "1834984", "ocean-animals.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:25:05", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:18", "1834985", "park-lake.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:25:03", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:18", "1834986", "updatecurrent.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:25:42", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:18", "1834987", "updatemsnow.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:25:40", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:18", "1834988", "updateocean.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 16:02:17", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:18", "1834989", "updateyourprogram.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:25:01", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:18", "1834990", "updateyoursoft.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:24:58", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:18", "1834991", "uptodatehere.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:25:38", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:17", "1834976", "animal-zoo-lake.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:25:07", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:17", "1834977", "autoupdaters.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 16:02:18", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:17", "1834978", "autoupdatet.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 16:02:19", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 22:35:17", "1834979", "autoupdatethis.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 16:02:21", "100", "False", "", "C2,ClickFix,Polygon", "0", "varysz" "2026-06-21 19:45:25", "1834964", "5.101.86.67:5691", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-21 19:45:13", "1834962", "45.154.98.254:2004", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:38", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 19:45:13", "1834963", "45.154.98.254:2006", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:38", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 19:44:53", "1834960", "217.60.195.194:14643", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-21 19:44:53", "1834961", "217.60.195.194:14647", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-21 19:44:09", "1834959", "198.23.185.136:7007", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 19:44:05", "1834958", "194.116.236.239:4020", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-21 19:43:51", "1834957", "185.115.164.60:13766", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-21 19:43:28", "1834956", "156.247.51.40:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:38", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 19:43:23", "1834955", "147.93.191.75:90", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 19:43:17", "1834954", "137.220.154.16:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:23", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 19:43:05", "1834953", "103.110.80.154:7444", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:08", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch" "2026-06-21 19:43:04", "1834952", "103.11.41.19:9233", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-21 18:27:36", "1834788", "birdybird.rest", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:26", "75", "False", "", "c2,ClickFix,Vidar", "0", "varysz" "2026-06-21 18:27:36", "1834789", "codecerification.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 16:02:02", "75", "False", "", "c2,ClickFix,Vidar", "0", "varysz" "2026-06-21 18:27:36", "1834790", "holopebamiy.bond", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:24", "75", "False", "", "c2,ClickFix,Vidar", "0", "varysz" "2026-06-21 18:27:35", "1834792", "idverification-code.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 12:29:09", "75", "False", "", "c2,ClickFix,Vidar", "0", "varysz" "2026-06-21 18:27:34", "1834794", "mampodik.asia", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:31", "75", "False", "", "c2,ClickFix,Vidar", "0", "varysz" "2026-06-21 18:27:34", "1834796", "svs-verificationdate.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:30:41", "75", "False", "", "c2,ClickFix,Vidar", "0", "varysz" "2026-06-21 18:27:33", "1834795", "smenapodik.bond", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:29", "75", "False", "", "c2,ClickFix,Vidar", "0", "varysz" "2026-06-21 14:00:20", "1834782", "87.199.196.12:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:46:14", "100", "True", "None", "havoc", "1", "_ik_" "2026-06-21 09:45:40", "1834771", "89.42.134.220:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:17", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 09:45:23", "1834770", "51.79.51.255:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:56", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-21 09:45:12", "1834769", "45.81.243.44:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:44", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 09:45:07", "1834768", "45.140.14.29:1489", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:37", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-21 09:43:59", "1834765", "191.107.87.183:5010", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:15", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 09:43:59", "1834766", "191.107.87.183:8917", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:15", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 09:43:59", "1834767", "191.107.87.183:9140", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:15", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 09:43:51", "1834764", "185.115.164.59:808", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-21 09:43:24", "1834763", "150.40.117.39:43723", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:33", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-21 09:43:22", "1834762", "147.93.191.75:1111", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 09:43:18", "1834761", "141.98.10.150:14641", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:25", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-21 09:43:07", "1834759", "103.67.163.27:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:10", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 09:43:07", "1834760", "103.67.163.27:8080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:10", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 09:43:06", "1834758", "103.6.219.25:6745", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:10", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-21 09:43:04", "1834756", "103.11.41.10:431", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-21 09:43:04", "1834757", "103.11.41.10:51490", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-20 19:45:51", "1834559", "116.213.42.110:5005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-20 19:45:45", "1834558", "100.110.56.1:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-20 19:45:29", "1834557", "89.124.107.161:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:16", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-20 19:45:24", "1834556", "80.211.129.141:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:09", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-20 19:45:23", "1834555", "8.217.141.231:636", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:08", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-20 19:45:13", "1834554", "5.200.176.105:55476", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:53", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 19:45:10", "1834553", "5.101.85.65:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:51", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-20 19:45:07", "1834552", "47.243.211.244:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:48", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-20 19:45:01", "1834551", "45.81.243.44:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:44", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 19:45:00", "1834550", "45.77.254.232:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:43", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-20 19:44:03", "1834549", "198.23.185.136:10900", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 19:44:01", "1834547", "195.20.115.197:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:22", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 19:44:01", "1834548", "195.20.115.197:7829", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:22", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 19:44:00", "1834546", "195.20.115.197:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:22", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 19:43:54", "1834545", "188.23.170.123:8000", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:44:14", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-06-20 19:43:30", "1834544", "162.216.241.206:7997", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:43", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 19:43:13", "1834542", "13.140.160.249:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:20", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 19:43:13", "1834543", "13.140.160.249:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:20", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 19:43:06", "1834541", "104.194.151.163:65381", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-20 19:43:02", "1834540", "102.220.160.217:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 14:00:22", "1834291", "43.138.165.203:9002", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:08", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-20 11:46:49", "1834285", "43.143.244.134:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:09", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-20 11:46:31", "1834284", "139.196.89.43:10443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-20 09:45:43", "1834279", "5.188.61.49:44443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:45:53", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-06-20 09:45:38", "1834278", "47.83.254.175:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:48", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-20 09:45:31", "1834277", "45.32.64.12:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:41", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-20 09:45:20", "1834276", "36.50.85.69:1235", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:30", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-20 09:45:10", "1834275", "217.60.195.176:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-20 09:44:18", "1834274", "198.23.185.136:20600", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 09:44:08", "1834273", "188.253.104.174:2026", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 09:43:25", "1834272", "147.93.191.75:30400", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-20 05:49:56", "1834121", "213.209.159.66:5432", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "2026-06-28 21:15:59", "80", "False", "https://twitter.com/NullBlue67", "postgres,takeover", "0", "nullblue67" "2026-06-19 23:46:13", "1834187", "23.141.12.111:8899", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-19 23:46:03", "1834186", "149.88.66.234:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-19 23:45:54", "1834185", "116.204.36.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-19 19:45:40", "1834170", "97.74.92.237:63334", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:22", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-19 19:45:09", "1834169", "45.81.243.44:7089", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:44", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-19 19:44:17", "1834168", "211.235.43.192:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-19 19:44:13", "1834167", "205.209.106.158:5228", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-19 19:44:09", "1834165", "2.27.5.37:8912", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-19 19:44:09", "1834166", "2.27.5.42:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-19 19:44:06", "1834164", "198.23.185.136:60", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-19 19:44:04", "1834163", "194.48.251.24:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-30 12:44:21", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch" "2026-06-19 19:43:26", "1834162", "155.103.71.115:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:37", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-19 19:43:18", "1834161", "141.98.10.150:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-19 19:43:09", "1834160", "107.172.238.13:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:13", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-19 19:43:03", "1834159", "102.220.160.222:2025", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-19 15:46:33", "1834134", "81.69.253.132:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-19 15:46:26", "1834132", "47.242.0.207:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-19 15:46:26", "1834133", "47.242.0.207:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-19 15:45:55", "1834131", "114.134.187.38:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-19 13:55:35", "1834108", "173.231.188.244:14641", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:53", "75", "False", "https://bazaar.abuse.ch/sample/d113f72b9248e3a89d72d1238a8465af7857822b82951681cff22391ffff3039/", "remcos", "0", "abuse_ch" "2026-06-19 11:46:53", "1834100", "64.90.3.208:7891", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:20", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-19 11:46:35", "1834098", "185.92.190.214:8896", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-19 11:46:35", "1834099", "185.92.190.216:8896", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-19 11:46:11", "1834097", "www.api-aws.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-19 09:45:54", "1834066", "91.92.242.67:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:19", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-19 09:45:43", "1834063", "77.110.119.172:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:06", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-19 09:45:43", "1834064", "78.108.56.64:9405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-19 09:45:43", "1834065", "78.108.57.24:8912", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-19 09:45:22", "1834060", "45.32.66.51:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:41", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-19 09:44:13", "1834059", "198.23.185.82:7777", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-19 09:44:10", "1834058", "194.116.236.239:4068", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-19 09:44:03", "1834057", "186.246.8.63:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:44:13", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-19 09:43:56", "1834056", "185.158.249.112:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-19 09:43:24", "1834055", "147.93.191.75:30700", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-19 09:43:19", "1834054", "139.180.190.68:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:24", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-19 09:43:18", "1834053", "138.2.120.11:61234", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:24", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-19 09:43:15", "1834052", "128.90.105.170:7203", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:20", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-19 09:43:05", "1834051", "103.153.254.32:6933", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:09", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-19 09:43:03", "1834050", "102.220.160.217:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-19 08:00:23", "1834034", "198.23.185.136:3000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:24", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-19 07:43:54", "1834029", "151.239.24.122:9090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:51", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-19 05:56:52", "1833906", "45.198.224.5:2375", "ip:port", "payload_delivery", "elf.mirai", "Katana", "Mirai", "2026-06-29 09:40:42", "80", "False", "https://twitter.com/NullBlue67", "docker-api,rotator", "0", "nullblue67" "2026-06-18 23:45:44", "1833917", "115.190.147.66:63512", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-18 19:45:29", "1833874", "91.92.240.194:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:19", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 19:45:28", "1833873", "91.124.19.150:4509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:45:26", "1833871", "87.76.179.153:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:45:26", "1833872", "87.76.179.22:8814", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:45:22", "1833870", "82.146.52.98:8790", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:46:10", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-18 19:45:19", "1833868", "77.237.119.204:4433", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-30 12:46:06", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-06-18 19:45:16", "1833867", "64.89.160.127:8086", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:01", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 19:44:59", "1833866", "45.91.138.95:9019", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:45", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:44:50", "1833865", "38.242.144.218:4498", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 19:44:47", "1833864", "31.76.87.105:8455", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:44:43", "1833863", "23.95.103.214:6024", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:23", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 19:44:10", "1833860", "209.54.102.152:14641", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:44:10", "1833861", "209.54.102.152:14644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:44:10", "1833862", "209.54.102.152:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:43:39", "1833859", "176.12.64.118:8790", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:43:54", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-18 19:43:31", "1833858", "162.35.164.249:12262", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:44", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 19:43:21", "1833857", "147.93.191.75:5005", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 19:43:17", "1833853", "141.98.10.150:14642", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:25", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:43:17", "1833854", "141.98.10.150:14643", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:25", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:43:17", "1833855", "141.98.10.150:14644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:43:17", "1833856", "141.98.10.150:14645", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:43:11", "1833852", "115.190.108.6:54233", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "2026-06-30 12:43:18", "75", "False", "None", "drb-ra,PoshC2", "0", "abuse_ch" "2026-06-18 19:43:09", "1833851", "107.172.238.14:14644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:14", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:43:08", "1833850", "107.172.238.13:14644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:13", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 19:43:03", "1833848", "102.220.160.217:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 19:43:03", "1833849", "102.220.160.222:2600", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 11:46:05", "1833770", "188.227.14.105:547", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-18 09:46:05", "1833753", "98.142.241.170:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:46:22", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-18 09:46:05", "1833754", "98.142.241.170:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:46:22", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-18 09:46:00", "1833752", "91.223.208.217:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:19", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-18 09:45:54", "1833751", "83.142.209.31:7829", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 09:45:43", "1833750", "54.38.94.225:8884", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:45:57", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-06-18 09:45:15", "1833749", "35.254.198.45:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 09:45:13", "1833747", "31.77.168.220:3009", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:28", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 09:45:13", "1833748", "31.77.168.220:3010", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:28", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 09:44:25", "1833744", "209.99.191.33:440", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:36", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-18 09:44:14", "1833743", "198.23.185.136:8008", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 09:43:47", "1833742", "178.16.55.204:5022", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:56", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-18 09:43:41", "1833741", "172.245.195.233:14643", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-18 09:43:23", "1833740", "147.124.212.146:3096", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-17 23:46:03", "1833623", "62.113.59.64:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-17 23:45:31", "1833622", "106.13.189.138:56000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-17 20:00:17", "1833607", "221.132.29.137:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:04", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-17 19:45:31", "1833605", "96.44.167.215:14649", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-17 19:45:24", "1833604", "85.11.167.9:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:46:12", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-17 19:45:16", "1833603", "64.89.160.127:1960", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:01", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-17 19:45:06", "1833602", "5.101.82.60:27015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-17 19:44:54", "1833601", "45.151.102.251:7528", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:38", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-17 19:44:09", "1833600", "209.54.102.152:14645", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-17 19:43:56", "1833599", "192.3.136.254:14648", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-17 19:43:49", "1833598", "185.212.128.176:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:09", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-17 19:43:46", "1833597", "182.23.2.163:7024", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:03", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-17 19:43:31", "1833596", "163.245.213.241:56893", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:43:45", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-17 19:43:20", "1833595", "147.93.191.75:7000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-17 19:43:12", "1833594", "118.122.8.154:11534", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:43:19", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-06-17 19:43:04", "1833593", "103.110.80.154:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:08", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-17 19:00:16", "1833590", "1.92.101.103:8006", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:33", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-17 17:00:12", "1833497", "102.220.160.222:5333", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:04", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-17 15:59:26", "1833420", "code-verification-js.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 16:01:59", "100", "False", "", "ClickFix,Polygon", "0", "varysz" "2026-06-17 15:59:26", "1833421", "verification-code-js.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 12:29:09", "100", "False", "", "ClickFix,Polygon", "0", "varysz" "2026-06-17 15:59:24", "1833422", "chinarice.asia", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:27", "100", "False", "", "ClickFix,Polygon", "0", "varysz" "2026-06-17 15:46:35", "1833483", "43.138.165.203:9003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:08", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-17 15:46:34", "1833482", "42.193.15.237:9003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-17 15:46:23", "1833481", "156.234.211.242:7661", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-17 15:00:14", "1833471", "102.220.160.222:7001", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:04", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-17 13:00:12", "1833454", "147.93.191.75:6006", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:31", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-17 11:47:00", "1833436", "91.219.96.131:58908", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-17 11:46:36", "1833435", "185.92.190.217:8896", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-17 11:46:12", "1833434", "1.13.141.229:8480", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-17 09:48:23", "1833405", "98.191.176.222:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:46:22", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-06-17 09:48:10", "1833404", "85.137.58.53:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:13", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-17 09:46:53", "1833403", "31.77.189.2:6064", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-17 09:46:52", "1833402", "31.77.168.195:3009", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:28", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-17 09:46:51", "1833401", "31.76.87.242:3305", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-17 09:45:18", "1833400", "2.26.74.90:7312", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-17 09:44:51", "1833399", "186.169.48.87:8092", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:44:13", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-17 09:44:33", "1833398", "182.23.2.163:11667", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-17 09:44:26", "1833397", "178.128.116.134:3443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:55", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-17 09:44:25", "1833396", "177.22.117.148:9001", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-30 12:43:55", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-06-17 09:44:16", "1833395", "172.245.195.233:14649", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-17 09:43:39", "1833394", "147.93.191.75:2414", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-17 09:43:33", "1833393", "138.199.59.5:53522", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-17 09:43:10", "1833392", "103.53.80.201:1235", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:10", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-17 08:24:49", "1833372", "223.166.31.185:2082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:04", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-16 23:46:15", "1833011", "8.138.23.63:8999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-16 23:46:04", "1833010", "43.138.225.166:6615", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:08", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-16 23:46:00", "1833008", "212.14.244.222:807", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-16 23:46:00", "1833009", "212.14.244.222:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-16 23:45:48", "1833007", "122.51.50.44:2222", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:45", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-16 19:45:41", "1832786", "96.44.167.215:14643", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:21", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 19:45:35", "1832784", "85.215.105.23:1231", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 19:45:35", "1832785", "87.182.39.55:51124", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 19:45:29", "1832783", "74.208.13.152:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:06", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-16 19:45:06", "1832780", "45.198.224.210:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:39", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-16 19:45:06", "1832781", "45.198.224.211:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:39", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-16 19:45:06", "1832782", "45.198.224.212:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:39", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-16 19:44:53", "1832779", "31.77.168.195:3011", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:28", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 19:44:52", "1832778", "31.76.32.159:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 19:44:06", "1832776", "2.26.75.102:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 19:44:06", "1832777", "2.26.75.121:8912", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 19:44:05", "1832774", "2.26.228.27:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:26", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-16 19:44:05", "1832775", "2.26.74.90:8455", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 19:44:02", "1832773", "194.116.236.239:4098", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 19:43:58", "1832771", "192.3.136.254:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 19:43:58", "1832772", "192.3.136.254:14649", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 19:43:49", "1832770", "185.141.61.187:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:07", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 19:43:46", "1832769", "182.23.2.163:2598", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 19:43:26", "1832765", "156.247.54.11:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:39", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 19:43:26", "1832766", "156.247.54.12:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:39", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 19:43:26", "1832767", "156.247.54.13:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:39", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 19:43:26", "1832768", "156.247.54.14:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:39", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 19:43:20", "1832764", "147.93.191.75:85", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 19:43:17", "1832763", "142.111.135.162:16080", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:43:26", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-16 19:43:12", "1832762", "119.59.118.75:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-16 19:43:02", "1832761", "102.220.160.222:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 11:00:15", "1832647", "39.106.205.6:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:07", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-16 09:45:51", "1832634", "96.44.167.215:14642", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:21", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 09:45:48", "1832633", "91.132.161.21:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:17", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-16 09:45:30", "1832632", "5.89.155.59:9002", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-30 12:45:55", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2026-06-16 09:45:16", "1832630", "45.198.224.214:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:40", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-16 09:45:16", "1832631", "45.198.224.215:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:40", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-16 09:44:09", "1832629", "2.26.229.254:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:26", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-16 09:44:05", "1832628", "194.116.236.239:4099", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 09:43:52", "1832627", "182.23.2.163:8415", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 09:43:49", "1832626", "182.23.2.163:21845", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-16 09:43:44", "1832625", "177.104.165.104:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:55", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-16 09:43:39", "1832623", "172.232.105.92:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:49", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-16 09:43:39", "1832624", "172.234.16.151:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:49", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-16 09:43:27", "1832622", "156.247.54.11:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:38", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 09:43:23", "1832621", "15.237.111.251:8443", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:33", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-16 09:43:22", "1832619", "147.93.191.75:3000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 09:43:22", "1832620", "147.93.191.75:3001", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 09:43:21", "1832617", "147.93.191.75:1008", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 09:43:21", "1832618", "147.93.191.75:2222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 09:43:15", "1832615", "136.111.38.101:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:22", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 09:43:15", "1832616", "136.111.38.101:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:23", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 09:43:14", "1832614", "13.140.187.194:40056", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:21", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-16 09:43:13", "1832613", "13.140.187.194:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:21", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-16 09:43:12", "1832612", "118.107.5.209:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-16 09:43:02", "1832611", "102.220.160.222:2026", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-16 09:00:13", "1832603", "154.29.72.62:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:35", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-16 08:39:04", "1832600", "151.239.24.160:9090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:51", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-16 06:36:02", "1832567", "66.94.119.99:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-30 13:00:07", "50", "False", "https://tracker.viriback.com/index.php?q=66.94.119.99", "Amadey,ViriBack", "0", "abuse_ch" "2026-06-16 05:46:04", "1832558", "177.3.40.2:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-16 05:45:39", "1832557", "mlcs.mlface.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-16 03:46:04", "1832539", "45.151.101.97:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-15 23:45:48", "1832522", "129.204.14.131:57000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-15 19:45:35", "1832487", "96.44.167.215:14647", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:21", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-15 19:45:22", "1832486", "72.52.132.8:8081", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:46:06", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-06-15 19:44:11", "1832485", "212.193.5.199:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:37", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-15 19:44:03", "1832484", "2.27.5.220:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-15 19:43:48", "1832483", "185.190.142.121:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:08", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-15 19:43:46", "1832482", "182.23.2.163:7563", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:03", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-15 19:43:45", "1832480", "182.23.2.163:54257", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-15 19:43:45", "1832481", "182.23.2.163:625", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:03", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-15 19:43:35", "1832479", "172.245.195.233:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-15 19:43:31", "1832478", "166.88.159.146:5353", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:43:47", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-15 19:43:24", "1832473", "156.247.54.10:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:38", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 19:43:24", "1832474", "156.247.54.10:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:38", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 19:43:24", "1832475", "156.247.54.12:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:39", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 19:43:24", "1832476", "156.247.54.13:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:39", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 19:43:24", "1832477", "156.247.54.14:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:39", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 19:43:21", "1832472", "154.44.20.174:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:35", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-15 19:43:17", "1832471", "144.31.236.223:9405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-15 19:43:02", "1832469", "102.220.160.222:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 19:43:02", "1832470", "102.46.221.148:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 15:46:19", "1832399", "23.95.170.223:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:05", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-15 15:45:49", "1832398", "cs.tpedu2metricstw.dpdns.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-15 15:45:48", "1832397", "ardaplumeit.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-15 15:00:11", "1832389", "47.236.102.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:16", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-15 14:00:16", "1832378", "79.175.189.207:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:21", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-15 09:45:54", "1832323", "89.42.134.220:1803", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:16", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 09:45:52", "1832322", "87.182.39.55:51123", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 09:45:50", "1832321", "83.229.85.74:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:12", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 09:45:46", "1832320", "8.210.84.56:8000", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:08", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-15 09:45:09", "1832319", "31.76.87.112:7716", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-15 09:45:08", "1832318", "31.6.11.162:7070", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:27", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 09:44:22", "1832317", "213.193.20.192:9281", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:38", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-15 09:44:19", "1832316", "209.99.187.37:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:35", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-15 09:44:14", "1832315", "20.224.219.169:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:29", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-15 09:44:10", "1832314", "198.23.185.231:70", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 09:43:17", "1832313", "131.143.251.246:53921", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:22", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-15 09:43:09", "1832312", "107.172.133.182:56002", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-15 08:44:17", "1832302", "http://cacywears.ga/index.php", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-06-30 11:35:38", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-06-15 06:51:54", "1832283", "45.202.1.194:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:11", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-14 23:46:04", "1832205", "8.152.2.86:8889", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-14 23:45:41", "1832204", "124.222.218.12:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-14 19:45:30", "1832163", "89.42.134.220:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:17", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-14 19:45:27", "1832162", "83.229.85.74:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:12", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-14 19:45:26", "1832161", "82.47.101.191:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:11", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-14 19:45:13", "1832160", "5.230.69.118:8930", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-14 19:45:04", "1832159", "46.246.82.18:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:46", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-14 19:44:54", "1832158", "43.133.164.200:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:34", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-14 19:44:12", "1832157", "213.152.161.157:18856", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:38", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-14 19:44:10", "1832156", "209.99.185.96:1002", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:35", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-14 19:44:09", "1832155", "207.211.163.106:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:33", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-14 19:44:06", "1832154", "204.194.54.9:2682", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-14 19:43:44", "1832153", "182.23.2.163:26972", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-14 19:43:36", "1832152", "172.245.195.233:14642", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-14 19:43:31", "1832151", "163.245.196.102:5400", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:43:45", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-14 19:43:29", "1832150", "161.97.166.38:6006", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:43", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-14 19:43:19", "1832149", "144.31.236.224:4509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-14 11:45:50", "1832074", "23.254.129.251:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:05", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-14 11:45:48", "1832073", "207.56.229.234:4545", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:03", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-14 11:45:27", "1832072", "sys.systemworld.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-14 11:00:16", "1832021", "35.243.42.203:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:29", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-14 10:35:04", "1832010", "103.47.83.115:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:35", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-14 10:00:22", "1831999", "165.154.254.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:55", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-14 09:45:10", "1831996", "66.29.131.145:5000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:46:04", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-14 09:45:07", "1831995", "64.225.102.218:31400", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:46:00", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-14 09:44:50", "1831994", "45.61.150.88:5000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:45:42", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-14 09:44:49", "1831993", "45.198.224.213:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:39", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-14 09:44:35", "1831992", "23.235.185.42:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:21", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-14 09:44:04", "1831989", "209.99.185.96:2222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:35", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-14 09:44:04", "1831990", "209.99.189.198:7004", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-14 09:44:04", "1831991", "209.99.189.198:7007", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-14 09:43:43", "1831987", "185.207.154.11:4848", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:08", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-14 09:43:38", "1831986", "182.23.2.163:11954", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-14 09:43:32", "1831985", "172.245.195.233:14645", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-14 09:43:05", "1831984", "103.241.64.92:4782", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:10", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-14 09:43:02", "1831983", "1.14.234.107:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:02", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-14 09:00:14", "1831979", "49.232.4.71:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:18", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-14 09:00:14", "1831980", "216.250.249.36:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:20", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-14 08:00:20", "1831974", "49.232.4.71:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:18", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-13 20:00:21", "1831853", "120.27.245.127:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:44", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-13 19:45:41", "1831845", "96.44.167.215:14644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:21", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:45:41", "1831846", "96.44.167.215:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:21", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:45:41", "1831847", "96.44.167.215:14648", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:45:40", "1831844", "94.103.1.223:3421", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:45:37", "1831843", "9.141.105.20:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:17", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-13 19:45:34", "1831842", "85.121.176.239:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:13", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-13 19:45:28", "1831840", "72.51.57.131:5202", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:05", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 19:45:28", "1831841", "72.51.57.131:7997", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:05", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 19:45:11", "1831839", "46.246.4.9:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:46", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 19:45:04", "1831838", "45.153.127.224:443", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:45:38", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-06-13 19:44:52", "1831836", "31.76.32.181:8455", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:44:52", "1831837", "31.76.87.218:9405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:44:13", "1831834", "209.99.189.198:7005", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:44:13", "1831835", "209.99.189.198:7006", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:44:12", "1831833", "209.99.185.96:2025", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:35", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 19:44:06", "1831832", "2.27.5.179:4509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:44:05", "1831831", "2.26.75.218:6913", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:43:59", "1831830", "193.187.91.216:51842", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:19", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:43:56", "1831829", "191.107.87.183:5469", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:43:55", "1831828", "191.107.87.183:5011", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:15", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 19:43:46", "1831826", "182.23.2.163:49415", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:43:46", "1831827", "182.23.2.163:5814", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:43:37", "1831825", "172.245.195.233:14644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:43:28", "1831824", "157.22.185.5:443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:40", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-13 19:43:25", "1831823", "155.103.71.115:14409", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:37", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 19:43:19", "1831822", "144.91.78.57:207", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:28", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 19:43:08", "1831821", "107.172.133.182:56003", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 15:05:28", "1831769", "framework-css-styles-js.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 12:29:09", "100", "False", "", "c2,errtraffic,Polygon", "0", "varysz" "2026-06-13 15:05:28", "1831770", "ethercdnns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 12:29:09", "100", "False", "", "c2,errtraffic,Polygon", "0", "varysz" "2026-06-13 15:05:27", "1831771", "misterslivker.asia", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:34", "100", "False", "", "c2,errtraffic,Polygon", "0", "varysz" "2026-06-13 15:05:27", "1831772", "mylovedomen.asia", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:37", "100", "False", "", "c2,errtraffic,Polygon", "0", "varysz" "2026-06-13 15:05:25", "1831773", "slivkishow.asia", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:32", "100", "False", "", "c2,errtraffic,Polygon", "0", "varysz" "2026-06-13 15:05:24", "1831774", "thisismine.asia", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:26:36", "100", "False", "", "c2,errtraffic,Polygon", "0", "varysz" "2026-06-13 15:05:23", "1831775", "verification-js-cdn.boats", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 12:29:09", "100", "False", "", "c2,errtraffic,Polygon", "0", "varysz" "2026-06-13 15:00:14", "1831779", "18.232.64.100:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:57", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-13 14:00:19", "1831768", "18.232.64.100:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:57", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-13 11:46:23", "1831747", "118.24.128.201:64727", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-13 10:00:20", "1831738", "43.130.246.23:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:07", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-13 09:46:13", "1831733", "98.191.176.231:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:46:22", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-06-13 09:46:08", "1831732", "89.42.134.220:1991", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:16", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 09:45:57", "1831731", "69.164.245.165:8930", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:05", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 09:45:23", "1831730", "34.123.214.16:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:45:29", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-13 09:45:22", "1831728", "31.76.32.201:1377", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 09:45:22", "1831729", "31.76.32.230:1499", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 09:45:15", "1831727", "23.235.185.44:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:22", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 09:44:10", "1831726", "188.121.162.153:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 09:44:06", "1831725", "185.212.129.185:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:10", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-13 09:43:59", "1831724", "182.23.2.163:59678", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:02", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 09:43:46", "1831723", "172.245.195.233:14641", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-13 09:43:18", "1831722", "130.185.82.117:5641", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:21", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-13 09:43:12", "1831720", "108.181.115.254:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:16", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-06-13 09:43:12", "1831721", "108.181.115.254:7045", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:16", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-06-13 09:43:11", "1831719", "107.173.9.88:8000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 09:43:04", "1831718", "102.46.221.148:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-13 09:43:02", "1831717", "101.33.202.134:9989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:03", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-12 23:45:46", "1831647", "153.0.197.184:8555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-12 20:00:19", "1831619", "102.46.221.148:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:06", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-12 19:45:16", "1831617", "69.172.210.50:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-12 19:44:48", "1831616", "39.96.188.57:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:33", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-12 19:44:44", "1831615", "31.76.32.161:9405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 19:43:57", "1831614", "198.23.177.222:14641", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 19:43:55", "1831613", "194.213.18.93:991", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:44:21", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-12 19:43:43", "1831612", "182.23.2.163:7649", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:03", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 19:43:35", "1831611", "172.94.18.103:72", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:53", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-12 19:43:34", "1831610", "172.245.195.233:14648", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 19:43:25", "1831609", "158.220.96.15:3319", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:41", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-12 19:43:19", "1831608", "149.104.28.77:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:32", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-12 19:43:08", "1831607", "107.172.44.141:45699", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:14", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 19:43:03", "1831606", "101.99.92.220:8264", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:03", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 11:46:40", "1830877", "8.217.12.212:48080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-12 09:45:24", "1830851", "78.141.208.70:46337", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:07", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-12 09:45:23", "1830850", "69.172.210.50:5333", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-12 09:45:21", "1830848", "64.89.162.10:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:02", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 09:45:21", "1830849", "64.89.162.178:5903", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:03", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 09:45:18", "1830847", "61.158.61.134:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:58", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-12 09:44:57", "1830846", "45.32.120.188:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:40", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-12 09:44:55", "1830845", "45.137.99.3:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:37", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-12 09:44:47", "1830844", "31.76.32.160:7716", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 09:44:45", "1830843", "31.57.184.154:7008", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-12 09:44:00", "1830842", "2.26.21.17:4323", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:26", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-12 09:43:55", "1830841", "193.163.203.183:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 09:43:44", "1830839", "182.23.2.163:602", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:02", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 09:43:44", "1830840", "182.23.2.163:8206", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:03", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 09:43:43", "1830837", "182.23.2.163:49552", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 09:43:43", "1830838", "182.23.2.163:5137", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 09:43:42", "1830836", "182.23.2.163:12615", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 09:43:18", "1830835", "144.31.236.19:3305", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-12 09:43:11", "1830834", "114.132.238.70:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-12 09:43:10", "1830833", "110.42.34.220:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:17", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-12 09:43:06", "1830832", "104.234.240.68:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:12", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-12 07:20:03", "1830532", "95.182.114.29:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:26", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-06-12 07:20:03", "1830533", "60.205.126.246:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:19", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-12 07:19:49", "1830531", "1.13.141.229:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:32", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-11 21:00:15", "1830416", "49.233.136.227:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:18", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-11 19:45:26", "1830402", "1364170351-9enmkvd46p.ap-guangzhou.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-11 19:45:11", "1830401", "64.89.162.59:4422", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:03", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-11 19:44:53", "1830400", "46.246.80.2:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:46", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-11 19:44:52", "1830398", "46.101.195.123:31400", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:45:45", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-11 19:44:52", "1830399", "46.151.182.181:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:45", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-11 19:44:49", "1830395", "45.225.135.43:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:40", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-11 19:44:49", "1830396", "45.225.135.43:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:40", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-11 19:44:49", "1830397", "45.225.135.43:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:40", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-11 19:44:40", "1830394", "31.76.93.193:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:28", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-11 19:44:35", "1830392", "23.235.185.45:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:22", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-11 19:44:35", "1830393", "23.235.185.46:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:22", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-11 19:44:04", "1830391", "213.165.40.206:8887", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:44:38", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-06-11 19:44:02", "1830390", "209.99.188.193:43221", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:35", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-11 19:43:57", "1830389", "2.27.62.228:60204", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-11 19:43:52", "1830388", "194.116.236.239:4069", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-11 19:43:50", "1830387", "192.3.139.18:15221", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:17", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-11 19:43:47", "1830384", "188.137.242.166:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-11 19:43:47", "1830385", "188.137.242.166:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-11 19:43:47", "1830386", "188.137.242.166:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-11 19:43:41", "1830383", "182.23.2.163:8307", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-11 19:43:36", "1830382", "178.255.126.146:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:56", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-11 19:43:22", "1830381", "155.103.71.115:14408", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:37", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-11 19:43:12", "1830380", "130.94.18.95:24321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:22", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-11 19:43:09", "1830378", "109.199.109.62:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:16", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-11 19:43:09", "1830379", "109.199.109.62:40056", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:16", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-11 17:00:11", "1830357", "139.59.106.160:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:25", "100", "True", "None", "havoc", "1", "_ik_" "2026-06-11 16:00:23", "1830348", "139.59.106.160:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:25", "100", "True", "None", "havoc", "1", "_ik_" "2026-06-11 15:45:51", "1830338", "mlcos.cdnupdate.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-11 14:00:22", "1830310", "122.51.50.44:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:45", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-11 14:00:17", "1830307", "172.94.18.103:79", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:53", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-11 12:46:30", "1830289", "113.44.64.117:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:17", "50", "False", "https://www.shodan.io/host/113.44.64.117#7443", "c2,mythic,shodan", "0", "juroots" "2026-06-11 12:46:30", "1830291", "159.89.48.54:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:42", "50", "False", "https://www.shodan.io/host/159.89.48.54#7443", "c2,mythic,shodan", "0", "juroots" "2026-06-11 12:42:24", "1830206", "117.72.159.215:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:41", "50", "False", "https://www.shodan.io/host/117.72.159.215#8080", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2026-06-11 09:44:07", "1830053", "206.81.21.156:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:32", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-11 09:43:44", "1830051", "182.23.2.163:4048", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-11 09:43:44", "1830052", "182.23.2.163:4814", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-11 09:43:42", "1830050", "182.23.2.163:1230", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-11 09:00:15", "1830046", "64.89.162.82:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:03", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-11 08:00:17", "1830018", "2.26.228.27:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:26", "100", "True", "None", "havoc", "1", "_ik_" "2026-06-11 06:43:05", "1830007", "45.87.53.6:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:13", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-11 06:43:04", "1830006", "120.55.3.157:10000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 09:53:53", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-11 06:42:48", "1830004", "43.136.180.88:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:08", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-06-11 06:42:47", "1830002", "43.136.180.88:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:08", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-06-11 06:42:47", "1830003", "47.121.181.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:15", "100", "False", "None", "CobaltStrike,cs-watermark-666666", "0", "abuse_ch" "2026-06-11 06:42:46", "1830001", "124.220.41.22:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:46", "100", "False", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2026-06-11 06:42:44", "1829999", "160.202.230.103:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:54", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-06-11 06:42:41", "1829997", "139.5.108.17:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:49", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-11 05:26:07", "1829953", "156.234.211.138:8821", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:53", "50", "False", "None", "138195,c2,censys,cobalt strike", "0", "sojubear" "2026-06-11 05:26:06", "1829954", "156.234.211.165:8821", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:53", "50", "False", "None", "138195,c2,censys,cobalt strike", "0", "sojubear" "2026-06-11 05:26:05", "1829957", "192.144.213.21:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:00", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear" "2026-06-10 23:45:53", "1829946", "85.137.240.208:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 19:45:25", "1829910", "1364170351-5ezc7c8ssf.ap-guangzhou.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 19:45:19", "1829909", "87.182.39.55:51125", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 19:45:15", "1829908", "82.221.139.243:52281", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:46:10", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-10 19:45:10", "1829907", "64.89.162.178:5902", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:03", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 19:44:49", "1829905", "45.157.116.119:29476", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:39", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-10 19:44:49", "1829906", "45.38.41.27:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:41", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-10 19:44:47", "1829904", "45.140.14.29:1488", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:37", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-10 19:44:35", "1829903", "23.235.185.43:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:22", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 19:44:33", "1829902", "216.158.235.73:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:45:19", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-10 19:43:55", "1829900", "198.23.185.231:20200", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 19:43:55", "1829901", "198.23.185.231:20800", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 19:43:51", "1829899", "193.135.137.240:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-10 19:43:49", "1829898", "191.107.87.183:5471", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 19:43:48", "1829897", "188.23.170.168:8000", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:44:14", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-06-10 19:43:46", "1829896", "185.33.84.183:3000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:12", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-10 19:43:41", "1829895", "182.23.2.163:9800", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:05", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 19:43:38", "1829894", "181.235.14.94:3588", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:57", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 19:43:34", "1829893", "172.94.18.103:71", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:52", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 19:43:32", "1829892", "170.39.185.141:2030", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:48", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-10 19:43:29", "1829891", "163.245.217.90:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:46", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-10 19:43:26", "1829889", "159.69.59.93:4550", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 19:43:20", "1829888", "153.75.249.13:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:34", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-10 19:43:18", "1829887", "146.70.51.74:7898", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:29", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 19:43:13", "1829886", "130.94.95.135:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 11:46:09", "1829786", "8.148.201.210:10553", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 11:45:58", "1829785", "38.76.164.56:8083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 11:45:57", "1829784", "38.14.248.138:8085", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 11:45:53", "1829779", "185.92.190.214:5896", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 11:45:53", "1829780", "185.92.190.215:5896", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 11:45:53", "1829781", "185.92.190.215:8896", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 11:45:53", "1829782", "185.92.190.216:5896", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 11:45:53", "1829783", "185.92.190.217:5896", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 11:45:52", "1829777", "185.92.190.213:5896", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 11:45:52", "1829778", "185.92.190.213:8896", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 10:00:17", "1825873", "38.47.122.34:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:06", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-10 09:45:40", "1825867", "64.89.162.117:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:03", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-10 09:45:22", "1825866", "46.246.82.4:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:47", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 09:45:19", "1825865", "45.81.17.44:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:43", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 09:45:16", "1825864", "45.147.28.58:42461", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:38", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-10 09:45:01", "1825863", "31.76.87.188:4034", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 09:44:56", "1825862", "23.95.220.192:43999", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:23", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-10 09:44:15", "1825860", "207.180.250.181:1111", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:33", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 09:44:15", "1825861", "207.180.250.181:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:33", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 09:44:10", "1825858", "2.27.5.120:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 09:44:10", "1825859", "2.27.5.236:1377", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 09:44:09", "1825857", "2.26.75.249:7312", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 09:44:08", "1825855", "198.23.177.222:14646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 09:44:08", "1825856", "198.23.185.231:20100", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 09:44:01", "1825854", "192.3.96.82:45683", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 09:44:00", "1825853", "192.208.12.91:3000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:16", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-10 09:43:47", "1825852", "182.23.2.163:12489", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 09:43:45", "1825851", "178.236.46.43:7912", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:56", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 09:43:35", "1825850", "163.245.217.48:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:46", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-10 09:43:31", "1825849", "158.94.210.30:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:41", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 09:43:30", "1825848", "158.94.208.192:1030", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:41", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 09:43:25", "1825847", "154.83.186.106:30159", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:35", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-10 09:43:10", "1825846", "107.175.87.234:65321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:15", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-10 09:43:09", "1825845", "107.172.133.178:56003", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-10 09:43:08", "1825844", "104.251.181.62:3421", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:12", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-10 09:43:07", "1825843", "104.143.206.116:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-30 12:43:11", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch" "2026-06-10 07:18:53", "1825788", "34.92.128.98:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:05", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-10 06:47:18", "1825772", "167.71.217.41:7538", "ip:port", "botnet_cc", "win.remus", "None", "Remus", "2026-06-28 13:10:44", "75", "False", "https://bazaar.abuse.ch/sample/2194042f5f4a385486b259dd6f174748a5fbc260dcafe8abac842382010f3b10/", "remus", "0", "abuse_ch" "2026-06-10 06:00:25", "1825703", "8.163.59.20:8008", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:23", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-10 04:00:23", "1825685", "142.93.96.42:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:27", "100", "True", "None", "mythic", "1", "_ik_" "2026-06-10 03:45:50", "1825679", "8.219.158.30:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 03:45:38", "1825678", "218.244.142.4:8889", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 03:45:33", "1825676", "156.234.114.122:8821", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 03:45:33", "1825677", "156.234.211.220:8821", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-10 03:45:13", "1825675", "google.dns-1.help", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-09 23:45:35", "1825647", "130.94.17.180:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-09 21:45:51", "1825631", "198.46.199.110:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:00", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-09 21:00:13", "1825622", "181.215.18.135:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:58", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-09 20:00:17", "1825614", "45.87.53.6:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 09:54:11", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-09 19:44:51", "1825613", "46.151.182.16:1011", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:45", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-09 19:43:58", "1825612", "202.73.4.137:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:30", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-09 19:43:56", "1825611", "2.27.5.234:4509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-09 19:43:55", "1825610", "2.26.75.243:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-09 19:43:54", "1825609", "198.23.177.222:14644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-09 19:43:40", "1825608", "182.23.2.163:15646", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-09 19:43:30", "1825607", "167.160.186.140:62738", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:47", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-09 19:43:28", "1825606", "162.35.161.101:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:43:44", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-06-09 19:43:08", "1825605", "107.172.135.27:14644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:13", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-09 19:43:06", "1825604", "104.168.0.29:52203", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-09 18:51:52", "1825593", "pilotkadomen.club", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:39", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-09 18:51:52", "1825594", "nihaoclub.asia", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:41", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-09 18:36:01", "1825585", "spasopro.at", "domain", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-30 13:00:08", "50", "False", "https://tracker.viriback.com/index.php?q=spasopro.at", "Amadey,ViriBack", "0", "abuse_ch" "2026-06-09 09:44:07", "1825435", "204.194.54.9:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-09 09:44:07", "1825436", "204.194.54.9:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-09 09:44:06", "1825434", "204.194.54.9:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-09 09:44:03", "1825433", "2.26.75.248:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-09 09:44:02", "1825432", "2.26.75.241:4509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-09 09:43:58", "1825430", "194.11.246.191:4404", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:20", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-09 09:43:58", "1825431", "194.11.246.191:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:20", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-09 09:43:43", "1825429", "182.23.2.163:10616", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-09 09:43:39", "1825428", "175.178.123.42:28443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:54", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-09 09:43:35", "1825427", "170.62.130.191:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:49", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-09 07:00:14", "1825381", "110.42.219.9:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:36", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-09 05:11:01", "1825293", "8.219.158.30:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:23", "50", "False", "None", "45102,c2,censys,cobalt strike", "0", "sojubear" "2026-06-09 05:10:52", "1825237", "webflare.beer", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:39:32", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-09 02:45:24", "1825308", "120.55.246.213:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-08 23:45:33", "1825289", "149.88.66.234:20050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-08 19:43:41", "1825227", "182.23.2.163:12297", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-08 19:43:23", "1825226", "155.103.70.100:13407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-08 18:14:02", "1825189", "robodomain.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:30", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:08", "1825192", "sirata.asia", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:35:24", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:08", "1825194", "smackit.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:17", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:08", "1825196", "spartanec.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:20", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:08", "1825197", "superpooper.click", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:35", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:08", "1825199", "whynotebanarot.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:40", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:08", "1825200", "yanepidor.mom", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:35:19", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:08", "1825201", "yoshicity.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:47", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:07", "1825181", "nenadopapa.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:35:18", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:07", "1825182", "peachbro.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:49", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:07", "1825183", "pinokros.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:53", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:07", "1825184", "pohuimne.lol", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:35:12", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:07", "1825185", "ponikas.cyou", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:27", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:07", "1825186", "pringlesbob.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:51", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:07", "1825188", "prokladka.lol", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:35:09", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:07", "1825190", "sandman.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:57", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:07", "1825191", "sandman.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:50", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:06", "1825166", "marmelad.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:37", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:06", "1825167", "megamegalodon.click", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:27:07", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:06", "1825168", "merindashop.cyou", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:56", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:06", "1825169", "mexicodreams.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:46", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:06", "1825171", "microchlen.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:45", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:06", "1825173", "milksos.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:29", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:06", "1825174", "mnepohui.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:42", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:06", "1825175", "mob.lanjut.in", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:58", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:06", "1825176", "myblobtop.site", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:35:23", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:05", "1825154", "etomoe.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:59", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:05", "1825155", "etomoidomen.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:35:07", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:05", "1825156", "ganiballektor.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:27:08", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:05", "1825157", "gdedengikarlos.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:25", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:05", "1825160", "gppcdnns.beer", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:27:05", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:05", "1825161", "ivangay.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:35:01", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:05", "1825162", "lenders.digital", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:27:12", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:05", "1825163", "lizablud.shop", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:44", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:05", "1825164", "mambet.lol", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:52", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:05", "1825165", "marinaradom.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:19", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:04", "1825143", "biletors.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:15", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:04", "1825144", "blobtop.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:35:26", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:04", "1825145", "bobik.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:44", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:04", "1825146", "bulletpop.cyou", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:22", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:04", "1825147", "chinabowl.club", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:43", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:04", "1825148", "chubrik.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:34", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:04", "1825150", "comicstar.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:27:13", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:04", "1825152", "cosmostars.shop", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:54", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:03", "1825134", "abrikos.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:39", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:03", "1825135", "anakondabob.club", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:32", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:03", "1825136", "ap7.supportly.au", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:37:32", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:03", "1825137", "arigatodomen.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:26:48", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:03", "1825138", "babybon.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:34:24", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:03", "1825139", "bearman.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:27:01", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 17:54:03", "1825140", "bigbadwolf.click", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-29 13:35:31", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz" "2026-06-08 11:45:41", "1825065", "106.14.116.17:19443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-08 09:45:29", "1824915", "94.183.232.247:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-30 12:46:20", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch" "2026-06-08 09:45:25", "1824913", "89.125.255.5:43026", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:46:16", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-08 09:45:25", "1824914", "89.125.255.5:9999", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:46:16", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-08 09:45:24", "1824912", "87.237.52.176:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:14", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-08 09:43:40", "1824910", "182.23.2.163:3252", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-08 09:43:22", "1824909", "155.103.70.100:13408", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-08 08:02:09", "1824638", "altecva.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:05:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz" "2026-06-08 08:02:05", "1824646", "camtechpotiskum.edu.ng", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz" "2026-06-08 08:01:59", "1824655", "evolutionairfilter.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:05:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz" "2026-06-08 08:01:50", "1824672", "stroycenter.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz" "2026-06-08 08:01:49", "1824673", "thepesthunter.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:09", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz" "2026-06-08 08:01:47", "1824679", "visualimpressao.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:08", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz" "2026-06-08 07:54:40", "1824680", "vitb.ac.in", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:05:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz" "2026-06-08 03:34:45", "1824383", "antongandon.club", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-29 13:37:50", "100", "False", "", "None", "0", "uwucutecatgirl" "2026-06-07 23:45:14", "1824508", "209.200.246.194:17568", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:03", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-07 19:45:57", "1824436", "87.107.191.39:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-07 19:45:13", "1824435", "94.183.232.247:443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-30 12:46:20", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch" "2026-06-07 19:45:12", "1824434", "93.127.141.93:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2026-06-30 12:46:20", "75", "False", "None", "drb-ra,Hook", "0", "abuse_ch" "2026-06-07 19:45:00", "1824433", "82.156.224.184:8080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:46:10", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-07 19:44:52", "1824432", "52.90.29.87:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:56", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-07 19:44:43", "1824431", "46.246.96.214:8082", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:47", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-07 19:44:40", "1824430", "45.38.20.122:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:41", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-07 19:44:35", "1824429", "40.83.75.96:4000", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:33", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-07 19:43:55", "1824428", "209.99.185.96:20100", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:35", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-07 19:43:38", "1824427", "182.23.2.163:8211", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:03", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-07 19:43:30", "1824426", "172.189.57.198:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:49", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-07 16:19:10", "1824397", "npanssltejs.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:33:02", "100", "False", "", "ClearFake,Polygon", "0", "varysz" "2026-06-07 09:45:38", "1824262", "89.125.255.5:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-07 09:45:31", "1824260", "80.253.249.67:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:09", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-07 09:45:31", "1824261", "80.66.72.174:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:09", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-07 09:45:24", "1824259", "60.191.87.107:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:45:58", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-06-07 09:44:59", "1824258", "45.13.212.232:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:36", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-07 09:44:57", "1824256", "43.136.92.170:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:35", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-07 09:44:57", "1824257", "43.136.92.170:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:35", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-06-07 09:44:50", "1824255", "31.57.184.154:2505", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-07 09:44:10", "1824254", "209.99.188.193:4323", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:36", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-07 09:43:45", "1824253", "182.23.2.163:17001", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-07 09:43:38", "1824252", "172.81.61.108:2030", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:51", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-07 09:43:26", "1824251", "154.94.232.165:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:35", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-07 09:43:23", "1824249", "146.70.41.174:3000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:29", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-06-07 09:43:23", "1824250", "147.124.210.158:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-07 09:43:17", "1824248", "138.9.118.222:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-07 09:43:16", "1824247", "137.184.163.27:5613", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:23", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-06 22:45:25", "1824151", "154.198.49.31:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-06 20:00:20", "1824136", "173.249.41.141:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:54", "100", "True", "None", "havoc", "1", "_ik_" "2026-06-06 20:00:19", "1824135", "13.140.132.118:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:20", "100", "True", "None", "havoc", "1", "_ik_" "2026-06-06 19:44:54", "1824134", "95.211.182.120:6794", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:20", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-06 19:44:51", "1824133", "91.221.191.167:4323", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-06 19:44:38", "1824132", "5.230.201.36:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:54", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-06 19:44:37", "1824131", "5.230.201.242:1994", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:54", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-06 19:44:30", "1824130", "46.151.182.243:55380", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:46", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-06 19:43:45", "1824129", "2.26.75.239:1971", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-06 19:43:40", "1824127", "192.159.99.26:6969", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:16", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-06 19:43:40", "1824128", "192.177.111.89:7788", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-06 19:43:35", "1824126", "185.192.124.218:2177", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:44:08", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-06 19:43:22", "1824125", "158.94.211.253:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:41", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-06 19:43:21", "1824124", "157.254.223.135:2600", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:40", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-06 19:43:19", "1824123", "156.225.22.201:1337", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:38", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-06 11:45:14", "1824029", "154.12.86.154:55555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-06 11:45:14", "1824030", "154.12.86.154:8889", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-06 11:45:14", "1824031", "154.12.86.154:9004", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-06 10:32:30", "1824012", "47.101.51.235:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:13", "100", "False", "None", "CobaltStrike,cs-watermark-666666", "0", "abuse_ch" "2026-06-06 10:32:23", "1824008", "167.71.233.187:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:55", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-06 09:44:56", "1824001", "91.215.85.121:8849", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:18", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-06 09:00:18", "1823978", "113.45.226.61:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:38", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-06 09:00:14", "1823974", "188.126.90.12:2003", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:44:13", "100", "True", "None", "dcrat", "1", "_ik_" "2026-06-06 06:01:08", "1823700", "45.81.17.44:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:44", "50", "False", "None", "211056,asyncrat,c2,censys", "0", "sojubear" "2026-06-06 05:24:31", "1823853", "https://pas.sm188star.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:24:03", "75", "False", "None", "ar3k0,Vidar", "0", "abuse_ch" "2026-06-06 05:24:31", "1823854", "pas.sm188star.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:24:03", "75", "False", "None", "ar3k0,Vidar", "0", "abuse_ch" "2026-06-06 03:44:58", "1823730", "101.43.103.154:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-05 21:00:16", "1823661", "149.104.29.125:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:50", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-05 19:45:55", "1823644", "87.107.191.39:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-05 19:45:18", "1823641", "ns1.newchatsits.ir", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-05 19:44:53", "1823640", "62.109.19.44:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:58", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-05 19:43:56", "1823639", "207.174.2.85:7997", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:44:33", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-05 19:43:38", "1823638", "182.23.2.163:12364", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-05 09:46:05", "1822772", "119.45.166.6:9443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-05 09:45:27", "1822771", "64.94.85.14:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:04", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-05 09:45:20", "1822770", "5.249.160.112:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:54", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-05 09:44:00", "1822769", "195.26.86.134:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:22", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-05 09:43:56", "1822768", "193.149.190.156:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:18", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-05 09:43:46", "1822767", "182.23.2.163:58222", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-05 09:43:44", "1822765", "182.23.2.163:10401", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-05 09:43:44", "1822766", "182.23.2.163:11742", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-05 09:43:29", "1822764", "158.247.194.144:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:41", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-05 05:19:16", "1822558", "104.236.83.40:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "2026-06-28 21:16:04", "80", "False", "https://twitter.com/NullBlue67", "DigitalOcean,docker-api,dual-role,libredtail-http,Redtail,spreader", "0", "nullblue67" "2026-06-05 05:19:11", "1822567", "b0e1ae6d73d656b203514f498b59cbcf29f067edf6fbd3803a3de7d21960848d", "sha256_hash", "payload", "elf.xmrig", "None", "XMRIG", "2026-06-29 15:50:31", "80", "False", "https://twitter.com/NullBlue67", "cryptojacking,docker-api,elf,miner,XMRig", "0", "nullblue67" "2026-06-05 03:00:15", "1822643", "186.169.71.201:6000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:13", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-05 02:36:02", "1822640", "89.124.78.101:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-30 13:00:08", "50", "False", "https://tracker.viriback.com/index.php?q=89.124.78.101", "Amadey,ViriBack", "0", "abuse_ch" "2026-06-05 01:00:17", "1822613", "5.230.201.36:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:54", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-05 00:00:22", "1822602", "185.165.36.162:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:07", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-04 23:45:28", "1822600", "34.202.161.96:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:05", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-04 23:45:07", "1822599", "updates.fisgloval.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-04 19:43:37", "1822528", "182.23.2.163:2046", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-04 19:43:27", "1822526", "163.172.174.237:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-30 12:43:45", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2026-06-04 19:43:27", "1822527", "163.172.174.237:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-30 12:43:45", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2026-06-04 19:00:14", "1822515", "185.165.36.162:8000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:07", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-06-04 17:45:22", "1822499", "107.150.105.91:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-04 17:00:13", "1822488", "20.64.242.233:1024", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:44:29", "100", "True", "None", "dcrat", "1", "_ik_" "2026-06-04 15:45:34", "1822451", "124.222.155.113:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-04 15:45:16", "1822448", "api1.haedalcompany.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-04 14:50:35", "1822415", "120.26.208.96:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:44", "50", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-06-04 11:46:46", "1822346", "154.12.86.154:44444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-04 09:45:43", "1822302", "91.92.241.80:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:19", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-04 09:45:35", "1822301", "82.23.246.160:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:11", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-04 09:43:56", "1822299", "185.72.9.227:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:44:13", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-04 09:43:50", "1822298", "182.23.2.163:49002", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-04 09:43:40", "1822297", "172.238.15.96:9443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:43:50", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-06-04 09:43:29", "1822296", "156.247.40.190:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:38", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-04 09:43:28", "1822295", "155.103.70.198:13408", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-04 09:43:22", "1822294", "140.235.16.223:7203", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:25", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-04 06:42:46", "1822223", "107.150.105.91:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:35", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-06-04 06:42:44", "1822222", "204.194.49.142:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 09:53:54", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-06-03 19:44:00", "1822015", "20.220.29.224:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:29", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-03 19:43:56", "1822014", "194.26.192.57:1024", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:44:21", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-03 19:43:43", "1822013", "182.23.2.163:47984", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-03 19:43:36", "1822012", "172.81.61.20:7997", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:51", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-03 19:43:33", "1822011", "168.144.36.228:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:48", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-03 19:43:21", "1822010", "147.124.210.158:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-03 15:23:52", "1821844", "47.82.234.12:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:17", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-03 14:36:55", "1821877", "4.240.85.243:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:33", "50", "False", "https://www.shodan.io/host/4.240.85.243#7443", "c2,mythic,shodan", "0", "juroots" "2026-06-03 14:34:08", "1821870", "62.192.173.249:9000", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:58", "50", "False", "https://www.shodan.io/host/62.192.173.249#9000", "adaptixc2,c2,shodan", "0", "juroots" "2026-06-03 14:31:44", "1821850", "114.134.187.38:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:39", "50", "False", "https://www.shodan.io/host/114.134.187.38#8443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2026-06-03 11:46:25", "1821807", "209.200.246.194:11544", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:03", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-03 09:45:37", "1821716", "82.23.246.160:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:10", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-03 09:44:13", "1821715", "204.194.50.173:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:31", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-03 09:43:49", "1821714", "182.23.2.163:10399", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-03 09:43:30", "1821713", "156.247.40.190:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:38", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-06-03 08:01:52", "1821684", "77.93.155.111:10039", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:07", "100", "True", "None", "mythic", "1", "_ik_" "2026-06-03 08:01:51", "1821685", "124.222.155.113:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:46", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-03 07:57:06", "1821697", "118.89.203.103:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:43", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-03 07:56:52", "1821695", "118.89.203.103:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:43", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-03 05:55:36", "1821525", "8.163.104.36:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:23", "75", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-06-02 19:45:08", "1821517", "45.198.224.19:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:39", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-06-02 19:44:03", "1821516", "195.246.230.99:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:22", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-02 19:43:27", "1821514", "155.103.70.198:13407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-02 19:43:27", "1821515", "155.103.71.115:13408", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:37", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-02 14:06:11", "1821233", "172.236.10.250:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:50", "50", "False", "https://www.shodan.io/host/172.236.10.250#443", "c2,havoc,shodan", "0", "juroots" "2026-06-02 14:05:08", "1821227", "198.13.51.245:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:23", "50", "False", "https://www.shodan.io/host/198.13.51.245#4321", "adaptixc2,c2,shodan", "0", "juroots" "2026-06-02 14:04:11", "1821219", "172.237.125.146:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:50", "50", "False", "https://www.shodan.io/host/172.237.125.146#7443", "c2,mythic,shodan", "0", "juroots" "2026-06-02 14:04:11", "1821220", "45.76.203.112:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:43", "50", "False", "https://www.shodan.io/host/45.76.203.112#7443", "c2,mythic,shodan", "0", "juroots" "2026-06-02 09:46:15", "1820869", "113.44.136.127:8087", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-06-02 09:43:59", "1820868", "192.159.99.21:5080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:16", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-06-02 09:43:50", "1820867", "182.23.2.163:9060", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:05", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-02 09:43:26", "1820866", "15.204.255.172:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:33", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-06-01 20:49:34", "1820682", "47.77.182.54:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "2026-06-28 21:16:44", "80", "False", "https://twitter.com/NullBlue67", "docker-api,libredtail-http,Redtail,spreader", "0", "nullblue67" "2026-06-01 20:49:15", "1820729", "23.235.185.43:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:22", "100", "True", "None", "dcrat", "1", "_ik_" "2026-06-01 20:49:15", "1820730", "23.235.185.42:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:21", "100", "True", "None", "dcrat", "1", "_ik_" "2026-06-01 19:45:00", "1820725", "45.150.34.117:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:38", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-06-01 19:43:44", "1820724", "182.23.2.163:11166", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-01 19:43:43", "1820723", "178.16.54.48:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:43:56", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-06-01 19:43:42", "1820722", "178.16.52.47:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:43:55", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-06-01 15:11:43", "1820615", "82.156.224.184:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:46:10", "100", "True", "None", "havoc", "1", "_ik_" "2026-06-01 09:45:05", "1820574", "35.75.218.153:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-30 12:45:30", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2026-06-01 09:44:09", "1820573", "2.58.56.50:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-01 09:43:48", "1820572", "182.23.2.163:11327", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-06-01 09:43:44", "1820571", "176.65.139.144:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-30 12:43:54", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch" "2026-06-01 08:43:25", "1820538", "43.138.165.203:9001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:08", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-01 06:44:52", "1820506", "165.22.225.218:5443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:55", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-06-01 06:44:48", "1820504", "38.181.42.160:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:06", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-06-01 05:44:49", "1820414", "82.157.52.180:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:25", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-01 05:44:38", "1820430", "49.233.215.164:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:18", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-01 05:44:37", "1820432", "47.116.211.215:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:14", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-06-01 05:44:35", "1820444", "47.103.95.85:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:13", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-31 23:46:09", "1820420", "176.97.124.68:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-31 21:46:22", "1820399", "176.97.124.68:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-31 21:46:19", "1820398", "154.38.114.115:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-31 21:45:54", "1820397", "ds.metric-take-datadqct.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-31 19:44:04", "1820368", "182.23.2.163:1477", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-31 19:44:03", "1820367", "182.23.2.163:1135", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-31 15:04:22", "1820327", "64.89.160.44:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:02", "100", "True", "None", "dcrat", "1", "_ik_" "2026-05-31 11:46:12", "1820311", "107.151.246.172:7890", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-31 09:45:39", "1820291", "64.176.73.125:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:46:00", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-31 09:44:59", "1820290", "31.57.184.154:2503", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-31 09:43:50", "1820289", "182.23.2.163:6088", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 08:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-31 09:43:43", "1820288", "172.81.61.226:5202", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:52", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-31 09:43:29", "1820287", "155.103.71.115:13407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-31 06:48:29", "1820212", "82.157.52.180:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:25", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear" "2026-05-31 06:48:28", "1820214", "64.89.160.44:1000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:01", "50", "False", "None", "205759,asyncrat,c2,censys", "0", "sojubear" "2026-05-30 19:45:52", "1820144", "84.32.41.227:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:12", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-30 19:45:28", "1820143", "47.236.24.112:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 08:45:46", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-30 19:43:32", "1820141", "157.20.182.17:1997", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-29 18:43:34", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-30 15:14:06", "1820030", "154.16.112.232:5432", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "2026-06-29 09:40:16", "80", "False", "https://twitter.com/NullBlue67", "copy-from-program,kill-rivals,postgres,RedTail", "0", "nullblue67" "2026-05-30 11:47:27", "1820072", "223.26.59.226:32354", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-30 09:45:35", "1820044", "46.225.66.210:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:46", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-30 09:45:23", "1820043", "38.54.63.135:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:32", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-30 09:43:57", "1820042", "182.23.2.163:6407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-29 08:43:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-30 09:43:35", "1820041", "157.20.182.18:1973", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-29 08:43:34", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-30 09:43:34", "1820040", "155.103.71.146:776", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:37", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-30 09:43:14", "1820039", "114.132.190.121:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-30 07:04:47", "1819954", "156.234.211.156:7661", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:53", "50", "False", "None", "138195,c2,censys,cobalt strike", "0", "sojubear" "2026-05-30 07:04:38", "1819982", "40.85.252.198:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:34", "100", "True", "None", "havoc", "1", "_ik_" "2026-05-29 23:46:36", "1819942", "209.200.246.82:5663", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:03", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-29 19:45:46", "1819907", "49.233.81.84:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:49", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-29 19:45:33", "1819906", "43.140.219.30:7112", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:45:35", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-29 19:45:22", "1819905", "31.56.209.79:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-29 08:44:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-29 19:45:20", "1819904", "27.102.137.139:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-29 19:45:19", "1819903", "23.235.185.44:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:22", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-29 19:44:29", "1819902", "209.99.184.51:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 08:44:34", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-29 19:44:12", "1819901", "192.162.199.25:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-29 19:44:04", "1819900", "185.212.129.4:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:11", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-29 19:43:57", "1819899", "182.23.2.163:4452", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-28 18:43:46", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-29 19:43:49", "1819898", "172.86.109.7:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:43:52", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-29 19:43:42", "1819895", "162.248.224.236:7492", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:44", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-29 19:43:42", "1819896", "162.248.225.165:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:44", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-29 19:43:42", "1819897", "162.248.225.165:8603", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:44", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-29 19:43:41", "1819894", "162.248.224.236:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:44", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-29 19:43:36", "1819893", "157.20.182.17:1444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-29 08:43:33", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-29 19:43:30", "1819892", "146.59.182.123:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:29", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-29 19:43:21", "1819891", "134.199.170.120:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:22", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-29 19:43:18", "1819890", "13.213.58.233:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:21", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-29 19:43:14", "1819889", "111.229.154.250:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:17", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-29 19:43:06", "1819888", "103.213.251.10:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:43:09", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-29 19:43:02", "1819887", "1.14.172.47:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:02", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-29 15:46:36", "1819866", "124.220.235.4:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:46", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-29 15:30:50", "1819842", "mub.depansm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:23:42", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-29 15:30:50", "1819843", "https://mub.depansm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:23:41", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-29 11:46:49", "1819788", "209.200.246.82:7533", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:03", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-29 11:46:38", "1819787", "124.71.141.30:5003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-29 11:46:33", "1819786", "118.89.79.131:6528", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-29 11:46:24", "1819785", "103.242.12.143:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-29 09:46:58", "1819763", "119.29.117.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-29 09:44:20", "1819761", "194.236.215.200:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-30 12:44:21", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-29 09:44:16", "1819759", "192.30.243.28:36812", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-28 18:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-29 09:44:16", "1819760", "192.30.243.28:8638", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-28 18:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-29 09:44:12", "1819758", "190.255.90.152:6010", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-28 18:43:56", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-29 09:44:06", "1819757", "185.212.129.6:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:11", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-29 09:44:05", "1819756", "185.212.129.146:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:10", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-29 09:43:50", "1819754", "172.82.64.235:444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-28 18:43:39", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-29 09:43:47", "1819753", "168.144.36.228:9000", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:43:48", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-29 09:43:39", "1819752", "158.94.208.29:207", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-28 18:43:31", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-29 09:43:38", "1819751", "157.254.223.135:2700", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:40", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-29 09:43:08", "1819749", "103.77.246.174:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-30 12:43:11", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch" "2026-05-29 09:43:07", "1819748", "103.213.251.10:8444", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:43:09", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-29 06:45:14", "1819713", "198.44.177.179:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:00", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-29 06:44:51", "1819710", "45.116.78.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 08:47:12", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-29 06:26:29", "1819695", "15.235.9.17:8000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-29 08:43:29", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-28 19:45:25", "1819595", "82.197.69.156:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-29 08:45:42", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-28 19:44:47", "1819594", "35.158.219.35:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:29", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-28 19:44:44", "1819593", "31.57.184.154:7005", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-28 19:43:13", "1819586", "13.209.95.4:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:21", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-28 09:46:10", "1819407", "91.230.94.235:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-28 09:46:09", "1819406", "91.215.85.212:45423", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-28 09:46:05", "1819405", "85.209.90.132:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:13", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-28 09:46:00", "1819404", "83.171.227.230:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:11", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-28 09:45:58", "1819403", "81.71.20.107:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:09", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-28 09:45:23", "1819402", "43.133.165.151:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:34", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-28 09:45:10", "1819401", "27.102.138.15:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:24", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-28 09:44:20", "1819398", "206.119.171.212:4333", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:32", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-28 09:44:19", "1819396", "202.95.8.97:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:30", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-28 09:44:19", "1819397", "202.95.8.98:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:30", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-28 09:44:10", "1819394", "193.5.65.169:4348", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:20", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-28 09:44:10", "1819395", "193.5.65.169:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:20", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-28 09:43:45", "1819393", "172.86.76.218:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:43:52", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-28 09:43:44", "1819392", "172.236.142.17:6933", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:50", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-28 09:43:40", "1819391", "165.154.205.4:53341", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:46", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-28 09:43:33", "1819390", "155.103.71.135:56789", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:37", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-28 09:43:27", "1819389", "146.103.106.59:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 08:43:28", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-28 09:43:23", "1819388", "139.59.84.11:2053", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 08:43:25", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-28 09:43:13", "1819387", "113.31.106.85:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:17", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-28 09:43:05", "1819386", "103.183.75.134:20443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:09", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-28 06:56:15", "1819351", "120.48.66.205:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:44", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2026-05-28 05:33:17", "1819239", "138.124.61.65:8088", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-28 18:43:18", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-28 05:33:16", "1819240", "46.246.14.2:9999", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:45:46", "100", "True", "None", "dcrat", "1", "_ik_" "2026-05-28 05:32:54", "1819269", "116.213.42.110:2003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:40", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-27 19:45:55", "1819225", "91.200.84.198:8515", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-27 19:45:18", "1819224", "45.32.236.190:2096", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:40", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-27 19:45:12", "1819222", "43.106.14.139:8085", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:34", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-27 19:45:12", "1819223", "43.133.149.36:18443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:34", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-27 19:43:47", "1819220", "18.162.155.202:3350", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:57", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-27 19:43:30", "1819219", "157.20.182.17:1973", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:39", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-27 19:43:08", "1819217", "104.225.149.151:54321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-27 15:46:43", "1819146", "8.134.70.73:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:21", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-27 15:46:36", "1819145", "47.122.47.221:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-27 11:48:59", "1819067", "47.118.25.45:8451", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-29 10:46:56", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-27 09:45:01", "1819044", "35.75.179.211:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-28 18:44:56", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2026-05-27 09:43:38", "1819042", "164.90.206.5:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:46", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-27 09:43:32", "1819041", "157.254.223.135:2500", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:40", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-27 07:09:22", "1818955", "117.72.159.215:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:41", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear" "2026-05-27 07:09:22", "1818956", "8.163.49.50:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:23", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear" "2026-05-27 06:54:26", "1819006", "124.70.184.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:47", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-26 22:46:04", "1818934", "134.122.134.243:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-29 10:46:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-26 19:45:20", "1818880", "5.101.82.8:48214", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-26 19:44:11", "1818879", "207.180.250.181:20600", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:33", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-26 19:43:55", "1818878", "190.2.150.52:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:14", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-26 19:43:28", "1818872", "155.102.136.60:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:36", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-26 14:46:42", "1818804", "47.122.47.221:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-26 10:46:53", "1818731", "68.64.178.130:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:20", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-26 10:46:44", "1818730", "45.227.253.121:35120", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-26 10:46:38", "1818729", "36.138.84.183:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:05", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-26 10:01:24", "1818710", "43.204.108.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:10", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-26 10:01:23", "1818711", "43.204.108.246:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:10", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-26 10:01:20", "1818714", "198.23.185.82:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:25", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-26 09:45:51", "1818704", "91.92.243.189:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-28 18:45:41", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-05-26 09:45:36", "1818703", "64.89.161.156:9999", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:02", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-26 09:45:21", "1818701", "46.8.226.70:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:47", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-26 09:44:59", "1818700", "34.106.231.199:6932", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:28", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-26 09:44:54", "1818699", "23.27.168.162:2850", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:45:23", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-26 09:44:15", "1818698", "209.99.187.22:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 08:44:34", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-26 09:44:12", "1818697", "202.189.6.77:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-26 09:44:02", "1818696", "193.24.123.160:45631", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-26 09:43:57", "1818695", "191.93.116.106:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:44:15", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-26 09:43:28", "1818694", "153.75.232.207:4000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:34", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-25 22:46:18", "1818480", "47.108.25.113:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-25 22:46:15", "1818479", "43.156.42.49:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-25 19:45:14", "1818439", "5.101.83.143:7312", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-25 19:45:13", "1818438", "5.101.82.98:42859", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-25 19:44:52", "1818434", "37.77.150.174:4333", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:45:31", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-05-25 19:44:51", "1818433", "37.77.150.174:4332", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:45:31", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-05-25 19:44:46", "1818432", "27.102.137.139:1243", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-25 19:44:05", "1818431", "202.95.8.92:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:30", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-25 19:43:28", "1818427", "157.20.182.18:1992", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:39", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-25 14:01:58", "1818337", "krolikrojer.lat", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-29 13:27:15", "100", "False", "", "clickfix", "0", "whoamix302" "2026-05-25 09:46:05", "1818298", "83.142.209.64:35630", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:11", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-25 09:43:37", "1818295", "157.20.182.18:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-29 18:43:34", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-25 06:57:09", "1818253", "134.175.78.181:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:48", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-24 19:45:21", "1818107", "31.171.131.118:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-24 19:43:36", "1818104", "157.20.182.18:9992", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-28 18:43:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-24 14:46:49", "1818053", "45.154.12.150:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-24 14:46:17", "1818052", "103.210.236.87:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-24 14:46:12", "1818050", "wsus.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-24 14:46:12", "1818051", "wsus2.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-24 14:43:03", "1818049", "102.220.160.47:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-30 12:43:05", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch" "2026-05-24 14:10:22", "1818032", "104.168.0.29:52202", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:11", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-24 14:10:22", "1818033", "156.239.238.117:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 08:46:54", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-24 11:08:34", "1817883", "43.138.192.16:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:08", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-24 11:05:15", "1817829", "172.94.18.103:75", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:53", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-24 11:04:56", "1817873", "172.94.18.103:73", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:53", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-24 11:04:35", "1817773", "sdnssmdf-js.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:39:11", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-24 11:04:34", "1817774", "smtnscerver.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:32:22", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-24 11:04:32", "1817785", "39.100.88.189:9001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:06", "50", "False", "None", "37963,c2,censys,cobalt strike", "0", "sojubear" "2026-05-24 11:03:40", "1817715", "101.43.30.6:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:34", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-23 22:00:09", "1817758", "https://cyy.turbo88ml.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:23:19", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-23 22:00:08", "1817757", "cyy.turbo88ml.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:23:19", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-23 19:43:58", "1817707", "18.118.196.244:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 08:43:54", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-23 19:43:39", "1817705", "157.254.223.135:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:40", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-23 19:43:35", "1817704", "151.236.20.3:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:34", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-23 14:56:56", "1817663", "101.126.10.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:33", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-23 14:56:33", "1817454", "rpc-cloud.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:31", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:56:30", "1817460", "siteamnsserv.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:39:03", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:56:29", "1817462", "store-image.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:32:13", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:45", "1817468", "vaer-cdn-3.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:32:06", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:44", "1817469", "vblbs.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:32:04", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:44", "1817470", "vdsinatest.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:54", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:44", "1817471", "visual-ns-portal.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:31:58", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:42", "1817474", "workcdnmass.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:39:17", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:42", "1817476", "lsnsdns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:33:09", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:39", "1817480", "minecraftserverapigame.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:33", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:38", "1817483", "networksolutionson.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:33:04", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:37", "1817485", "ntsnsdns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:45", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:36", "1817487", "poygon-notifications.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:32:39", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:35", "1817488", "istile-c-cloud.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:33:20", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:35", "1817489", "js-server.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:39:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:34", "1817491", "lasthauszver.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:33:16", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:34", "1817492", "image-hoster11.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:33:23", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:33", "1817494", "img-cdn-cloud.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:33:21", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:32", "1817497", "fontawesome-js-ico.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:33:44", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:31", "1817498", "fonts-fontawesome.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:33:42", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:30", "1817500", "ghdnsserverns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:33:32", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:26", "1817505", "cdn-server-styles.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:37:54", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 14:54:01", "1817632", "203.83.10.114:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:01", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-23 14:47:31", "1817655", "119.29.117.194:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-29 10:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-23 08:58:45", "1817509", "chekbrow.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:37:52", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 08:58:44", "1817511", "cloud-safe.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:39:50", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 08:58:44", "1817512", "clpcentr.world", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:38", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 08:58:43", "1817513", "clpuanmeserver.shop", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:35", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 08:58:41", "1817517", "dev.clpcentr.world", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:36", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 08:58:40", "1817518", "dreff-nsdns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:59", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 08:58:40", "1817519", "bacloudserver.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:14", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 08:58:40", "1817520", "bbdsnssserver.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:43", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 08:58:39", "1817522", "bedcdnset.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:12", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 08:58:38", "1817524", "bigsmart.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:10", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 08:58:34", "1817530", "2fa-cp.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:38:21", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz" "2026-05-23 08:58:34", "1817537", "1.117.77.166:3310", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-29 10:46:16", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear" "2026-05-22 19:45:34", "1817426", "87.251.76.213:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:15", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-22 11:36:04", "1817206", "46.20.109.225:8999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:13", "75", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-05-22 09:44:40", "1817235", "31.57.184.154:7006", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-22 09:44:39", "1817233", "31.171.131.118:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-22 09:44:39", "1817234", "31.171.131.118:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-22 08:46:18", "1817215", "154.201.68.191:14125", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-22 08:11:41", "1817132", "129.204.14.131:44444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:47", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear" "2026-05-22 08:11:23", "1817193", "207.180.250.181:20700", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:33", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-22 07:55:22", "1817187", "47.236.110.1:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:16", "100", "False", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2026-05-22 07:55:19", "1817184", "23.236.64.231:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:05", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-21 19:45:14", "1817055", "42.121.150.29:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:45:34", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-21 19:45:07", "1817054", "34.61.52.162:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:29", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-21 19:44:01", "1817053", "193.29.13.23:5758", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:19", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-21 19:43:30", "1817051", "157.230.125.65:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:40", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-21 07:19:52", "1816875", "156.225.22.84:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:52", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-21 05:01:18", "1816747", "154.201.68.191:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 09:53:51", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-20 19:44:41", "1816738", "41.216.189.163:43210", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:34", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-20 19:44:32", "1816737", "221.207.101.175:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:45:21", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-20 09:45:05", "1816585", "51.15.8.6:9998", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:55", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-20 09:43:56", "1816583", "202.1.31.83:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:29", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-20 09:43:40", "1816582", "18.178.185.250:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-29 08:43:49", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2026-05-20 09:43:39", "1816581", "178.212.13.29:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:56", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-20 08:54:33", "1816563", "1.92.101.103:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:33", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-20 07:37:44", "1816553", "103.149.93.107:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:34", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-20 07:37:42", "1816551", "45.152.65.240:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:11", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-20 05:25:02", "1816481", "114.134.187.38:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:39", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-19 20:46:09", "1816445", "43.142.137.169:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:09", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-19 19:45:18", "1816431", "91.202.233.214:44123", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-19 19:44:36", "1816427", "31.57.184.154:2502", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-19 14:00:01", "1816314", "111.230.36.144:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:37", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-19 09:43:37", "1816296", "176.120.22.127:443", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "2026-06-30 08:43:52", "75", "False", "None", "drb-ra,PoshC2", "0", "abuse_ch" "2026-05-19 09:43:19", "1816294", "142.93.165.129:3334", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:27", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-19 06:46:32", "1816252", "45.152.65.240:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:11", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-19 06:46:14", "1816248", "111.230.36.144:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:37", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-19 05:16:26", "1816209", "172.94.18.103:76", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:53", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-19 05:16:16", "1816173", "43.143.145.187:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:09", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear" "2026-05-19 05:16:15", "1816172", "47.82.234.12:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:17", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear" "2026-05-19 05:16:06", "1816164", "119.91.26.245:6666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:44", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear" "2026-05-19 05:15:34", "1816110", "43.144.19.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:09", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 22:47:21", "1816141", "1.117.61.9:12306", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-18 19:44:41", "1816102", "5.101.81.2:51842", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-18 19:44:31", "1816100", "38.147.189.199:9001", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:45:31", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-18 19:43:13", "1816096", "138.124.90.26:51337", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:24", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-18 19:43:11", "1816095", "130.49.214.92:53522", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:21", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-18 19:43:02", "1816094", "101.99.95.16:2850", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:03", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-18 18:05:44", "1816036", "207.180.250.181:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:33", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-18 11:28:05", "1815876", "175.178.36.137:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:56", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 10:46:24", "1815946", "62.234.22.228:51234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-18 09:44:56", "1815930", "46.8.226.70:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:47", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-18 09:44:56", "1815931", "46.8.226.70:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:47", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-18 09:43:30", "1815927", "163.181.46.56:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:45", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-18 07:33:49", "1815818", "47.236.91.172:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:17", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:34", "1815757", "124.220.36.247:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:46", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:28", "1815737", "81.68.216.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:24", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:27", "1815736", "81.68.216.220:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:24", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:26:30", "1815832", "172.86.76.154:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:56", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-17 22:45:31", "1815762", "119.29.112.239:8005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-17 15:53:07", "1815551", "207.56.229.234:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:03", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:52:22", "1815616", "angelphonerepair.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 06:03:09", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:11", "1815627", "istriamaestranza.cl", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:08", "1815631", "thegingamebroadway.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 06:52:36", "1815461", "81.71.20.155:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:24", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-17 03:45:47", "1815481", "47.236.91.172:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-16 19:45:35", "1815397", "45.155.69.153:43345", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:39", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-16 19:43:06", "1815392", "103.219.153.200:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:10", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-16 19:43:06", "1815393", "103.219.153.200:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:10", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-16 19:43:05", "1815391", "103.219.153.200:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:09", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-16 09:43:55", "1815258", "193.169.194.51:6325", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-15 19:44:50", "1815137", "95.231.168.143:4483", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:46:21", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-15 19:44:21", "1815134", "4.235.114.15:1024", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 08:45:31", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-15 19:44:19", "1815133", "34.69.130.10:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:45:29", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-15 19:43:12", "1815127", "137.184.102.191:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:23", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-15 16:00:12", "1815073", "pgo.fatherchrismas.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:22:58", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-15 16:00:12", "1815074", "https://pgo.fatherchrismas.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:22:58", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-15 13:48:12", "1814914", "207.56.229.234:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:03", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-15 09:44:54", "1814528", "5.101.81.2:63676", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:49", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-14 22:45:41", "1812322", "1.117.61.9:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-14 22:45:33", "1812320", "ct.feliz.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-14 19:47:27", "1812283", "95.141.133.7:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:20", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch" "2026-05-14 19:43:12", "1812280", "104.243.248.63:1806", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-29 08:43:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-14 12:36:52", "1811874", "8.218.224.15:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:23", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-14 12:33:41", "1812137", "207.56.226.75:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:02", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-14 12:32:21", "1811554", "chameleoninserts.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-14 12:14:39", "1812148", "147.78.2.110:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:50", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-14 09:51:34", "1812126", "84.46.251.62:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-13 19:45:08", "1811948", "5.101.83.144:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-13 19:44:54", "1811945", "43.230.162.44:14321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:36", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-13 19:43:53", "1811942", "194.33.48.221:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:21", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-13 19:43:03", "1811939", "103.197.191.159:443", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-28 18:43:07", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-13 09:43:56", "1811762", "203.202.232.22:3131", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:30", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-13 09:43:50", "1811761", "194.33.48.221:8081", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:21", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-12 22:45:18", "1811650", "168.222.97.93:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-12 22:45:18", "1811651", "168.222.97.93:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-12 22:45:17", "1811649", "161.248.87.10:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-12 14:50:32", "1811234", "190.255.90.152:6000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-28 18:43:56", "50", "False", "None", "3816,asyncrat,c2,censys", "0", "sojubear" "2026-05-12 14:48:59", "1811440", "http://cdntestconnect.com/ed54b97a570943999715.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-30 13:04:06", "100", "False", "None", "c2,first,loader,StealC,stealer", "0", "Bitsight" "2026-05-12 11:45:38", "1811412", "117.72.168.103:50011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-12 09:45:17", "1811400", "91.215.85.121:6466", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:46:18", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-12 09:45:14", "1811399", "85.158.57.247:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:13", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-12 09:45:04", "1811398", "67.180.188.88:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-12 09:43:50", "1811389", "207.148.2.115:60060", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:44:32", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-12 09:43:50", "1811390", "207.148.2.115:60061", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:44:32", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-12 09:43:21", "1811387", "155.103.71.115:14549", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-28 18:43:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-11 23:00:12", "1811187", "mpd.pegasus-77.biz.id", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:22:37", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-11 23:00:12", "1811188", "https://mpd.pegasus-77.biz.id/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:22:37", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-11 22:45:16", "1811186", "117.50.184.221:10080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-11 22:45:14", "1811185", "112.124.71.123:55555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:37", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-11 19:45:07", "1811129", "64.199.252.59:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:46:00", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-11 19:45:01", "1811128", "51.77.54.76:6769", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:55", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 19:44:51", "1811127", "46.253.143.52:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:47", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 19:44:49", "1811126", "45.77.89.29:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:43", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 19:43:58", "1811125", "213.139.77.243:55555", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:44:37", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-05-11 19:43:39", "1811124", "185.212.128.72:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:09", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-11 19:43:38", "1811123", "185.190.142.66:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:08", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 19:43:08", "1811118", "109.73.193.242:10140", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 09:45:15", "1810965", "89.42.134.220:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:17", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-11 09:44:36", "1810961", "44.215.161.149:4005", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:36", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-11 09:44:35", "1810960", "43.133.149.36:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:34", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-11 09:44:29", "1810959", "31.57.184.154:7007", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-11 09:43:46", "1810958", "20.114.142.61:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:28", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-11 09:43:41", "1810956", "193.169.194.19:8264", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-11 09:43:35", "1810955", "185.242.245.27:44875", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:11", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 09:43:34", "1810954", "185.212.128.76:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:09", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-11 09:43:26", "1810952", "172.239.57.52:1234", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:50", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 09:43:26", "1810953", "172.245.97.237:2030", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:51", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-11 09:43:15", "1810949", "144.91.78.57:9008", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-11 09:43:09", "1810947", "130.12.182.209:1525", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:21", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 23:45:17", "1810462", "150.158.109.61:9090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-10 23:45:07", "1810461", "112.213.106.53:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-10 19:44:55", "1810418", "64.23.231.32:9001", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:46:00", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-10 19:44:31", "1810414", "31.57.184.154:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 19:44:30", "1810413", "24.134.4.221:4714", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:45:23", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-10 19:43:45", "1810410", "195.123.240.236:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:22", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-10 19:43:45", "1810411", "195.123.240.236:8274", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:22", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-10 19:43:39", "1810408", "189.34.188.6:5406", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:14", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-10 19:43:39", "1810409", "189.34.188.6:5407", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:14", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-10 18:56:50", "1809884", "diversidadecatolica.com.br", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:17", "1809914", "m1-ma.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 06:05:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:03", "1809924", "pastquestion.com.ng", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 06:05:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:00", "1809928", "prediksitaysen88.cloud", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 06:03:08", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:52", "1809935", "sapienharvest.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 06:03:09", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:48", "1809940", "staybadparamotor.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 06:03:08", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:42:12", "1809980", "129.211.2.123:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:48", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear" "2026-05-10 18:42:09", "1809984", "1.92.101.103:8099", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:33", "50", "False", "None", "55990,c2,censys,cobalt strike", "0", "sojubear" "2026-05-10 09:44:56", "1810170", "57.158.27.132:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:58", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-10 09:44:39", "1810169", "43.133.149.36:18080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:34", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-10 09:43:33", "1810164", "179.43.134.189:9968", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-09 19:43:46", "1809754", "213.130.25.141:44333", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:37", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-09 19:43:24", "1809750", "168.144.89.48:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:48", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-09 19:43:23", "1809749", "167.99.151.149:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:47", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 23:44:52", "1809219", "139.196.50.117:9930", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 19:44:36", "1809052", "83.142.209.60:8795", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:11", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 19:44:32", "1809046", "64.90.19.46:5432", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:03", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 19:44:25", "1809043", "5.101.86.105:4509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:41", "1809039", "209.38.100.109:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:34", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 19:43:36", "1809038", "193.42.24.165:4848", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 19:43:35", "1809037", "193.169.194.24:2509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:29", "1809034", "185.212.128.15:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:09", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-08 19:43:29", "1809035", "185.212.128.24:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:09", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-08 19:43:28", "1809033", "180.97.214.70:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:57", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-08 19:43:19", "1809029", "160.25.82.142:80", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:15", "1809027", "146.185.239.61:9702", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 10:44:29", "1808742", "47.83.254.175:1102", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 10:43:48", "1808741", "1364170351-kld29tgkc1.ap-guangzhou.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 08:43:53", "1808661", "5.101.86.95:4034", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:51", "1808659", "5.101.86.41:3305", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:49", "1808655", "5.101.83.117:8374", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:48", "1808654", "5.101.82.226:3581", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:47", "1808653", "5.101.81.23:4315", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:45", "1808650", "45.56.91.55:2005", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:41", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch" "2026-05-08 08:43:21", "1808643", "209.38.110.161:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:34", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 08:43:15", "1808639", "185.212.129.114:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:10", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-08 08:43:13", "1808637", "178.104.186.90:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:55", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 08:43:08", "1808633", "146.185.239.55:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:05", "1808628", "113.31.118.180:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:17", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 08:43:04", "1808623", "104.243.248.63:1802", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 08:43:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-08 08:43:03", "1808622", "103.83.87.81:4141", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-29 18:43:09", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 07:49:28", "1808600", "45.202.249.88:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:12", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-08 07:49:24", "1808598", "45.202.249.88:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:12", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-07 20:44:32", "1808286", "101.33.225.32:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-07 18:43:18", "1808255", "168.144.36.228:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:43:48", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-07 18:43:11", "1808253", "146.185.233.41:5382", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-07 18:43:09", "1808252", "138.197.21.32:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:24", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-07 10:44:18", "1808142", "83.147.38.94:2030", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:46:11", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-06 20:53:22", "1807868", "27.102.137.139:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:24", "75", "False", "", "Remcos,RemcosRAT,Remvio,Socmer", "0", "whoamix302" "2026-05-06 20:45:39", "1807906", "45.207.192.190:30078", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 20:45:29", "1807905", "207.56.226.75:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:02", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 20:45:09", "1807904", "117.72.168.103:16337", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 20:44:56", "1807903", "static.slbc7890.shop", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-29 10:46:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 18:44:01", "1807846", "5.101.86.102:2501", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-06 18:44:01", "1807847", "5.101.86.107:4934", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-06 18:43:14", "1807842", "154.18.238.18:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:34", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-06 16:44:44", "1807792", "39.101.78.48:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:32", "1807791", "124.223.90.150:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:22", "1807788", "1.15.100.187:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 08:46:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:13", "1807783", "1325813086-kvn4jlpgeu.ap-shanghai.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 08:46:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:13", "1807785", "4176rbz8vepn6.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 08:44:09", "1807540", "5.101.86.41:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-06 08:44:09", "1807541", "5.101.86.41:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-06 08:43:54", "1807538", "31.57.184.154:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-05 18:49:30", "1807206", "5.101.86.98:4126", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 18:49:12", "1807204", "5.101.82.228:9362", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 18:49:12", "1807205", "5.101.82.229:3039", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 10:47:42", "1806953", "5.101.82.99:6031", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 08:44:56", "1806901", "172.245.156.179:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:56", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 20:45:07", "1806229", "8.130.80.145:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:21", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 20:44:43", "1806228", "154.219.115.123:61443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 20:44:36", "1806227", "119.29.198.193:8555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 18:44:06", "1806112", "5.101.86.101:1398", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-04 08:44:13", "1805766", "82.165.79.60:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:46:10", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-04 08:44:12", "1805765", "82.165.79.60:1337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:46:10", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-04 08:43:16", "1805757", "163.181.45.55:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:45", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-03 12:44:29", "1805268", "151.245.90.45:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-03 12:44:08", "1805267", "ap.johamp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-03 08:43:54", "1805202", "46.151.182.148:25608", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-29 08:45:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-02 20:44:31", "1804968", "203.160.54.22:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:01", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 20:44:06", "1804965", "h67as5d5x.m6p3wca1.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 18:43:44", "1804928", "38.147.173.24:8562", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:31", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-02 14:44:30", "1804853", "47.101.172.178:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:13", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 08:43:53", "1804732", "8.160.216.91:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:46:08", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-02 08:43:40", "1804728", "31.57.184.161:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:40", "1804729", "31.57.184.161:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:39", "1804727", "31.57.184.161:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:06", "1804719", "124.95.172.200:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:19", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-02 06:32:30", "1804607", "vinabeautyspa.nyc", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:05:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:28", "1804586", "topjobsnigerian.com.ng", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:06", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:27", "1804570", "thegoldenliving.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:25", "1804551", "sunyan.me", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:08", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:18", "1804482", "pretribun.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:05:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:17", "1804468", "phnomtamaozoologicalpark.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:17", "1804470", "pio-ulski.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:08", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:16", "1804455", "onlydiscovery.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:09", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:15", "1804447", "nycefmonline.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:05:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:14", "1804427", "murdockfuneralhome.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:14", "1804436", "nefis.be", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:13", "1804417", "mobilepricesbot.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:05:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:13", "1804426", "muneramusica.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-28 14:01:28", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:10", "1804387", "lightcenterlove.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:06", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:10", "1804389", "livelaughlovedo.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:05:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:09", "1804375", "kcherbs.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:08", "1804362", "jes-edu.in", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:05:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:32:05", "1804332", "healgram.gr", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:05:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:31:59", "1804281", "entwined.co.ke", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:31:58", "1804268", "dr-habitat.fr", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:08", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:31:56", "1804250", "councilapprovaldesign.com.au", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:08", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:31:55", "1804233", "clarksoutpost.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:08", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:31:53", "1804220", "cbdmassage378.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:07", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:31:52", "1804205", "bluegrassrooter.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:08", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 06:31:50", "1804185", "babytoyecia.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-30 06:03:08", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz" "2026-05-02 05:24:17", "1803956", "https://arsimonopa.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:08:23", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-05-02 05:24:15", "1803960", "https://lemonimonakio.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:00:21", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-05-01 18:43:58", "1803896", "89.114.115.200:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:46:15", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 18:43:53", "1803894", "59.152.212.164:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:45:58", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 18:43:50", "1803887", "5.101.82.190:5691", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:45", "1803881", "45.10.164.177:45123", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:36", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 18:43:44", "1803880", "39.101.82.73:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:45:33", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-01 18:43:41", "1803874", "31.57.184.154:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 18:43:24", "1803866", "195.88.191.41:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:23", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-01 18:43:24", "1803867", "195.88.191.41:7666", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:23", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-01 18:43:19", "1803858", "185.212.128.80:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:10", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 18:43:19", "1803859", "185.212.128.85:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:10", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 18:43:16", "1803856", "173.211.106.231:21320", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-29 18:43:45", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 18:43:04", "1803843", "107.175.113.106:55", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:43:15", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-01 18:43:02", "1803840", "103.110.65.166:52223", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:08", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-01 14:44:50", "1803693", "8.222.192.153:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:08", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-01 14:44:44", "1803689", "47.236.91.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:16", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-01 14:44:09", "1803685", "secure-server.sbs", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-01 14:30:24", "1803670", "frr.ambil-disini.web.id", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:22:16", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-01 14:30:24", "1803671", "https://frr.ambil-disini.web.id/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:22:16", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-01 08:43:49", "1803514", "72.56.246.58:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:46:06", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 08:43:48", "1803512", "62.60.226.63:6856", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:48", "1803513", "64.89.163.114:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:03", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803506", "5.101.86.57:1984", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803507", "5.101.86.60:6798", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803508", "5.101.86.76:1338", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803509", "5.101.86.76:9323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803510", "5.101.86.76:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803511", "5.101.86.78:9323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:44", "1803499", "46.151.182.71:22", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:46", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:44", "1803500", "47.103.106.26:2333", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:47", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 08:43:44", "1803501", "47.83.254.175:6321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:48", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 08:43:40", "1803493", "4.236.165.30:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:33", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 08:43:37", "1803490", "3.19.238.211:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:24", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-01 08:43:21", "1803483", "194.116.236.110:6161", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-29 08:44:09", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:20", "1803478", "190.2.150.52:853", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:16", "1803473", "178.128.252.142:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:55", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 08:43:14", "1803470", "169.40.135.35:6158", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:48", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:12", "1803465", "158.94.209.227:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-28 18:43:31", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-05-01 08:43:11", "1803460", "155.103.70.100:50030", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:11", "1803461", "155.103.70.100:50033", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:11", "1803462", "155.103.70.68:2323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-28 18:43:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:10", "1803458", "151.243.109.213:6325", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:07", "1803452", "136.0.41.76:8443", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:22", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 08:43:05", "1803448", "111.229.144.163:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:17", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch" "2026-05-01 07:08:49", "1803387", "203.160.54.22:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:00", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-01 02:43:32", "1803286", "94.176.3.228:48765", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:20", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:32", "1803291", "98.97.125.70:8883", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-30 12:46:22", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:31", "1803279", "91.202.233.153:43555", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:31", "1803280", "91.215.85.151:47653", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:30", "1803275", "85.121.5.202:5689", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:13", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:30", "1803276", "85.155.186.2:3821", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:13", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:29", "1803269", "83.97.20.133:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:46:12", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:28", "1803262", "79.135.160.20:9999", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:07", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:27", "1803257", "66.163.115.78:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:27", "1803260", "72.56.246.58:443", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:46:06", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:27", "1803261", "72.56.246.58:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:46:06", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:26", "1803251", "52.198.162.251:16000", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:56", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:26", "1803254", "62.81.188.1:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-30 12:45:59", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:26", "1803255", "66.163.115.78:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:26", "1803256", "66.163.115.78:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:46:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:25", "1803245", "45.95.232.195:54655", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:45", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:25", "1803246", "46.101.77.223:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:45:45", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:24", "1803240", "45.56.91.55:2003", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:41", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:24", "1803244", "45.81.243.52:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:44", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:23", "1803235", "45.125.67.171:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:36", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:23", "1803238", "45.155.69.106:42211", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:39", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:22", "1803231", "43.134.133.177:8445", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:45:35", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:22", "1803232", "43.142.77.170:443", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:45:35", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:22", "1803233", "43.142.77.170:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:45:35", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:22", "1803234", "43.160.225.40:39001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:35", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:21", "1803225", "37.72.140.15:5555", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:30", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:21", "1803228", "38.54.119.24:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:32", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:20", "1803218", "222.255.100.119:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:45:21", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:20", "1803219", "23.227.203.6:42235", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:21", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:20", "1803222", "31.57.184.154:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:19", "1803211", "216.107.208.250:10444", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:44:38", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:19", "1803215", "219.142.15.101:4353", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-30 12:45:21", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:19", "1803216", "220.231.47.163:4353", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-30 12:45:21", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:19", "1803217", "221.130.42.19:4353", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-30 12:45:21", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:18", "1803204", "207.107.147.42:4438", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:44:32", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:18", "1803205", "208.249.244.20:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:44:33", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:18", "1803206", "209.151.145.164:8443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:44:34", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:17", "1803202", "202.95.17.188:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:30", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:17", "1803203", "206.189.40.107:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:32", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:15", "1803192", "193.23.137.40:3334", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:19", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:14", "1803180", "185.242.3.83:9909", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:12", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:14", "1803181", "185.247.224.40:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:13", "1803173", "185.212.128.81:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:10", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:13", "1803174", "185.212.129.23:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:10", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:13", "1803176", "185.212.129.29:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:10", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:13", "1803177", "185.212.129.30:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:11", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:13", "1803178", "185.213.20.250:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:11", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:13", "1803179", "185.242.245.120:42534", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:11", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:12", "1803166", "180.184.29.135:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:57", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:12", "1803167", "182.255.45.114:4848", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:05", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:12", "1803168", "185.122.171.4:44355", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:06", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:12", "1803171", "185.212.128.25:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:09", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:12", "1803172", "185.212.128.48:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:44:09", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:11", "1803162", "178.16.52.22:8396", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:55", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:10", "1803158", "173.211.106.231:21321", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-29 18:43:45", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:10", "1803159", "173.242.59.199:8888", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-30 12:43:54", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:09", "1803152", "172.111.162.252:3030", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:49", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:09", "1803153", "172.9.165.216:8096", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:43:52", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:08", "1803145", "161.248.179.92:1111", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:42", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:08", "1803146", "161.248.179.92:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:42", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:08", "1803147", "162.14.124.25:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:43", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:07", "1803134", "149.104.28.204:3656", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:32", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:06", "1803127", "142.93.88.220:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:27", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:05", "1803124", "138.124.113.131:4211", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:23", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:05", "1803126", "139.64.164.72:63337", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:43:25", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:04", "1803114", "115.42.60.122:5440", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:18", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:04", "1803115", "117.72.101.55:9520", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:43:19", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:04", "1803119", "130.94.23.39:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:22", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:03", "1803109", "103.75.190.47:54630", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:10", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:03", "1803110", "104.234.174.93:57712", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:03", "1803111", "106.55.71.62:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:03", "1803113", "115.190.247.97:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-04-30 18:43:45", "1802897", "82.156.219.31:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-30 18:43:30", "1802894", "193.53.127.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:00", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-30 18:43:10", "1802892", "www.microsslcheck.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-30 12:55:24", "1802724", "101.43.29.69:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:34", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-04-30 05:46:36", "1802288", "dokunmatikekrandegisimi.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 06:05:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-04-29 14:43:42", "1802141", "82.156.62.131:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-29 14:43:24", "1802138", "156.245.147.98:9010", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-29 07:49:06", "1801960", "156.245.147.101:9010", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:54", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-27 11:02:18", "1800975", "45.43.59.179:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 10:46:10", "1800972", "ns1.twnic.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 10:43:32", "1800970", "cc.twnic.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 08:23:19", "1800899", "147.78.2.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:50", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 19:14:08", "1800528", "http://pillow.riverbridge.site", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:21:55", "75", "False", "None", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:19:19", "1800509", "pillow.riverbridge.site", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:21:55", "100", "False", "https://bazaar.abuse.ch/sample/2199baf11d50dd10555f8aec122178e03b62570fc0d4614a8e928978dc547154/", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:11:00", "1800411", "http://91.92.242.236/oPvjr94jfe/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-30 12:54:13", "100", "False", "None", "54e64e,amadey,c2", "0", "Bitsight" "2026-04-26 08:48:33", "1800301", "156.245.147.98:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-26 08:43:33", "1800299", "dd.googleos-js.vip", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-26 08:43:30", "1800298", "d2.googleos-js.vip", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-24 15:18:06", "1797248", "psy.flise-mesteren.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:21:34", "75", "False", "None", "r88vry,Vidar", "0", "abuse_ch" "2026-04-24 15:18:01", "1797247", "https://psy.flise-mesteren.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:21:33", "75", "False", "None", "r88vry,Vidar", "0", "abuse_ch" "2026-04-23 04:45:34", "1796426", "http://196.251.107.248/kont2rt/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-30 13:02:00", "100", "False", "None", "Amadey", "0", "abuse_ch" "2026-04-22 20:53:22", "1796313", "192.210.174.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:00", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-22 14:30:19", "1796097", "47.94.162.43:2222", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:18", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-22 11:17:13", "1796068", "wrath.bottlevacuum.shop", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:21:44", "75", "False", "None", "opiusra,Vidar", "0", "abuse_ch" "2026-04-22 11:17:09", "1796067", "http://wrath.bottlevacuum.shop", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:21:44", "75", "False", "None", "opiusra,Vidar", "0", "abuse_ch" "2026-04-22 10:36:10", "1796009", "82.156.62.131:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:25", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-19 18:25:29", "1794638", "http://213.5.130.87", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:33", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-18 02:46:54", "1793918", "121.4.92.72:1111", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:45", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-17 22:15:08", "1793803", "https://keypharmacy.uk/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 07:31:04", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-17 22:15:06", "1793799", "https://unspanel.rs/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 08:31:02", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-17 20:50:11", "1793739", "43.230.200.254:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-17 20:44:37", "1793738", "ns2.jane2010.filegear-sg.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-17 20:44:14", "1793737", "ns1.jane2010.filegear-sg.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-17 18:15:06", "1793645", "http://213.5.130.147", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:34", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-17 17:13:27", "1793617", "ask.shurimaster.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:20:50", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-17 17:13:25", "1793616", "https://ask.shurimaster.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:20:50", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-16 16:13:58", "1792850", "pir.rapidphonebuyer.co.uk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:18:31", "75", "False", "None", "d0b0p,Vidar", "0", "abuse_ch" "2026-04-16 16:13:56", "1792849", "https://pir.rapidphonebuyer.co.uk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:18:31", "75", "False", "None", "d0b0p,Vidar", "0", "abuse_ch" "2026-04-16 11:16:20", "1792719", "gusto.brothbridge.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:21:13", "75", "False", "None", "odiznrio,Vidar", "0", "abuse_ch" "2026-04-16 11:16:17", "1792718", "http://gusto.brothbridge.space", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:21:12", "75", "False", "None", "odiznrio,Vidar", "0", "abuse_ch" "2026-04-16 10:56:58", "1792707", "43.167.177.224:7778", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 02:43:39", "1792532", "bxx2rghe05kng.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-15 11:43:19", "1791747", "http://107.189.24.190:80", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:15:46", "75", "False", "None", "gr00n1,Vidar", "0", "abuse_ch" "2026-04-15 11:39:45", "1791738", "139.224.23.63:8866", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:49", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-15 08:15:17", "1791688", "venom.summertunnel.shop", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:21:01", "75", "False", "None", "ozpifus,Vidar", "0", "abuse_ch" "2026-04-15 08:15:13", "1791687", "http://venom.summertunnel.shop", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:21:01", "75", "False", "None", "ozpifus,Vidar", "0", "abuse_ch" "2026-04-15 01:15:17", "1791265", "https://cakramakmurabadi.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 07:31:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-15 01:15:04", "1791228", "https://opportunitiesforeveryone.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-29 17:01:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 16:03:14", "1790859", "lts.cloudvaly.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:12:55", "75", "False", "None", "ho0r1,Vidar", "0", "abuse_ch" "2026-04-14 16:03:10", "1790857", "https://lts.cloudvaly.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:12:55", "75", "False", "None", "ho0r1,Vidar", "0", "abuse_ch" "2026-04-14 14:11:23", "1790171", "dzodu.sparklingideas.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:20:18", "75", "False", "None", "odzdkzo,Vidar", "0", "abuse_ch" "2026-04-14 14:11:18", "1790170", "http://dzodu.sparklingideas.space", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:20:18", "75", "False", "None", "odzdkzo,Vidar", "0", "abuse_ch" "2026-04-14 14:10:11", "1790169", "http://kdije.weirdthings.site", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:17:26", "75", "False", "None", "okfueh,Vidar", "0", "abuse_ch" "2026-04-14 11:34:45", "1787396", "https://gustoantico.ch/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-29 15:31:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:32:51", "1787027", "https://cannabis-dna.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 12:15:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 09:47:57", "1786636", "https://thekiss.gr/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 07:31:04", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 09:46:43", "1786385", "https://swanriverschool.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 07:31:04", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 09:46:16", "1786292", "https://dainikkishoreganj.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 07:31:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 09:46:15", "1786290", "https://tools4teens.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 07:31:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 09:43:49", "1785832", "https://knowmat.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 07:31:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 09:43:22", "1785740", "https://lisanslab.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-30 07:31:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-13 07:47:21", "1785064", "pre.hifive.net.au", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:19:57", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-13 07:47:21", "1785065", "pre.sequareeus.online", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:37:38", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-13 07:47:21", "1785069", "fuz.supportify360.io", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:37:45", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-13 07:46:34", "1785049", "https://pre.hifive.net.au/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:19:57", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-12 06:34:43", "1784558", "47.104.248.7:8884", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:13", "100", "False", "", "Agentemis,BEACON,C2,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-11 07:06:51", "1783757", "etokrol.lol", "domain", "botnet_cc", "js.iclickfix", "None", "IClickFix", "2026-06-29 13:37:49", "100", "False", "", "clickfix", "1", "m_govcert_ch" "2026-04-11 07:06:31", "1783849", "https://cdn.mensualgeneratr.com/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-06-30 12:03:07", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-04-11 06:36:58", "1784155", "101.35.214.58:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:34", "100", "False", "None", "CobaltStrike,cs-watermark-305419896", "0", "abuse_ch" "2026-04-10 12:09:04", "1783801", "ldt.hifive.net.au", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:37:41", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-09 14:48:47", "1783375", "39.102.125.11:4435", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-07 07:46:06", "1782183", "gy4q.supportly.au", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-29 13:37:29", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-07 07:46:05", "1782182", "dzdi.serendipityhub.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:19:45", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-07 07:43:55", "1782152", "http://dzdi.serendipityhub.space/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:19:45", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-06 18:49:49", "1781907", "43.139.108.161:8192", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:09", "100", "False", "", "Agentemis,BEACON,C2,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-04 20:44:05", "1781225", "111.230.217.36:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:37", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-04 20:44:01", "1781224", "109.244.130.113:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-03 16:13:22", "1780720", "hor.kaitorinihon.jp", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:18:53", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-03 16:12:59", "1780716", "https://hor.kaitorinihon.jp/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:18:53", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-01 10:45:34", "1780037", "164.92.67.70:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:46", "50", "False", "https://www.shodan.io/host/164.92.67.70#443", "c2,havoc,shodan", "0", "juroots" "2026-03-28 14:56:18", "1777986", "47.122.47.221:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-27 21:24:29", "1777607", "pn2.skfilmsint.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:17:37", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-27 21:24:29", "1777609", "gre.syslicense.net", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:17:05", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-27 21:24:29", "1777611", "fefeo.iknowthat.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:17:59", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-27 21:24:17", "1777601", "https://pn2.skfilmsint.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:17:37", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-27 21:24:17", "1777603", "https://gre.syslicense.net/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:17:04", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-27 21:24:17", "1777605", "http://fefeo.iknowthat.space/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:17:59", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-27 12:01:30", "1777296", "185.242.3.83:2202", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:12", "100", "False", "https://search.censys.io/hosts/185.242.3.83", "AS60223,AsyncRAT,C2,censys,NETIFACE-AS,RAT", "0", "DonPasci" "2026-03-27 07:06:39", "1777088", "94.154.35.153:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:38:28", "90", "False", "https://clickfix.carsonww.com/domains/mayaktours.com", "C2,ClearFake,ClickFix,ErrTraffic", "0", "Lenny_3BO" "2026-03-27 07:06:39", "1777089", "178.16.52.101:443", "ip:port", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:39:39", "90", "False", "https://clickfix.carsonww.com/domains/attentiongetters.com", "C2,ClearFake,ClickFix,ErrTraffic,macOS", "0", "Lenny_3BO" "2026-03-27 00:00:31", "1777014", "49.234.199.152:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:19", "100", "False", "https://search.censys.io/hosts/49.234.199.152", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2026-03-26 14:59:36", "1776672", "158.94.209.95:80", "ip:port", "botnet_cc", "win.gcleaner", "None", "GCleaner", "2026-06-30 13:06:33", "100", "False", "None", "GCleaner,loader", "0", "Bitsight" "2026-03-24 12:01:13", "1774903", "37.72.172.58:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:30", "100", "False", "https://search.censys.io/hosts/37.72.172.58", "AS29802,AsyncRAT,C2,censys,HVC-AS,RAT", "0", "DonPasci" "2026-03-24 12:00:35", "1774898", "47.92.208.27:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:18", "100", "False", "https://search.censys.io/hosts/47.92.208.27", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-03-23 21:06:09", "1774595", "154.83.12.132:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-23 13:42:00", "1774355", "kdije.weirdthings.site", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:17:26", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-23 08:02:27", "1774216", "msi.swadeshcomputer.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:16:30", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-23 08:01:55", "1774200", "https://msi.swadeshcomputer.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:16:30", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-23 04:01:29", "1774089", "195.250.25.176:58101", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:22", "100", "False", "https://search.censys.io/hosts/195.250.25.176", "AdaptixC2,AS36454,C2,censys,WHG-DAL", "0", "DonPasci" "2026-03-22 18:02:20", "1773536", "156.239.252.191:448", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:53", "100", "False", "", "BEACON,C2,CobaltStrike,Shodan", "0", "whoamix302" "2026-03-22 12:01:29", "1773754", "138.226.236.52:13212", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:24", "100", "False", "https://search.censys.io/hosts/138.226.236.52", "AdaptixC2,AS205775,C2,censys,NEONCORENETWORKS", "0", "DonPasci" "2026-03-20 16:00:44", "1772653", "5.101.86.72:3305", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:52", "100", "False", "https://search.censys.io/hosts/5.101.86.72", "AS-GLOBALTELEHOST,AS62563,C2,censys,RAT,Remcos", "0", "DonPasci" "2026-03-20 16:00:21", "1772652", "101.35.95.103:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:34", "100", "False", "https://search.censys.io/hosts/101.35.95.103", "AS45090,C2,censys,CobaltStrike,cs-watermark-0,TENCENT-NET-AP", "0", "DonPasci" "2026-03-20 13:59:59", "1772372", "pr2.codetohaven.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:16:18", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-20 13:59:49", "1772370", "https://pr2.codetohaven.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:16:17", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-20 10:32:12", "1771988", "https://rpc-cloud.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-29 16:02:00", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-20 06:42:00", "1771875", "182.255.44.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:58", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-03-20 00:02:12", "1771791", "8.136.13.87:7001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:07", "100", "False", "https://search.censys.io/hosts/8.136.13.87", "AdaptixC2,ALIBABA-CN-NET,AS37963,C2,censys", "0", "DonPasci" "2026-03-19 20:02:51", "1771714", "45.136.13.247:43211", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:37", "100", "False", "https://search.censys.io/hosts/45.136.13.247", "AdaptixC2,AS139659,C2,censys,LUCID-AS-AP", "0", "DonPasci" "2026-03-19 13:11:25", "1771456", "dhzuadd.hellothere.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:16:52", "75", "False", "None", "drkfiz,Vidar", "0", "abuse_ch" "2026-03-19 13:11:20", "1771455", "https://dhzuadd.hellothere.sbs", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:16:52", "75", "False", "None", "drkfiz,Vidar", "0", "abuse_ch" "2026-03-18 04:00:18", "1769955", "43.138.39.212:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:09", "100", "False", "https://search.censys.io/hosts/43.138.39.212", "AS45090,C2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2026-03-17 04:01:23", "1769012", "88.218.60.191:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:15", "100", "False", "https://search.censys.io/hosts/88.218.60.191", "AdaptixC2,AS48282,C2,censys,VDSINA-AS", "0", "DonPasci" "2026-03-17 02:48:23", "1768984", "156.245.144.203:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-16 20:01:10", "1768644", "35.179.229.71:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:29", "100", "False", "https://search.censys.io/hosts/35.179.229.71", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2026-03-16 10:41:19", "1767951", "http://82.38.71.155/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-06-29 17:43:56", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-03-15 16:00:41", "1767077", "185.242.3.83:5505", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:12", "100", "False", "https://search.censys.io/hosts/185.242.3.83", "AS60223,AsyncRAT,C2,censys,NETIFACE-AS,RAT", "0", "DonPasci" "2026-03-15 14:49:59", "1767015", "156.245.144.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-15 14:49:59", "1767016", "156.245.144.203:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-15 06:51:25", "1766813", "119.29.117.194:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-29 10:46:27", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-03-15 04:01:14", "1766764", "202.191.67.71:50003", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:30", "100", "False", "https://search.censys.io/hosts/202.191.67.71", "AdaptixC2,AS131262,C2,censys,KELNET-AS-AP", "0", "DonPasci" "2026-03-14 17:20:42", "1766342", "sil-api-js.click", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:32:31", "85", "False", "https://www.sekoia.io/en/blog/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/", "clearfake,clickfix,errtraffic", "0", "Lenny_3BO" "2026-03-14 17:20:41", "1766343", "cdn-2faclov.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:39:08", "85", "False", "https://www.sekoia.io/en/blog/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/", "clearfake,clickfix,errtraffic", "0", "Lenny_3BO" "2026-03-14 17:20:41", "1766344", "winecdn.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-29 13:31:51", "85", "False", "https://www.sekoia.io/en/blog/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/", "clearfake,clickfix,errtraffic", "0", "Lenny_3BO" "2026-03-14 08:00:55", "1765787", "5.101.82.60:2509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:50", "100", "False", "https://search.censys.io/hosts/5.101.82.60", "AS-GLOBALTELEHOST,AS63023,C2,censys,RAT,Remcos", "0", "DonPasci" "2026-03-13 15:06:16", "1765444", "pan.paihost.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:15:36", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-13 15:05:58", "1765442", "https://pan.paihost.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:15:36", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-13 04:01:11", "1764276", "46.151.182.205:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:45", "100", "False", "https://search.censys.io/hosts/46.151.182.205", "AS205759,AsyncRAT,C2,censys,GHOSTYNETWORKS,RAT", "0", "DonPasci" "2026-03-11 16:01:48", "1763543", "159.138.31.252:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:41", "100", "False", "https://search.censys.io/hosts/159.138.31.252", "AS136907,C2,censys,HWCLOUDS-AS-AP,Mythic", "0", "DonPasci" "2026-03-11 07:03:38", "1763170", "60.247.206.23:7443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:19", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2026-03-10 16:00:58", "1762854", "85.206.168.238:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:46:13", "100", "False", "https://search.censys.io/hosts/85.206.168.238", "AS61272,C2,censys,IST-AS,RAT,Remcos", "0", "DonPasci" "2026-03-10 00:01:13", "1762492", "107.172.3.15:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:14", "100", "False", "https://search.censys.io/hosts/107.172.3.15", "AS-COLOCROSSING,AS36352,C2,censys,Mythic", "0", "DonPasci" "2026-03-09 09:29:37", "1762153", "ooe.myserver.com.bd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:15:25", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-09 09:29:17", "1762131", "https://ooe.myserver.com.bd/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:15:25", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-06 00:01:40", "1759331", "194.36.178.53:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:21", "100", "False", "https://search.censys.io/hosts/194.36.178.53", "AdaptixC2,AS200740,C2,censys,FIRST-SERVER-EU-AS", "0", "DonPasci" "2026-03-05 06:17:58", "1758456", "http://213.5.130.197", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:35", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:57", "1758457", "http://213.5.130.154", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:34", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:56", "1758458", "http://213.5.130.200", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:35", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:55", "1758459", "http://213.5.130.131", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:35", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:54", "1758460", "http://213.5.130.179", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:33", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:54", "1758461", "http://213.5.130.189", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:34", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-04 04:01:12", "1758006", "70.153.18.45:10002", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:05", "100", "False", "https://search.censys.io/hosts/70.153.18.45", "AS8075,censys,EvilGoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,panel,Phishing", "0", "DonPasci" "2026-03-02 09:31:49", "1756664", "ctl.it-bd.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:14:53", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-02 09:30:33", "1756622", "https://ctl.it-bd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:14:53", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-01 14:27:15", "1756333", "171.22.181.114:38990", "ip:port", "botnet_cc", "elf.pink", "None", "Pink", "2026-06-30 12:53:16", "100", "False", "None", "Pink", "0", "Bitsight" "2026-02-28 11:00:05", "1755728", "188.227.14.105:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:59", "100", "False", "https://search.censys.io/hosts/188.227.14.105", "AS35000,C2,censys", "0", "dyingbreeds_" "2026-02-25 20:02:24", "1754813", "47.120.20.86:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:14", "100", "False", "https://search.censys.io/hosts/47.120.20.86", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-02-25 19:01:08", "1754671", "115.190.250.28:5521", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:40", "100", "False", "https://search.censys.io/hosts/115.190.250.28", "AS137718,C2,censys", "0", "dyingbreeds_" "2026-02-25 09:05:20", "1754439", "185.72.8.121:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:13", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-02-25 09:05:18", "1754438", "185.72.8.121:1032", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:12", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-02-24 04:01:15", "1753925", "113.45.185.225:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:38", "100", "False", "https://search.censys.io/hosts/113.45.185.225", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2026-02-23 23:00:07", "1753846", "64.89.161.183:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:20", "100", "False", "https://search.censys.io/hosts/64.89.161.183", "AS205759,C2,censys,GHOSTYNETWORKS", "0", "dyingbreeds_" "2026-02-23 10:07:22", "1753479", "glo.gadgetwalabd.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:14:21", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-23 10:06:47", "1753432", "https://glo.gadgetwalabd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:14:20", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-21 08:01:40", "1751483", "45.116.104.104:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:36", "100", "False", "https://search.censys.io/hosts/45.116.104.104", "AS215481,C2,censys,FLEXYNODE-AS,Mythic", "0", "DonPasci" "2026-02-21 03:00:07", "1751453", "47.104.159.246:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:13", "100", "False", "https://search.censys.io/hosts/47.104.159.246", "AS37963,C2,censys", "0", "dyingbreeds_" "2026-02-20 11:00:06", "1751104", "107.172.217.220:12096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:36", "100", "False", "https://search.censys.io/hosts/107.172.217.220", "AS36352,C2,censys", "0", "dyingbreeds_" "2026-02-20 08:47:26", "1751083", "185.180.198.3:2025", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:08", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-02-20 08:47:26", "1751084", "185.180.198.3:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:08", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-02-20 08:46:17", "1751080", "163.181.208.79:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:45", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-02-20 07:09:34", "1751056", "81.68.89.216:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:24", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-02-16 09:05:30", "1749217", "111.228.4.54:4455", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:36", "50", "False", "https://www.shodan.io/host/111.228.4.54#4455", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2026-02-14 18:46:07", "1748314", "27.221.15.199:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:45:24", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-02-13 14:01:35", "1747540", "gor.emiraride.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:13:59", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-13 14:01:02", "1747538", "https://gor.emiraride.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:13:59", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-13 06:59:13", "1747121", "117.72.191.140:8028", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:42", "50", "False", "https://www.shodan.io/host/117.72.191.140#8028", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2026-02-12 16:01:27", "1746911", "175.192.75.105:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:43:54", "100", "False", "https://search.censys.io/hosts/175.192.75.105", "AS4766,C2,censys,KIXS-AS-KR,Netsupport,RAT", "0", "DonPasci" "2026-02-09 11:14:08", "1743719", "opa.dokantrack.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:13:38", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-09 11:13:23", "1743622", "https://opa.dokantrack.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:13:38", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-09 11:00:33", "1743594", "15.204.14.143:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:32", "100", "False", "https://search.censys.io/hosts/15.204.14.143", "AS16276,C2,censys,OVH", "0", "dyingbreeds_" "2026-02-08 16:00:16", "1743398", "192.3.233.166:59850", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:00", "100", "False", "https://search.censys.io/hosts/192.3.233.166", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-02-08 15:42:41", "1743395", "1.15.25.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:40", "1743391", "106.52.208.143:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:40", "1743392", "106.13.137.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:40", "1743393", "101.43.2.116:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:40", "1743394", "101.133.148.66:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:39", "1743388", "115.190.178.249:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:39", "1743389", "114.132.150.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:39", "1743390", "110.40.176.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:37", "1743386", "120.48.50.33:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:37", "1743387", "117.72.214.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:36", "1743381", "124.223.199.39:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:36", "1743382", "124.221.32.87:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:36", "1743383", "124.220.48.168:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:36", "1743384", "124.220.164.98:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:36", "1743385", "121.41.167.80:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:35", "1743378", "152.136.139.105:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:35", "1743379", "129.204.103.151:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:35", "1743380", "124.223.47.219:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:34", "1743374", "172.245.215.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:34", "1743375", "165.154.125.212:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:34", "1743376", "156.233.233.134:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:34", "1743377", "154.201.91.224:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:33", "1743370", "38.190.224.63:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:33", "1743371", "222.255.214.236:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:33", "1743372", "192.252.187.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:33", "1743373", "178.16.52.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:32", "1743365", "43.139.146.100:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:32", "1743366", "43.133.41.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:32", "1743367", "42.192.49.72:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:32", "1743368", "39.107.85.83:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:32", "1743369", "39.106.144.162:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:31", "1743363", "47.100.168.4:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:31", "1743364", "43.139.169.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:30", "1743362", "47.111.146.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:29", "1743358", "47.243.175.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:29", "1743359", "47.239.188.48:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:29", "1743360", "47.122.30.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:29", "1743361", "47.122.1.243:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:28", "1743356", "61.166.154.109:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:28", "1743357", "49.235.177.231:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:27", "1743353", "81.70.255.195:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:27", "1743354", "81.69.98.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:27", "1743355", "8.210.78.137:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:26", "1743351", "83.229.126.65:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:26", "1743352", "81.71.159.99:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:15", "1743349", "83.229.123.61:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:15", "1743350", "83.229.126.183:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:14", "1743348", "8.153.205.30:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:13", "1743347", "8.137.149.67:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:12", "1743344", "47.93.28.103:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:12", "1743345", "60.205.139.210:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:12", "1743346", "lcowpowerlite.italynorth.cloudapp.azure.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:11", "1743340", "47.109.198.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:11", "1743341", "47.120.70.161:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:11", "1743342", "47.121.137.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:11", "1743343", "47.121.29.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:10", "1743336", "45.115.236.152:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:10", "1743338", "47.107.136.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:10", "1743339", "47.109.145.121:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:09", "1743333", "192.140.176.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:09", "1743334", "36.140.162.173:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:09", "1743335", "39.105.165.37:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:08", "1743330", "152.32.251.78:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:08", "1743331", "154.201.74.112:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:08", "1743332", "179.43.186.214:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:07", "1743326", "139.196.41.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:07", "1743327", "139.224.16.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:07", "1743328", "14.103.175.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:07", "1743329", "150.187.25.242:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:06", "1743322", "120.48.168.57:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:06", "1743323", "121.40.18.128:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:06", "1743324", "122.51.93.94:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:06", "1743325", "134.122.140.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:05", "1743320", "117.72.102.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:05", "1743321", "117.72.242.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:04", "1743318", "113.44.67.52:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:04", "1743319", "115.190.161.178:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:03", "1743314", "106.38.201.95:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:03", "1743315", "106.75.162.108:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:03", "1743316", "106.75.215.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:03", "1743317", "106.75.224.31:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:02", "1743312", "106.12.219.245:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:02", "1743313", "106.13.29.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 11:00:25", "1743267", "15.204.14.143:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:33", "100", "False", "https://search.censys.io/hosts/15.204.14.143", "AS16276,C2,censys,OVH", "0", "dyingbreeds_" "2026-02-08 04:00:55", "1743209", "15.204.95.228:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:33", "100", "False", "https://search.censys.io/hosts/15.204.95.228", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci" "2026-02-07 03:00:18", "1742595", "174.138.86.141:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:54", "100", "False", "https://search.censys.io/hosts/174.138.86.141", "AS14061,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-05 13:01:59", "1741587", "57.158.27.132:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:57", "50", "False", "https://www.shodan.io/host/57.158.27.132#31337", "c2,shodan,sliver", "0", "juroots" "2026-02-05 11:00:23", "1741476", "94.74.0.253:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:20", "100", "False", "https://search.censys.io/hosts/94.74.0.253", "AS39636,ASN-AEMNET,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-05 06:34:37", "1741375", "37.72.172.58:6066", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:30", "75", "False", "", "AS29802,asyncrat,c2,fofa,RAT", "0", "oxygen28" "2026-02-04 11:00:54", "1741132", "172.174.234.34:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:49", "100", "False", "https://search.censys.io/hosts/172.174.234.34", "AS8075,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-04 00:02:27", "1740953", "188.166.244.201:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:14", "100", "False", "https://search.censys.io/hosts/188.166.244.201", "AdaptixC2,AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "DonPasci" "2026-01-31 00:05:33", "1739255", "98.85.71.175:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:22", "100", "False", "https://search.censys.io/hosts/98.85.71.175", "AMAZON-AES,AS14618,C2,censys,Mythic", "0", "DonPasci" "2026-01-30 18:54:11", "1739209", "47.115.193.52:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:45:48", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-30 16:05:29", "1739169", "167.99.208.145:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:48", "100", "False", "https://search.censys.io/hosts/167.99.208.145", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2026-01-30 16:04:48", "1739163", "107.150.105.91:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:08", "100", "False", "https://search.censys.io/hosts/107.150.105.91", "AS135377,C2,censys,CobaltStrike,cs-watermark-666666666,UCLOUD-HK-AS-AP", "0", "DonPasci" "2026-01-30 08:04:49", "1739009", "111.92.243.40:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:09", "100", "False", "https://search.censys.io/hosts/111.92.243.40", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-666666666", "0", "DonPasci" "2026-01-30 02:55:25", "1738921", "45.82.85.50:13063", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:45:44", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-01-30 00:06:02", "1738909", "68.64.178.201:54321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:05", "100", "False", "https://search.censys.io/hosts/68.64.178.201", "AdaptixC2,AS139659,C2,censys,LUCID-AS-AP", "0", "DonPasci" "2026-01-28 11:00:07", "1738481", "39.101.78.48:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:07", "100", "False", "https://search.censys.io/hosts/39.101.78.48", "AS37963,C2,censys", "0", "dyingbreeds_" "2026-01-26 23:00:09", "1737790", "47.120.46.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:18", "100", "False", "https://search.censys.io/hosts/47.120.46.230", "AS37963,C2,censys", "0", "dyingbreeds_" "2026-01-26 13:57:13", "1737664", "https://fluraresto.me/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 12:50:30", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-01-26 13:57:13", "1737665", "https://mastralakkot.live/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:00:58", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-01-26 08:05:39", "1737569", "27.223.85.234:58001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:24", "100", "False", "https://search.censys.io/hosts/27.223.85.234", "AdaptixC2,AS4837,C2,censys,CHINA169-BACKBONE", "0", "DonPasci" "2026-01-25 22:49:35", "1737455", "167.179.76.179:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-25 22:48:35", "1737454", "ns1.ns-apache.jo3.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-24 18:47:55", "1736696", "80.87.206.64:443", "ip:port", "botnet_cc", "win.rhysida", "None", "Rhysida", "2026-06-30 12:46:09", "75", "False", "None", "drb-ra,Rhysida", "0", "abuse_ch" "2026-01-24 18:47:55", "1736697", "80.87.206.64:80", "ip:port", "botnet_cc", "win.rhysida", "None", "Rhysida", "2026-06-30 12:46:09", "75", "False", "None", "drb-ra,Rhysida", "0", "abuse_ch" "2026-01-23 09:14:44", "1736055", "lat.sodstreams.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:13:26", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 09:14:26", "1736049", "https://lat.sodstreams.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:13:26", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-23 08:45:57", "1736034", "158.158.8.193:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-30 12:43:41", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-01-23 08:04:06", "1736014", "47.120.32.72:8075", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:14", "100", "False", "https://search.censys.io/hosts/47.120.32.72", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-01-22 12:04:28", "1735522", "176.31.71.168:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:43:54", "100", "False", "https://search.censys.io/hosts/176.31.71.168", "AS16276,C2,censys,OVH,Pupy,RAT", "0", "DonPasci" "2026-01-21 20:04:36", "1735342", "54.145.56.188:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:56", "100", "False", "https://search.censys.io/hosts/54.145.56.188", "AMAZON-AES,AS14618,C2,censys,Mythic", "0", "DonPasci" "2026-01-21 20:03:53", "1735337", "121.4.92.72:5000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:45", "100", "False", "https://search.censys.io/hosts/121.4.92.72", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2026-01-20 16:04:24", "1734893", "136.24.173.249:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:23", "100", "False", "https://search.censys.io/hosts/136.24.173.249", "AS19165,C2,censys,Mythic,WEBPASS", "0", "DonPasci" "2026-01-18 00:03:59", "1734081", "103.79.79.105:8444", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:43:11", "100", "False", "https://search.censys.io/hosts/103.79.79.105", "AS199959,C2,censys,CROWNCLOUD,Pupy,RAT", "0", "DonPasci" "2026-01-17 20:52:32", "1734053", "43.139.50.42:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:09", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-17 11:00:10", "1733763", "113.250.188.15:8078", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:38", "100", "False", "https://search.censys.io/hosts/113.250.188.15", "AS134420,C2,censys", "0", "dyingbreeds_" "2026-01-16 15:03:06", "1733589", "poc.sekershuk.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:12:01", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-16 15:02:50", "1733587", "https://poc.sekershuk.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:12:01", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-16 11:05:53", "1732736", "64.23.231.32:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:46:00", "50", "False", "https://www.shodan.io/host/64.23.231.32#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-16 11:03:46", "1732709", "117.72.178.246:4848", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:42", "50", "False", "https://www.shodan.io/host/117.72.178.246#4848", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2026-01-13 20:03:58", "1732012", "212.103.26.10:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:37", "100", "False", "https://search.censys.io/hosts/212.103.26.10", "AS15557,C2,censys,Havoc,LDCOMNET", "0", "DonPasci" "2026-01-13 20:03:34", "1732009", "47.84.83.56:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:49", "100", "False", "https://search.censys.io/hosts/47.84.83.56", "ALIBABA-CN-NET,AS45102,C2,censys,Sliver", "0", "DonPasci" "2026-01-13 08:52:00", "1731532", "54.38.94.225:8881", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:45:57", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-01-12 23:00:32", "1701407", "64.23.248.252:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:46:01", "100", "False", "https://search.censys.io/hosts/64.23.248.252", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2026-01-12 16:03:19", "1701312", "130.12.181.93:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:43:21", "100", "False", "https://search.censys.io/hosts/130.12.181.93", "AS36680,C2,censys,NETIFACELLC,RAT,Remcos", "0", "DonPasci" "2026-01-09 20:02:46", "1700191", "115.190.237.175:35555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:40", "100", "False", "https://search.censys.io/hosts/115.190.237.175", "AS137718,C2,censys,CobaltStrike,cs-watermark-666666666,VOLCANO-ENGINE", "0", "DonPasci" "2026-01-09 11:01:05", "1693493", "137.184.93.131:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:23", "100", "False", "https://search.censys.io/hosts/137.184.93.131", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "dyingbreeds_" "2026-01-08 23:00:12", "1693365", "117.72.178.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:11", "100", "False", "https://search.censys.io/hosts/117.72.178.246", "AS141679,C2,censys", "0", "dyingbreeds_" "2026-01-08 22:50:04", "1693357", "172.94.18.103:191", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:52", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2026-01-07 20:02:36", "1692743", "38.49.57.15:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:16", "100", "False", "https://search.censys.io/hosts/38.49.57.15", "AS8796,C2,censys,CobaltStrike,cs-watermark-666666666,FD-298-8796", "0", "DonPasci" "2026-01-06 08:02:23", "1691952", "115.190.233.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:10", "100", "False", "https://search.censys.io/hosts/115.190.233.79", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci" "2026-01-05 13:21:42", "1691605", "http://213.5.130.122", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:36", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:41", "1691603", "http://213.5.130.151", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:35", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:40", "1691604", "http://213.5.130.124", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:36", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:40", "1691606", "http://213.5.130.187", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:35", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 10:07:28", "1691547", "ptn.passadisco.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:11:49", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:50", "1691488", "https://ptn.passadisco.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:11:49", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-01 07:01:03", "1689290", "182.92.117.223:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 09:54:10", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-12-30 16:21:16", "1688739", "101.34.205.214:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:15", "1688738", "103.171.35.66:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:14", "1688737", "107.149.192.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:13", "1688734", "124.222.218.20:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:13", "1688735", "124.221.255.78:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:13", "1688736", "123.56.78.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:12", "1688732", "152.32.202.240:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:12", "1688733", "150.158.119.242:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:11", "1688730", "165.154.244.73:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:11", "1688731", "156.225.20.77:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:10", "1688729", "182.92.239.94:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:08", "1688726", "39.105.160.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:08", "1688727", "38.38.250.99:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:08", "1688728", "211.184.175.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:07", "1688725", "45.58.56.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:05", "1688723", "8.130.80.145:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:05", "1688724", "8.130.26.216:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:03", "1688721", "94.74.164.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:23", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:03", "1688722", "87.251.67.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:23", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:04:05", "1688694", "16.171.13.191:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:42", "100", "False", "https://search.censys.io/hosts/16.171.13.191", "AMAZON-02,AS16509,C2,censys,Covenant", "0", "DonPasci" "2025-12-28 20:01:34", "1687817", "118.89.88.183:56781", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:43", "100", "False", "https://search.censys.io/hosts/118.89.88.183", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-12-28 18:44:20", "1687807", "163.181.213.114:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:45", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-28 07:41:32", "1687327", "37.72.172.58:8088", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:30", "100", "False", "https://search.censys.io/hosts/37.72.172.58", "AS29802,C2,censys,HVC-AS,RAT", "0", "dyingbreeds_" "2025-12-27 16:02:33", "1687170", "37.72.172.58:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:31", "100", "False", "https://search.censys.io/hosts/37.72.172.58", "AS29802,AsyncRAT,C2,censys,HVC-AS,RAT", "0", "DonPasci" "2025-12-25 18:44:15", "1686405", "155.102.62.60:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:36", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-25 07:52:31", "1686010", "139.196.223.82:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:13", "100", "False", "https://search.censys.io/hosts/139.196.223.82", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-12-24 12:48:51", "1685856", "helpremote.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-23 22:45:05", "1685596", "172.94.18.103:190", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:52", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-12-23 20:01:06", "1685256", "115.190.160.206:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:10", "100", "False", "https://search.censys.io/hosts/115.190.160.206", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci" "2025-12-23 18:07:43", "1685210", "196.251.107.104:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:23", "100", "False", "https://tria.ge/251223-qezczazpcx", "AS9304,asyncrat,C2,rat,triage", "0", "DonPasci" "2025-12-23 18:07:42", "1685209", "196.251.107.104:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:23", "100", "False", "https://tria.ge/251223-qezczazpcx", "AS9304,asyncrat,C2,rat,triage", "0", "DonPasci" "2025-12-23 03:00:34", "1684938", "8.159.146.72:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-23 02:54:49", "1684936", "missmovie.lol", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-22 20:01:00", "1684826", "179.43.186.214:7889", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:57", "100", "False", "https://search.censys.io/hosts/179.43.186.214", "AS51852,C2,censys,CobaltStrike,cs-watermark-987654321,PLI-AS", "0", "DonPasci" "2025-12-22 18:02:02", "1684794", "45.133.180.162:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:45:37", "100", "False", "https://tria.ge/251222-d45vtstqc1", "AS9009,asyncrat,C2,rat,triage", "0", "DonPasci" "2025-12-22 00:01:20", "1684543", "64.190.113.161:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:46:00", "100", "False", "https://search.censys.io/hosts/64.190.113.161", "AS399629,BLNWX,C2,censys,Pupy,RAT", "0", "DonPasci" "2025-12-18 18:44:36", "1682522", "155.102.133.61:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:35", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-17 04:00:34", "1681218", "36.140.162.173:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:05", "100", "False", "https://search.censys.io/hosts/36.140.162.173", "AS9808,C2,censys,CHINAMOBILE-CN,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2025-12-16 02:49:55", "1680306", "43.161.245.186:79", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-12 02:50:28", "1676363", "67.219.102.244:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:20", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-11 02:49:26", "1674643", "159.75.75.5:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-09 18:49:53", "1673804", "47.246.29.99:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:45:48", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-08 14:58:40", "1670887", "20.157.116.151:8000", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:29", "100", "False", "https://search.censys.io/hosts/20.157.116.151", "AdaptixC2,AS8069,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-12-07 16:01:37", "1668967", "180.76.141.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:15", "100", "False", "https://search.censys.io/hosts/180.76.141.175", "AS38365,BAIDU,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-12-04 00:03:19", "1667182", "216.238.89.173:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:19", "100", "False", "https://search.censys.io/hosts/216.238.89.173", "AdaptixC2,AS-VULTR,AS20473,C2,censys", "0", "DonPasci" "2025-12-03 20:01:15", "1667105", "115.190.161.178:1234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:40", "100", "False", "https://search.censys.io/hosts/115.190.161.178", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci" "2025-12-03 12:31:15", "1666902", "122.114.10.199:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:19", "90", "False", "https://search.censys.io/hosts/122.114.10.199", "AS4837,C2,censys", "0", "dyingbreeds_" "2025-12-02 12:51:03", "1666137", "8.137.149.67:8091", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-01 14:57:52", "1665523", "http://213.5.130.104", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:34", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:52", "1665524", "http://213.5.130.180", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:34", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:50", "1665525", "http://213.5.130.106", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:34", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665526", "http://213.5.130.102", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:33", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665527", "http://213.5.130.152", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:34", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665528", "http://213.5.130.107", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:33", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665529", "http://213.5.130.153", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:34", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:48", "1665530", "http://213.5.130.100", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:33", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:48", "1665531", "http://213.5.130.182", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:36", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:47", "1665532", "http://213.5.130.181", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:35", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 12:36:20", "1665454", "122.114.10.199:8001", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:19", "90", "False", "https://search.censys.io/hosts/122.114.10.199", "AS4837,C2,censys", "0", "dyingbreeds_" "2025-12-01 06:57:39", "1665331", "47.84.83.56:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:48", "50", "False", "https://www.shodan.io/host/47.84.83.56#31337", "c2,shodan,sliver", "0", "juroots" "2025-11-30 20:01:55", "1663611", "103.110.65.166:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:08", "100", "False", "https://search.censys.io/hosts/103.110.65.166", "AS26383,ASNET,C2,censys,Sliver", "0", "DonPasci" "2025-11-29 20:00:50", "1663223", "106.13.29.104:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:35", "100", "False", "https://search.censys.io/hosts/106.13.29.104", "AS38365,BAIDU,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-11-29 12:00:52", "1663012", "47.236.56.15:4445", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:16", "100", "False", "https://search.censys.io/hosts/47.236.56.15", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-0", "0", "DonPasci" "2025-11-29 04:01:42", "1660878", "43.162.121.116:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:36", "100", "False", "https://search.censys.io/hosts/43.162.121.116", "AS132203,censys,EvilGinx,panel,Phishing,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-11-28 04:01:01", "1651951", "5.101.82.51:9999", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:50", "100", "False", "https://search.censys.io/hosts/5.101.82.51", "AS-GLOBALTELEHOST,AS63023,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-11-26 12:50:54", "1650889", "job.itechno.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-25 10:49:55", "1650040", "156.245.248.173:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-25 06:01:37", "1649775", "http://213.5.130.84", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:35", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:36", "1649776", "http://213.5.130.96", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:33", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:36", "1649777", "http://213.5.130.98", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:35", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:35", "1649778", "http://213.5.130.160", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:35", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-23 08:00:29", "1649164", "5.101.86.44:61288", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:52", "100", "False", "https://search.censys.io/hosts/5.101.86.44", "AS-GLOBALTELEHOST,AS62563,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-11-21 06:30:46", "1647446", "193.233.245.114:38990", "ip:port", "botnet_cc", "elf.pink", "None", "Pink", "2026-06-29 23:17:28", "100", "False", "None", "Pink", "0", "Bitsight" "2025-11-21 00:02:05", "1647575", "123.58.64.57:34567", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:46", "100", "False", "https://search.censys.io/hosts/123.58.64.57", "AS17623,C2,censys,CNCGROUP-SZ,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-11-19 23:00:16", "1646839", "43.156.63.124:64494", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 09:54:04", "100", "False", "https://search.censys.io/hosts/43.156.63.124", "AS132203,C2,censys", "0", "dyingbreeds_" "2025-11-17 23:00:18", "1645785", "47.236.149.142:46832", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:16", "100", "False", "https://search.censys.io/hosts/47.236.149.142", "AS45102,C2,censys", "0", "dyingbreeds_" "2025-11-17 12:04:03", "1645505", "194.233.73.173:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:44:21", "100", "False", "https://search.censys.io/hosts/194.233.73.173", "AdaptixC2,AS141995,C2,CAPL-AS-AP,censys", "0", "DonPasci" "2025-11-15 08:48:18", "1641582", "62.4.0.66:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:59", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2025-11-13 04:54:17", "1639703", "62.60.226.183:483", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-06-30 12:28:04", "100", "False", "None", "c2,Tofsee", "0", "Bitsight" "2025-11-12 04:02:31", "1638854", "54.165.230.182:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:56", "100", "False", "https://search.censys.io/hosts/54.165.230.182", "AMAZON-AES,AS14618,C2,censys,Covenant", "0", "DonPasci" "2025-11-10 18:47:41", "1638274", "38.242.212.5:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:32", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2025-11-10 16:02:55", "1638236", "154.205.145.109:2096", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:34", "100", "False", "https://search.censys.io/hosts/154.205.145.109", "AS138915,C2,censys,Havoc,KAOPU-HK", "0", "DonPasci" "2025-11-09 08:02:17", "1637255", "62.60.226.65:43155", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:59", "100", "False", "https://search.censys.io/hosts/62.60.226.65", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci" "2025-11-07 23:00:12", "1636099", "111.228.55.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:09", "100", "False", "https://search.censys.io/hosts/111.228.55.96", "AS141679,C2,censys", "0", "dyingbreeds_" "2025-11-07 18:48:21", "1636044", "193.143.1.216:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:44:18", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2025-11-07 02:49:37", "1634744", "165.154.225.239:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-06 07:26:25", "1634389", "139.196.111.118:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:48", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-11-05 07:54:55", "1633705", "8.155.161.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:22", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-11-04 20:01:04", "1633501", "59.110.28.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:19", "100", "False", "https://search.censys.io/hosts/59.110.28.230", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-11-04 08:00:54", "1633194", "51.15.8.6:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:55", "100", "False", "https://search.censys.io/hosts/51.15.8.6", "AS12876,C2,censys,Online,Sliver", "0", "DonPasci" "2025-11-04 02:49:22", "1633063", "192.253.227.88:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-04 02:49:14", "1633061", "167.88.168.76:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-03 20:00:26", "1632776", "83.229.126.183:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:25", "100", "False", "https://search.censys.io/hosts/83.229.126.183", "AS139659,C2,censys,CobaltStrike,cs-watermark-987654321,LUCID-AS-AP", "0", "DonPasci" "2025-11-03 12:08:57", "1631753", "117.72.175.125:443", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "2026-06-30 13:00:45", "100", "False", "https://www.nviso.eu/blog", "C2,NVISO,VShell", "0", "0xThiebaut" "2025-11-03 09:03:04", "1631367", "117.72.242.9:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:42", "100", "False", "https://search.censys.io/hosts/117.72.242.9", "AS141679,C2,censys", "0", "dyingbreeds_" "2025-11-03 07:01:12", "1631471", "119.42.148.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:31", "50", "False", "https://www.shodan.io/host/119.42.148.186#443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-11-01 12:33:11", "1630767", "159.223.0.103:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:42", "50", "False", "https://www.shodan.io/host/159.223.0.103#31337", "c2,shodan,sliver", "0", "juroots" "2025-11-01 12:31:38", "1630704", "117.72.175.125:8087", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:41", "50", "False", "https://www.shodan.io/host/117.72.175.125#8087", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2025-10-31 16:01:24", "1630391", "85.215.57.133:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:46:14", "100", "False", "https://search.censys.io/hosts/85.215.57.133", "AdaptixC2,AS8560,C2,censys,IONOS-AS", "0", "DonPasci" "2025-10-30 04:00:42", "1629384", "103.149.93.146:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:33", "100", "False", "https://search.censys.io/hosts/103.149.93.146", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-666666666", "0", "DonPasci" "2025-10-29 09:23:45", "1628814", "179.43.186.214:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:57", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-10-29 02:49:59", "1628691", "8.17.56.128:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-28 12:28:01", "1628076", "8.137.149.67:8060", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:22", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-10-28 04:00:27", "1627925", "182.254.155.23:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:29", "100", "False", "https://search.censys.io/hosts/182.254.155.23", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-10-28 02:49:21", "1627719", "182.16.98.83:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-27 20:50:01", "1627659", "182.16.98.84:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-26 07:39:14", "1626705", "196.251.83.89:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:28", "100", "False", "https://search.censys.io/hosts/196.251.83.89", "AS401120,C2,censys,CHEAPY-HOST", "0", "dyingbreeds_" "2025-10-25 04:02:07", "1626312", "173.212.216.226:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:43:53", "100", "False", "https://search.censys.io/hosts/173.212.216.226", "AS51167,censys,Chaos,CONTABO,panel", "0", "DonPasci" "2025-10-25 04:00:11", "1626300", "47.121.135.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:25", "100", "False", "https://search.censys.io/hosts/47.121.135.201", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-10-24 16:00:08", "1626112", "140.143.194.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:42", "100", "False", "https://search.censys.io/hosts/140.143.194.253", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-10-23 16:48:58", "1625642", "maelootp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-23 12:50:22", "1625564", "evil.ritademo.io.vn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-23 08:02:52", "1625393", "40.66.42.246:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:33", "100", "False", "https://search.censys.io/hosts/40.66.42.246", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-10-22 22:00:43", "1625174", "40.66.42.246:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:33", "100", "False", "https://search.censys.io/hosts/40.66.42.246", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "dyingbreeds_" "2025-10-22 18:45:52", "1625107", "185.72.8.137:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:13", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-10-22 18:45:52", "1625108", "185.72.8.137:7882", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:13", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-10-22 15:43:44", "1624905", "116.62.226.163:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:45", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear" "2025-10-22 08:02:02", "1624664", "115.190.140.220:1443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:39", "100", "False", "https://search.censys.io/hosts/115.190.140.220", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci" "2025-10-21 20:01:59", "1624300", "47.110.67.64:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:38", "100", "False", "https://search.censys.io/hosts/47.110.67.64", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-10-21 13:19:24", "1624166", "http://213.5.130.75", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:35", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:23", "1624167", "http://213.5.130.10", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:33", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:22", "1624170", "http://213.5.130.89", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 06:01:34", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 02:49:37", "1618876", "www.salesf0rce.club", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-18 12:49:25", "1617577", "143.92.43.246:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-17 12:02:17", "1617285", "5.152.16.189:8443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:45:53", "100", "False", "https://search.censys.io/hosts/5.152.16.189", "AS35805,C2,censys,Netsupport,RAT,SILKNET-AS", "0", "DonPasci" "2025-10-17 08:02:43", "1617002", "3.143.55.137:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:24", "100", "False", "https://search.censys.io/hosts/3.143.55.137", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2025-10-16 22:50:54", "1616729", "47.129.2.130:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-16 22:49:04", "1616728", "ns1.gygiuh.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-14 20:02:48", "1615761", "89.58.30.49:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:17", "100", "False", "https://search.censys.io/hosts/89.58.30.49", "AS197540,C2,censys,Covenant,NETCUP-AS", "0", "DonPasci" "2025-10-14 08:01:33", "1614712", "5.101.82.60:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:50", "100", "False", "https://search.censys.io/hosts/5.101.82.60", "AS-GLOBALTELEHOST,AS63023,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-10-07 02:49:11", "1608605", "143.92.43.153:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-07 02:49:11", "1608606", "143.92.43.231:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-30 00:02:15", "1604499", "149.50.135.215:49152", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:32", "100", "False", "https://search.censys.io/hosts/149.50.135.215", "AdaptixC2,AS27823,C2,censys,Dattatec.com", "0", "DonPasci" "2025-09-28 15:48:32", "1603281", "154.92.15.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:30", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear" "2025-09-27 16:02:13", "1602818", "84.27.86.226:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:46:12", "100", "False", "https://search.censys.io/hosts/84.27.86.226", "AS33915,C2,censys,Netsupport,RAT,TNF-AS", "0", "DonPasci" "2025-09-25 20:00:39", "1601556", "115.120.245.134:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:10", "100", "False", "https://search.censys.io/hosts/115.120.245.134", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-09-25 12:51:01", "1601359", "196.251.69.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-24 20:00:10", "1599651", "47.113.186.138:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:37", "100", "False", "https://search.censys.io/hosts/47.113.186.138", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-24 08:02:13", "1599442", "43.162.114.240:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:36", "100", "False", "https://search.censys.io/hosts/43.162.114.240", "AS132203,censys,EvilGinx,panel,Phishing,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-09-23 06:06:58", "1598336", "43.139.170.200:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:09", "100", "False", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2025-09-23 04:00:59", "1598300", "43.162.114.107:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:36", "100", "False", "https://search.censys.io/hosts/43.162.114.107", "AS132203,censys,EvilGinx,Phishing", "0", "dyingbreeds_" "2025-09-22 14:51:05", "1598102", "159.75.211.248:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-22 14:49:30", "1598100", "cstest.mucfc.store", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-22 08:49:38", "1597898", "ns2.cryptwechat.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-22 08:49:35", "1597894", "ns1.cryptwechat.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-21 16:01:22", "1596535", "43.162.108.133:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:35", "100", "False", "https://search.censys.io/hosts/43.162.108.133", "AS132203,censys,EvilGinx,panel,Phishing,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-09-15 20:01:53", "1590702", "61.155.145.182:8090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:19", "100", "False", "https://search.censys.io/hosts/61.155.145.182", "AS140292,C2,censys,CHINATELECOM-JIANGSU-SUZHOU-5G-NETWORK,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-13 04:01:58", "1589068", "18.167.174.198:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:43:57", "100", "False", "https://search.censys.io/hosts/18.167.174.198", "AMAZON-02,AS16509,C2,censys,Pupy,RAT", "0", "DonPasci" "2025-09-11 20:01:36", "1588133", "195.178.110.135:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:28", "100", "False", "https://search.censys.io/hosts/195.178.110.135", "AS48090,C2,censys,CobaltStrike,cs-watermark-426352781,DMZHOST", "0", "DonPasci" "2025-09-11 20:01:30", "1588128", "150.158.170.241:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:30", "100", "False", "https://search.censys.io/hosts/150.158.170.241", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-09-11 06:43:14", "1587773", "106.12.111.209:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:33", "100", "False", "None", "CobaltStrike,cs-watermark-1234567890", "0", "abuse_ch" "2025-09-10 20:01:24", "1587441", "101.32.109.112:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:34", "100", "False", "https://search.censys.io/hosts/101.32.109.112", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-09-10 16:02:07", "1587229", "142.93.86.246:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:27", "100", "False", "https://search.censys.io/hosts/142.93.86.246", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-09-06 20:01:18", "1582910", "8.138.222.215:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:24", "100", "False", "https://search.censys.io/hosts/8.138.222.215", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-09-06 12:01:48", "1582784", "103.236.70.158:8000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-30 12:43:10", "100", "False", "https://search.censys.io/hosts/103.236.70.158", "AS134768,C2,censys,CHINANET-SHAANXI-CLOUD-BASE,DcRAT,RAT", "0", "DonPasci" "2025-09-04 07:40:17", "1581557", "8.148.194.157:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:24", "50", "False", "https://www.shodan.io/host/8.148.194.157#443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-09-02 18:52:55", "1580723", "47.236.159.248:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:16", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 18:50:45", "1580721", "ns2.microoosoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 18:50:42", "1580720", "ns1.microoosoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 05:43:42", "1580257", "47.121.137.8:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:15", "50", "False", "https://www.shodan.io/host/47.121.137.8#80", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-09-02 04:01:38", "1580237", "47.99.196.178:7001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:45:49", "100", "False", "https://search.censys.io/hosts/47.99.196.178", "AdaptixC2,ALIBABA-CN-NET,AS37963,C2,censys", "0", "DonPasci" "2025-08-31 20:50:07", "1578899", "103.73.66.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-29 22:50:45", "1577783", "43.199.78.142:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-29 22:49:03", "1577775", "n1.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-29 22:49:03", "1577776", "n2.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-29 22:49:03", "1577777", "n3.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-29 22:49:01", "1577774", "lab.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-25 16:50:36", "1574437", "183.63.173.29:8008", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-29 10:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-25 08:14:17", "1574099", "89.216.98.17:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:46:16", "50", "False", "https://www.shodan.io/host/89.216.98.17#3085", "c2,netsupport,shodan", "0", "juroots" "2025-08-25 00:00:27", "1573705", "43.163.112.217:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:26", "100", "False", "https://search.censys.io/hosts/43.163.112.217", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-08-23 18:00:42", "1573120", "62.60.226.133:61287", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:59", "100", "False", "https://tria.ge/250823-wglgsaxsdv", "AS214351,C2,rat,remcos,triage", "0", "DonPasci" "2025-08-20 08:02:12", "1571607", "178.16.55.53:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:41", "100", "False", "https://search.censys.io/hosts/178.16.55.53", "C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-08-18 20:01:59", "1570775", "116.203.31.207:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:40", "100", "False", "https://search.censys.io/hosts/116.203.31.207", "AS24940,C2,censys,CobaltStrike,cs-watermark-987654321,HETZNER-AS", "0", "DonPasci" "2025-08-17 20:01:54", "1570558", "150.187.25.242:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:50", "100", "False", "https://search.censys.io/hosts/150.187.25.242", "AS20312,C2,censys,CobaltStrike,cs-watermark-987654321,Fundacion", "0", "DonPasci" "2025-08-16 15:22:26", "1569825", "8.138.167.123:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:24", "50", "False", "https://www.shodan.io/host/8.138.167.123#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-16 08:01:47", "1569780", "119.29.231.118:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:32", "100", "False", "https://search.censys.io/hosts/119.29.231.118", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-08-15 21:57:45", "1569167", "116.198.233.179:6666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:40", "50", "False", "https://www.shodan.io/host/116.198.233.179#6666", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-08-15 12:49:06", "1569004", "8ve3qsgxk7rs6.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-15 06:21:34", "1568713", "117.72.184.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:45", "100", "False", "https://search.censys.io/hosts/117.72.184.172", "AS141679,C2,censys", "0", "dyingbreeds_" "2025-08-13 16:01:30", "1568192", "115.190.138.41:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:39", "100", "False", "https://search.censys.io/hosts/115.190.138.41", "AS137718,C2,censys,CobaltStrike,cs-watermark-391144938,VOLCANO-ENGINE", "0", "DonPasci" "2025-08-12 20:01:25", "1567756", "116.198.233.179:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:45", "100", "False", "https://search.censys.io/hosts/116.198.233.179", "AS137699,C2,censys,CHINATELECOM-JIANGSU-SUQIAN-IDC,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-12 12:01:59", "1567668", "62.117.98.115:8001", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:58", "100", "False", "https://search.censys.io/hosts/62.117.98.115", "AS8732,C2,censys,COMCOR-AS,Mythic", "0", "DonPasci" "2025-08-12 10:50:19", "1567648", "107.174.115.43:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-12 06:35:23", "1567604", "68.64.176.172:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:20", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-08-11 08:01:15", "1567234", "45.204.216.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:26", "100", "False", "https://search.censys.io/hosts/45.204.216.24", "AS62468,C2,censys,CobaltStrike,cs-watermark-987654321,HKCLOUDX", "0", "DonPasci" "2025-08-06 12:54:26", "1565164", "8.219.76.168:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-05 08:53:36", "1564496", "47.105.36.109:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-04 20:45:44", "1564345", "185.233.166.124:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:11", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-08-04 20:45:44", "1564346", "185.233.166.124:9702", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:11", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-08-01 20:01:06", "1563211", "89.197.168.150:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:16", "100", "False", "https://search.censys.io/hosts/89.197.168.150", "AS47474,C2,censys,Mythic,VIRTUAL1", "0", "DonPasci" "2025-07-27 16:00:55", "1561181", "117.72.181.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:32", "100", "False", "https://search.censys.io/hosts/117.72.181.104", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-666666", "0", "DonPasci" "2025-07-25 10:51:18", "1560617", "47.236.130.154:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:16", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-23 16:00:37", "1559822", "47.122.152.65:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:15", "100", "False", "https://search.censys.io/hosts/47.122.152.65", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-07-19 12:49:30", "1558329", "103.125.248.109:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-19 00:01:30", "1558180", "104.167.16.88:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-30 12:43:11", "100", "False", "https://search.censys.io/hosts/104.167.16.88", "AdaptixC2,AS16276,C2,censys,OVH", "0", "DonPasci" "2025-07-18 12:51:20", "1558066", "193.112.84.248:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-18 08:01:12", "1558027", "206.189.227.148:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:32", "100", "False", "https://search.censys.io/hosts/206.189.227.148", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-07-16 22:49:04", "1557619", "ns3.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-16 22:49:03", "1557618", "ns2.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-16 22:49:02", "1557617", "ns1.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-12 00:01:36", "1556099", "51.81.171.234:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:56", "100", "False", "https://search.censys.io/hosts/51.81.171.234", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci" "2025-07-11 12:05:09", "1555914", "38.207.178.172:8002", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:45:32", "100", "False", "None", "AS139659,chaos,LUCIDACLOUD LIMITED", "0", "antiphishorg" "2025-07-08 20:56:28", "1554642", "88.129.151.109:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:46:15", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-07 20:54:20", "1554340", "88.129.147.201:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:46:15", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-06 20:00:32", "1554064", "8.152.99.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:23", "100", "False", "https://search.censys.io/hosts/8.152.99.85", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-03 20:00:15", "1553070", "112.125.19.107:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:37", "100", "False", "https://search.censys.io/hosts/112.125.19.107", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2025-06-30 05:36:40", "1551457", "217.154.212.25:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:04", "50", "False", "https://www.shodan.io/host/217.154.212.25#8000", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-28 10:54:22", "1550784", "116.205.143.204:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-28 10:53:12", "1550783", "dns1.globalcdn.autos", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-28 08:51:18", "1550284", "54.38.94.225:8886", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:45:57", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-06-27 07:00:53", "1549925", "67.205.141.81:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:04", "50", "False", "https://www.shodan.io/host/67.205.141.81#7443", "c2,mythic,shodan", "0", "juroots" "2025-06-25 04:00:19", "1549030", "156.227.233.153:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:30", "100", "False", "https://search.censys.io/hosts/156.227.233.153", "AS138152,C2,censys", "0", "dyingbreeds_" "2025-06-21 18:56:08", "1548335", "107.173.122.193:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-21 18:55:13", "1548333", "ns3.admlistdel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-21 18:55:10", "1548330", "ns2.admlistdel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 06:01:32", "1547925", "82.156.156.160:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:23", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-06-18 08:02:37", "1546246", "191.93.118.254:9000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:16", "75", "False", "https://bazaar.abuse.ch/sample/9265a6e0b26a240f1f8bffddf3b36d0e533919d0c894bd66839a90e351961464/", "AsyncRAT,RAT", "0", "abuse_ch" "2025-06-18 07:58:54", "1546232", "191.93.118.254:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:44:15", "75", "False", "https://bazaar.abuse.ch/sample/6ecbf71d231e9b9e7459b97c97d94aed467481b5b4f22af288bbaea5945c1af4/", "AsyncRAT,RAT", "0", "abuse_ch" "2025-06-17 03:12:25", "1545615", "8.147.128.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-16 23:10:50", "1545597", "47.107.136.106:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-16 12:01:46", "1545348", "8.137.149.67:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:21", "100", "False", "https://search.censys.io/hosts/8.137.149.67", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-16 08:01:46", "1545221", "107.173.122.193:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:36", "100", "False", "https://search.censys.io/hosts/107.173.122.193", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-06-13 20:01:30", "1544612", "47.109.48.57:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:26", "100", "False", "https://search.censys.io/hosts/47.109.48.57", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-12 08:56:19", "1544039", "39.104.78.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:27", "100", "False", "https://search.censys.io/hosts/39.104.78.25", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-06-10 16:01:13", "1543390", "8.155.0.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:23", "100", "False", "https://search.censys.io/hosts/8.155.0.238", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-08 20:45:49", "1542784", "162.248.224.223:7882", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:43", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-06-08 20:45:48", "1542783", "162.248.224.223:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:43", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-06-08 20:01:01", "1542759", "119.45.29.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:44", "100", "False", "https://search.censys.io/hosts/119.45.29.172", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-06-06 20:01:59", "1542057", "172.81.131.230:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:51", "100", "False", "https://search.censys.io/hosts/172.81.131.230", "AS27176,C2,censys,DATAWAGON,Mythic", "0", "DonPasci" "2025-06-06 16:01:21", "1541666", "3.19.238.211:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:45:25", "100", "False", "https://search.censys.io/hosts/3.19.238.211", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci" "2025-06-06 16:00:50", "1541652", "68.64.176.42:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:25", "100", "False", "https://search.censys.io/hosts/68.64.176.42", "AS139659,C2,censys,CobaltStrike,cs-watermark-391144938,LUCID-AS-AP", "0", "DonPasci" "2025-06-06 02:53:59", "1541446", "ns1.admlistdel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-02 12:01:04", "1538881", "193.239.85.15:2083", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:19", "100", "False", "https://search.censys.io/hosts/193.239.85.15", "AS9009,C2,censys,Havoc,M247", "0", "DonPasci" "2025-06-02 05:47:28", "1538799", "47.109.198.8:6000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:14", "50", "False", "https://www.shodan.io/host/47.109.198.8#6000", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-01 08:52:56", "1538358", "54.38.94.225:8885", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:45:57", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-05-31 07:45:39", "1537676", "101.43.91.156:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:47", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic" "2025-05-31 07:45:38", "1537678", "59.110.7.32:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:36", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic" "2025-05-30 08:53:21", "1536850", "99.112.198.249:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:46:23", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-05-30 08:00:11", "1536831", "129.28.85.210:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:31", "100", "False", "https://search.censys.io/hosts/129.28.85.210", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-05-30 02:55:17", "1536730", "111.229.4.108:2096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:37", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-29 22:26:34", "1536683", "161.35.176.231:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:43", "100", "False", "https://search.censys.io/hosts/161.35.176.231", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-05-24 20:01:31", "1533613", "221.132.29.137:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:21", "100", "False", "https://search.censys.io/hosts/221.132.29.137", "AS45899,C2,censys,Mythic,VNPT-AS-VN", "0", "DonPasci" "2025-05-24 11:13:44", "1533071", "1.15.174.189:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:34", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic" "2025-05-23 05:34:51", "1532332", "8.140.239.162:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:35", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic" "2025-05-22 20:01:48", "1532306", "178.217.98.23:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-30 12:43:56", "100", "False", "https://search.censys.io/hosts/178.217.98.23", "AS48282,censys,Chaos,panel,VDSINA-AS", "0", "DonPasci" "2025-05-21 16:00:35", "1531654", "122.10.49.137:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:45", "100", "False", "https://search.censys.io/hosts/122.10.49.137", "AS134548,C2,censys,CobaltStrike,cs-watermark-1234567890,DXTL-HK", "0", "DonPasci" "2025-05-21 08:00:35", "1527752", "117.72.206.39:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:44", "100", "False", "https://search.censys.io/hosts/117.72.206.39", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-05-21 00:00:32", "1527457", "122.10.25.26:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:45", "100", "False", "https://search.censys.io/hosts/122.10.25.26", "AS134548,C2,censys,CobaltStrike,cs-watermark-1234567890,DXTL-HK", "0", "DonPasci" "2025-05-20 06:37:42", "1526357", "106.54.61.188:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:32", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-05-18 15:34:22", "1525250", "124.223.114.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:31", "100", "False", "https://intelinsights.substack.com/p/from-939-to-85-hunting-cobalt-strike", "censys,cobaltstrike", "0", "orlof_v" "2025-05-17 14:42:08", "1524773", "167.99.51.2:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:48", "50", "False", "https://www.shodan.io/host/167.99.51.2#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-17 08:00:32", "1524641", "167.99.51.2:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:48", "100", "False", "https://search.censys.io/hosts/167.99.51.2", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-05-17 06:26:23", "1524319", "101.35.109.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:33", "50", "False", "https://www.shodan.io/host/101.35.109.246#443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-05-15 21:14:57", "1523466", "103.171.35.26:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:33", "75", "False", "https://x.com/abodovic1", "c2,censys,cobalt_strike", "0", "Abodovic" "2025-05-15 21:14:47", "1523462", "60.204.169.16:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:35", "75", "False", "https://x.com/abodovic1", "c2,censys,cobalt_strike", "0", "Abodovic" "2025-05-15 21:13:56", "1523434", "179.43.186.223:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:29", "75", "False", "https://x.com/abodovic1", "c2,censys,cobalt_strike", "0", "Abodovic" "2025-05-15 05:25:01", "1523246", "8.134.70.73:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 09:54:11", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-05-13 14:08:42", "1521639", "8.134.70.73:88", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:21", "100", "False", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-12 20:58:42", "1520343", "38.54.112.234:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-12 20:55:40", "1520342", "asusupdateserver.asuscomm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-11 06:11:06", "1519438", "47.109.190.151:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:48", "100", "False", "https://search.censys.io/hosts/47.109.190.151", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-05-11 05:00:17", "1519450", "https://topguningit.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:01:26", "100", "False", "", "None", "0", "Rony" "2025-05-09 05:36:03", "1518529", "47.108.140.10:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:47", "100", "False", "https://search.censys.io/hosts/47.108.140.10", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-05-07 13:00:19", "1518023", "106.52.207.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-29 08:53:29", "1513590", "54.38.94.225:8882", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:45:57", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-04-29 08:43:42", "1513585", "107.143.144.154:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:13", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-25 08:10:27", "1511186", "23.254.215.118:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:23", "50", "False", "https://www.shodan.io/host/23.254.215.118#443", "c2,havoc,shodan", "0", "juroots" "2025-04-22 12:21:47", "1509966", "167.71.13.103:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:47", "50", "False", "https://www.shodan.io/host/167.71.13.103#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-16 16:01:35", "1492480", "113.45.253.80:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:38", "100", "False", "https://search.censys.io/hosts/113.45.253.80", "AS55990,C2,censys,CobaltStrike,cs-watermark-666666666,HWCSNET", "0", "DonPasci" "2025-04-15 16:02:30", "1492012", "47.83.134.97:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:48", "100", "False", "https://search.censys.io/hosts/47.83.134.97", "ALIBABA-CN-NET,AS45102,C2,censys,Havoc", "0", "DonPasci" "2025-04-15 04:01:37", "1491748", "193.142.146.70:56004", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:18", "100", "False", "https://search.censys.io/hosts/193.142.146.70", "AS213438,C2,censys,COLOCATEL-INC,RAT,Remcos", "0", "DonPasci" "2025-04-10 05:55:49", "1486437", "167.71.13.103:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:47", "90", "False", "https://search.censys.io/hosts/167.71.13.103", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2025-04-05 05:50:38", "1484905", "3.132.75.97:55520", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-30 00:29:39", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight" "2025-04-02 10:08:14", "1463173", "38.46.218.36:9999", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-30 12:41:08", "100", "False", "None", "Vo1d", "0", "Bitsight" "2025-04-02 10:08:13", "1463174", "38.46.218.38:9999", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-30 12:10:06", "100", "False", "None", "Vo1d", "0", "Bitsight" "2025-04-02 10:08:12", "1463176", "38.46.218.39:9999", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-30 10:09:00", "100", "False", "None", "Vo1d", "0", "Bitsight" "2025-04-02 08:01:26", "1463152", "200.107.126.227:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:29", "100", "False", "https://search.censys.io/hosts/200.107.126.227", "AS14754,C2,censys,Netsupport,RAT,TELECOMUNICACIONES", "0", "DonPasci" "2025-04-01 10:24:30", "1462468", "43.143.229.126:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:27", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-03-28 04:00:35", "1459722", "193.142.146.70:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:44:18", "100", "False", "https://search.censys.io/hosts/193.142.146.70", "AS213438,C2,censys,COLOCATEL-INC,RAT,Remcos", "0", "DonPasci" "2025-03-25 22:53:24", "1458716", "ehchq7m7rpvdr.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-24 06:29:33", "1457513", "103.142.147.17:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:09", "100", "False", "https://search.censys.io/hosts/103.142.147.17", "AS135581,censys,Viper", "0", "dyingbreeds_" "2025-03-22 20:43:16", "1454148", "103.142.147.18:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:09", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-03-22 20:43:16", "1454149", "103.142.147.19:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:09", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-03-20 12:01:27", "1452404", "47.116.208.81:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:37", "100", "False", "https://search.censys.io/hosts/47.116.208.81", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-03-12 02:47:28", "1446559", "www.dyshop.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-11 12:01:13", "1446149", "210.2.169.213:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:36", "100", "False", "https://search.censys.io/hosts/210.2.169.213", "AS23966,C2,censys,Havoc,LDN-AS-PK", "0", "DonPasci" "2025-03-06 04:01:35", "1441769", "51.81.171.234:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:45:56", "100", "False", "https://search.censys.io/hosts/51.81.171.234", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci" "2025-03-04 00:00:37", "1440611", "43.153.2.113:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:10", "100", "False", "https://search.censys.io/hosts/43.153.2.113", "AS132203,C2,censys,CobaltStrike,cs-watermark-100000,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-03-03 12:01:16", "1440087", "15.204.95.228:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:33", "100", "False", "https://search.censys.io/hosts/15.204.95.228", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci" "2025-03-02 20:01:03", "1439776", "150.5.174.231:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:34", "100", "False", "https://search.censys.io/hosts/150.5.174.231", "AS150436,BYTEPLUS-AS-AP,C2,censys,Mythic", "0", "DonPasci" "2025-03-02 08:46:23", "1439368", "54.38.94.225:8887", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:45:57", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-03-01 20:47:46", "1439168", "47.129.171.26:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-01 20:46:51", "1439166", "ns.1.3.0o0.foo", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-01 20:46:51", "1439167", "ns.1.4.0o0.foo", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-02-20 12:49:39", "1428313", "8.134.51.218:24444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:21", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-02-20 06:12:03", "1424136", "118.24.121.59:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:19", "100", "False", "https://search.censys.io/hosts/118.24.121.59", "AS45090,censys,Viper", "0", "dyingbreeds_" "2025-02-14 00:01:07", "1411885", "192.52.167.140:80", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:18", "100", "False", "https://search.censys.io/hosts/192.52.167.140", "AS199959,C2,censys,CROWNCLOUD,Netsupport,RAT", "0", "DonPasci" "2025-02-10 20:43:10", "1409420", "103.215.81.156:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:09", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-02-06 13:54:51", "1405307", "https://apworsindos.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:10:12", "100", "False", "", "None", "0", "Rony" "2025-02-06 13:54:51", "1405308", "https://reminasolirol.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:01:09", "100", "False", "", "None", "0", "Rony" "2025-02-05 22:51:06", "1404178", "20.74.209.192:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-02-02 16:00:48", "1402495", "62.60.226.42:43155", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:59", "100", "False", "https://search.censys.io/hosts/62.60.226.42", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci" "2025-02-02 12:49:35", "1402480", "service-rchqbzvz-1301033415.sh.tencentapigw.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-02-01 04:00:38", "1398921", "62.60.226.6:43155", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-30 12:45:59", "100", "False", "https://search.censys.io/hosts/62.60.226.6", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci" "2025-01-31 13:44:30", "1398820", "162.252.173.12:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:44", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-31 12:01:38", "1398810", "162.252.173.12:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:44", "100", "False", "https://search.censys.io/hosts/162.252.173.12", "AS9009,backdoor,C2,censys,M247,Ransomhub", "0", "DonPasci" "2025-01-31 07:01:30", "1398657", "8.134.108.73:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:07", "100", "False", "https://search.censys.io/hosts/8.134.108.73", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-01-30 08:47:19", "1396136", "38.146.28.93:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:45:31", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-30 08:45:48", "1396135", "185.33.86.15:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:12", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-30 08:01:38", "1396130", "38.146.28.93:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:45:31", "100", "False", "https://search.censys.io/hosts/38.146.28.93", "AS174,backdoor,C2,censys,COGENT-174,Ransomhub", "0", "DonPasci" "2025-01-30 04:01:31", "1396102", "185.33.86.15:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:12", "100", "False", "https://search.censys.io/hosts/185.33.86.15", "AS202015,backdoor,C2,censys,HZ-US-AS,Ransomhub", "0", "DonPasci" "2025-01-26 08:46:00", "1394408", "54.38.94.225:8883", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:45:57", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-01-25 20:47:04", "1394158", "54.38.94.225:8880", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:45:57", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-01-22 17:46:05", "1391610", "45.82.85.50:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:45:44", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-18 16:10:00", "1386236", "https://135.181.31.18", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:10:57", "100", "False", "", "None", "0", "Gi7w0rm" "2025-01-17 09:15:21", "1384933", "38.180.81.153:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:45:32", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:15:21", "1384934", "38.180.81.153:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:45:32", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:14:13", "1384921", "167.99.139.231:8004", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-30 12:43:47", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-01-17 09:13:19", "1384912", "185.174.101.240:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:07", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:13:19", "1384913", "185.174.101.240:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:07", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:13:19", "1384914", "185.174.101.69:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:07", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:13:19", "1384915", "185.174.101.69:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:44:07", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:12:27", "1384908", "108.181.115.171:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:15", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:12:27", "1384909", "108.181.115.171:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:15", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:12:27", "1384910", "108.181.182.143:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:16", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:12:27", "1384911", "108.181.182.143:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-30 12:43:16", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 07:45:55", "1384790", "at1.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-17 07:45:55", "1384791", "at2.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-17 07:45:55", "1384792", "at3.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 13:55:47", "1381420", "77.238.236.123:18300", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:46:07", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-01-10 13:43:51", "1381067", "112.5.58.181:7001", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-30 12:43:17", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:38", "1380875", "update.mloadspring.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:38", "1380878", "upgrade.mloadspring.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:30", "1380837", "ns3.akawowfast.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:30", "1380841", "ns3.translategoos.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:29", "1380833", "ns2.translategoos.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:27", "1380818", "ns2.cmbchina.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:26", "1380815", "ns2.akawowfast.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:25", "1380811", "ns1.translategoos.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:20", "1380783", "ns1.akawowfast.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:20", "1380787", "ns1.cmbchina.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:18:57", "1380635", "8.219.78.159:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:18:43", "1380629", "70.34.196.238:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:20", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:18:28", "1380607", "47.98.134.252:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:17:37", "1380569", "38.54.115.233:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:17:20", "1380533", "207.148.68.118:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:01", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:16:21", "1380446", "139.180.189.95:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:15:44", "1380421", "118.25.91.151:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:15:43", "1380420", "117.72.39.83:43872", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 04:04:28", "1380232", "38.207.179.146:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:32", "100", "False", "https://search.censys.io/hosts/38.207.179.146", "AS139659,C2,censys,LUCID-AS-AP,Mythic", "0", "DonPasci" "2025-01-01 04:03:19", "1376919", "86.124.168.255:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2026-06-30 12:46:14", "100", "False", "https://search.censys.io/hosts/86.124.168.255", "AS8708,c2,censys,RCS-RDS,SocGholish", "0", "DonPasci" "2024-12-24 08:00:43", "1359401", "8.153.97.202:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:22", "100", "False", "https://search.censys.io/hosts/8.153.97.202", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-12-24 04:01:34", "1359309", "91.199.154.103:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:46:18", "100", "False", "https://search.censys.io/hosts/91.199.154.103", "AS62212,C2,censys,Sliver", "0", "DonPasci" "2024-12-21 16:00:27", "1358941", "112.124.71.123:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-29 17:05:06", "100", "False", "https://search.censys.io/hosts/112.124.71.123", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-12-20 16:01:53", "1358842", "149.28.61.158:8773", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:32", "100", "False", "https://search.censys.io/hosts/149.28.61.158", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci" "2024-12-16 16:01:41", "1357389", "45.56.69.210:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:41", "100", "False", "https://search.censys.io/hosts/45.56.69.210", "AKAMAI-LINODE-AP,AS63949,censys,EvilGoPhish,panel,Phishing", "0", "DonPasci" "2024-12-12 06:21:40", "1356002", "113.44.90.0:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:17", "100", "False", "https://search.censys.io/hosts/113.44.90.0", "AS55990,censys,Viper", "0", "dyingbreeds_" "2024-12-06 07:36:52", "1352876", "139.196.126.161:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:42", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2024-12-02 21:01:15", "1350210", "117.72.39.83:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:43", "100", "False", "https://search.censys.io/hosts/117.72.39.83", "AS141679,C2,censys", "0", "dyingbreeds_" "2024-12-01 07:43:42", "1349957", "117.72.39.83:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:42", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2024-11-30 20:06:19", "1349567", "216.118.101.24:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:00", "100", "False", "", "censys,panel,Viper", "0", "NDA0E" "2024-11-30 20:06:11", "1349531", "216.118.101.132:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:43", "100", "False", "", "censys,panel,Viper", "0", "NDA0E" "2024-11-30 20:06:08", "1349510", "216.118.101.199:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:53", "100", "False", "", "censys,panel,Viper", "0", "NDA0E" "2024-11-30 20:06:04", "1349492", "216.118.101.216:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:56", "100", "False", "", "censys,panel,Viper", "0", "NDA0E" "2024-11-30 20:05:51", "1349438", "216.118.101.54:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:45:12", "100", "False", "", "censys,panel,Viper", "0", "NDA0E" "2024-11-29 13:56:30", "1348902", "216.118.101.108:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:40", "100", "False", "", "Viper", "0", "dyingbreeds_" "2024-11-27 19:47:54", "1348295", "47.90.142.15:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:36", "100", "False", "", "censys,CobaltStrike", "0", "NDA0E" "2024-11-27 19:47:07", "1348026", "8.137.114.210:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:24", "100", "False", "", "censys,CobaltStrike", "0", "NDA0E" "2024-11-19 18:00:05", "1346058", "servicioremotoempresas.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-10-30 17:53:55", "1340201", "146.70.158.198:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:29", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Sliver%20C2", "c2,sliver,sliverc2", "0", "TheRavenFile" "2024-10-22 13:56:41", "1338675", "https://stripplasst.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 12:58:14", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-10-22 13:56:39", "1338673", "https://skinnyjeanso.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:07:40", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-10-22 13:56:34", "1338670", "https://coolarition.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:06:17", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-10-02 06:31:45", "1332624", "154.221.17.44:2888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:52", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2024-10-01 16:02:09", "1332328", "195.100.198.220:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:44:21", "100", "False", "https://search.censys.io/hosts/195.100.198.220", "AS5400,BT,C2,censys,Mythic", "0", "DonPasci" "2024-09-25 09:48:18", "1329064", "meet.google.com-join.us", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-30 00:17:48", "100", "False", "https://x.com/crep1x/status/1838873758833975802", "ClickFix", "0", "crep1x" "2024-09-25 08:00:47", "1329042", "118.25.148.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:32", "100", "False", "https://search.censys.io/hosts/118.25.148.25", "AS45090,C2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci" "2024-09-20 08:01:06", "1326604", "206.210.123.104:8889", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:32", "100", "False", "https://search.censys.io/hosts/206.210.123.104", "AS33130,C2,censys,IASL,RAT", "0", "DonPasci" "2024-09-19 14:07:51", "1326051", "https://isomicrotich.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:02:37", "50", "False", "None", "1.7,Alpha", "0", "spamhaus" "2024-09-19 14:07:50", "1326052", "https://rilomenifis.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:08:06", "50", "False", "None", "1.7,Alpha", "0", "spamhaus" "2024-09-07 16:01:45", "1321901", "64.23.213.61:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:00", "100", "False", "https://search.censys.io/hosts/64.23.213.61", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2024-09-01 12:00:42", "1319266", "154.221.17.44:2666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:52", "100", "False", "https://search.censys.io/hosts/154.221.17.44", "AS142403,C2,censys,CobaltStrike,cs-watermark-666666666,YISUCLOUDLTD-HK", "0", "DonPasci" "2024-08-30 07:05:10", "1317376", "https://pikchestop.com/test/", "url", "botnet_cc", "win.lactrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:00:29", "49", "False", "https://www.netskope.com/jp/blog/latrodectus-rapid-evolution-continues-with-latest-new-payload-features", "None", "0", "johannes" "2024-08-30 07:05:10", "1317377", "https://indepahote.com/test/", "url", "botnet_cc", "win.lactrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-30 13:09:31", "49", "False", "https://www.netskope.com/jp/blog/latrodectus-rapid-evolution-continues-with-latest-new-payload-features", "None", "0", "johannes" "2024-08-29 00:01:11", "1317070", "86.53.241.21:447", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:46:14", "100", "False", "https://search.censys.io/hosts/86.53.241.21", "AS3257,C2,censys,GTT-BACKBONE,RAT", "0", "DonPasci" "2024-08-27 04:00:34", "1316522", "107.22.165.49:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:43:15", "100", "False", "https://search.censys.io/hosts/107.22.165.49", "AMAZON-AES,AS14618,C2,censys,RAT", "0", "DonPasci" "2024-08-22 10:04:33", "1314694", "83.229.120.73:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:46:12", "100", "False", "https://search.censys.io/hosts/83.229.120.73", "AS139659,C2,censys,Mythic", "0", "DonPasci" "2024-08-19 19:55:59", "1313657", "193.19.242.55:1443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:19", "100", "False", "https://search.censys.io/hosts/193.19.242.55", "AS35319,AS48964,C2,censys,RAT", "0", "DonPasci" "2024-08-18 14:04:40", "1313194", "110.13.35.37:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:43:17", "100", "False", "https://search.censys.io/hosts/110.13.35.37", "AS9318,C2,censys,RAT,SKB-AS", "0", "DonPasci" "2024-08-17 14:04:20", "1312402", "20.188.119.195:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:29", "100", "False", "https://search.censys.io/hosts/20.188.119.195", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2024-08-17 02:04:24", "1312338", "210.249.114.154:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:37", "100", "False", "https://search.censys.io/hosts/210.249.114.154", "AS2516,C2,censys,RAT", "0", "DonPasci" "2024-08-16 14:02:33", "1312117", "20.188.119.195:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:44:29", "100", "False", "https://search.censys.io/hosts/20.188.119.195", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2024-08-15 22:40:43", "1311619", "23.24.178.35:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:45:22", "100", "False", "https://search.censys.io/hosts/23.24.178.35", "AS20214,C2,censys,COMCAST-20214,RAT", "0", "DonPasci" "2024-08-15 22:40:39", "1311614", "120.25.239.36:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:43:19", "100", "False", "https://search.censys.io/hosts/120.25.239.36", "ALIBABA-CN-NET,AS37963,C2,censys,RAT", "0", "DonPasci" "2024-08-11 21:50:57", "1309755", "146.70.158.198:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:29", "100", "False", "https://search.censys.io/hosts/146.70.158.198", "AS9009,C2,censys,M247", "0", "DonPasci" "2024-07-09 19:05:36", "1296480", "43.138.0.179:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:27", "100", "False", "None", "CobaltStrike,cs-watermark-0,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-07-09 06:51:58", "1296006", "213.149.181.121:469", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:37", "50", "False", "https://search.censys.io/hosts/213.149.181.121", "CYTA-NETWORK Internet Services,NetSupportRAT", "0", "drb_ra" "2024-07-09 06:51:48", "1296003", "20.105.139.205:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:28", "50", "False", "https://search.censys.io/hosts/20.105.139.205", "MICROSOFT-CORP-MSN-AS-BLOCK,NetSupportRAT", "0", "drb_ra" "2024-07-08 06:51:14", "1295752", "210.249.114.153:80", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:37", "50", "False", "https://search.censys.io/hosts/210.249.114.153", "KDDI KDDI CORPORATION,NetSupportRAT", "0", "drb_ra" "2024-07-07 03:48:38", "1295405", "23.24.178.33:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:45:22", "50", "False", "https://search.censys.io/hosts/23.24.178.33", "COMCAST-7922,NetSupportRAT", "0", "drb_ra" "2024-07-03 06:52:14", "1292877", "210.249.114.154:80", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:37", "50", "False", "https://search.censys.io/hosts/210.249.114.154", "KDDI KDDI CORPORATION,NetSupportRAT", "0", "drb_ra" "2024-07-01 10:05:40", "1291417", "198.244.197.118:9443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:25", "50", "False", "https://search.censys.io/hosts/198.244.197.118", "NetSupportRAT,OVH", "0", "drb_ra" "2024-07-01 10:05:30", "1291414", "206.210.123.104:8888", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:32", "50", "False", "https://search.censys.io/hosts/206.210.123.104", "IASL,NetSupportRAT", "0", "drb_ra" "2024-07-01 10:05:19", "1291411", "61.96.204.117:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:45:58", "50", "False", "https://search.censys.io/hosts/61.96.204.117", "DREAMX-AS DREAMLINE CO.,NetSupportRAT", "0", "drb_ra" "2024-07-01 10:05:15", "1291410", "185.23.192.33:444", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:11", "50", "False", "https://search.censys.io/hosts/185.23.192.33", "NetSupportRAT,WINET", "0", "drb_ra" "2024-07-01 10:05:10", "1291409", "2.136.235.200:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:25", "50", "False", "https://search.censys.io/hosts/2.136.235.200", "NetSupportRAT,TELEFONICA_DE_ESPANA", "0", "drb_ra" "2024-07-01 10:04:31", "1291397", "210.249.114.153:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-30 12:44:36", "50", "False", "https://search.censys.io/hosts/210.249.114.153", "KDDI KDDI CORPORATION,NetSupportRAT", "0", "drb_ra" "2024-06-30 21:00:04", "1291297", "londopas.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-30 21:00:03", "1291296", "berjimek.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-30 10:13:19", "1291010", "www.qianxinnbplus.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:48", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,HKLNIL Landui Cloud ComputingHK Limited", "0", "drb_ra" "2024-06-26 17:07:43", "1289423", "152.32.202.240:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:51", "100", "False", "None", "CobaltStrike,cs-watermark-666666", "0", "abuse_ch" "2024-06-22 06:45:48", "1287670", "91.199.154.103:34211", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:46:17", "50", "False", "https://search.censys.io/hosts/91.199.154.103", "Sliver", "0", "drb_ra" "2024-06-16 14:42:03", "1285430", "ieee-ecce.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-16 14:42:03", "1285431", "kauzalvip.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-16 14:42:03", "1285432", "nakit-yok.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-16 14:42:03", "1285433", "nathanhr.services", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-10 09:26:05", "1283657", "support.whatsappsignup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:48", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,PEG TECH INC", "0", "drb_ra" "2024-06-02 19:42:15", "1278385", "static.nvidiadrives.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-02 08:38:33", "1278172", "119.91.208.190:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:51", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-06-01 13:08:25", "1277937", "47.109.69.135:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:53", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-05-31 12:57:33", "1277588", "101.43.32.212:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:49", "100", "False", "None", "CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-05-29 12:53:46", "1276810", "asterchildrenshoes.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:55", "100", "False", "None", "BL Networks,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-05-29 12:52:55", "1276802", "124.223.41.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:51", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-05-29 10:17:04", "1276786", "8.210.9.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:54", "100", "False", "None", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-0", "0", "drb_ra" "2024-05-27 16:13:21", "1276244", "https://65.108.55.55:9000/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 12:10:25", "100", "False", "", "Vidar", "0", "crep1x" "2024-05-25 22:18:29", "1275630", "pt-security.ru", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:48", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,MTW-AS", "0", "drb_ra" "2024-05-24 13:15:35", "1274726", "47.92.127.53:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:54", "100", "False", "None", "CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-05-22 11:06:58", "1273973", "119.28.83.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:51", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-05-21 18:51:48", "1273882", "51.15.16.116:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2026-06-30 12:45:55", "50", "False", "https://search.censys.io/hosts/51.15.16.116", "Online SAS,SocGholish", "0", "drb_ra" "2024-05-21 12:53:29", "1273456", "139.159.203.44:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:52", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center", "0", "drb_ra" "2024-05-19 07:56:13", "1272788", "123.58.198.236:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:51", "100", "False", "None", "CobaltStrike,cs-watermark-391144938,UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED", "0", "drb_ra" "2024-05-16 07:53:43", "1271699", "vip8806.mom", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:49", "100", "False", "None", "CNSERVERS LLC,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-05-15 22:13:26", "1271605", "blmdiscount.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:48", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,FBWNETWORKS", "0", "drb_ra" "2024-05-15 22:13:26", "1271606", "91.238.181.235:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:55", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,FBWNETWORKS", "0", "drb_ra" "2024-05-15 15:33:07", "1271347", "118.25.85.198:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:44", "100", "False", "https://search.censys.io/hosts/118.25.85.198", "AS45090,c2,censys,CobaltStrike,cs-watermark-305419896,TENCENT-NET-AP", "0", "DonPasci" "2024-05-14 10:14:21", "1270684", "64.7.198.58:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:54", "100", "False", "None", "BLNWX,CobaltStrike,cs-watermark-426352781", "0", "drb_ra" "2024-05-11 22:47:31", "1269727", "113.31.105.33:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:50", "100", "False", "None", "China Telecom (Group),CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-05-11 22:47:10", "1269724", "185.196.8.18:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:52", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Simple Carrier LLC", "0", "drb_ra" "2024-05-11 22:47:09", "1269723", "action-winds.cfd", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:55", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Simple Carrier LLC", "0", "drb_ra" "2024-05-11 22:47:08", "1269721", "microstar.cfd", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:55", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Simple Carrier LLC", "0", "drb_ra" "2024-05-07 10:14:57", "1267565", "113.31.106.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:50", "100", "False", "None", "CHINANET-SHANGHAI-MAN China Telecom Group,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-05-07 07:48:08", "1267486", "111.230.12.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:49", "100", "False", "https://search.censys.io/hosts/111.230.12.238", "AS45090,c2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci" "2024-05-06 12:49:25", "1266959", "134.122.130.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:52", "100", "False", "None", "BGPNET Global ASN,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-29 12:51:26", "1263972", "134.122.130.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:51", "100", "False", "None", "BGPNET Global ASN,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-28 17:59:06", "1263319", "124.71.106.234:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:51", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,Huawei Cloud Service data center", "0", "drb_ra" "2024-04-26 12:59:31", "1262666", "118.31.116.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:50", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 22:12:56", "1262568", "8.134.11.7:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:54", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-24 13:08:20", "1261845", "165.227.108.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:52", "100", "False", "None", "CobaltStrike,cs-watermark-970865301,DigitalOcean LLC", "0", "drb_ra" "2024-04-23 18:05:49", "1260893", "80.66.75.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:55", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,GRIZ-INET-SERVICE", "0", "drb_ra" "2024-04-23 18:05:43", "1260890", "101.201.54.74:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:49", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-21 15:09:17", "1259796", "62.204.41.11:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:54", "100", "False", "https://search.censys.io/hosts/62.204.41.11", "AS59425,c2,censys,CobaltStrike,cs-watermark-1580103824,HORIZONMSK-AS", "0", "DonPasci" "2024-04-11 10:15:16", "1255726", "124.220.6.158:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:46", "100", "False", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28services.software.uniform_resource_identifier%3A+%60cpe%3A2.3%3Aa%3Afortra%3Acobalt_strike%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-04-11 10:15:15", "1255727", "124.220.6.158:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:46", "100", "False", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28services.software.uniform_resource_identifier%3A+%60cpe%3A2.3%3Aa%3Afortra%3Acobalt_strike%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-04-09 06:47:29", "1255012", "159.223.0.103:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:42", "50", "False", "https://search.censys.io/hosts/159.223.0.103", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-04-02 10:17:26", "1252542", "185.196.10.121:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:52", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,SIMPLECARRIER", "0", "drb_ra" "2024-03-27 14:42:02", "1250157", "soneypaly.club", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-03-27 07:57:29", "1249815", "47.105.69.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:53", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-03-22 19:47:18", "1248363", "https://titnovacrion.top/live/", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "2026-06-30 12:58:38", "100", "False", "", "None", "0", "Cryptolaemus1" "2024-03-09 20:54:40", "1245476", "47.100.87.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:53", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-03-06 20:55:37", "1244781", "194.165.16.55:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:53", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS", "0", "drb_ra" "2024-03-06 10:12:56", "1244726", "googlesupportacc.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:55", "100", "False", "None", "ASSEFLOW,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-02-21 22:13:19", "1241656", "121.43.55.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:51", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-02-07 10:12:21", "1237621", "qw.regcssv.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:58", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,FLYSERVERS-ASN", "0", "drb_ra" "2024-02-03 19:38:15", "1236577", "ec2-3-22-66-152.us-east-2.compute.amazonaws.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:58", "100", "False", "https://search.censys.io/hosts/3.22.66.152+ec2-3-22-66-152.us-east-2.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys", "0", "thehappydinoa" "2024-02-02 06:00:13", "1236276", "20.56.70.245:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:53", "80", "False", "None", "None", "0", "malpulse" "2024-01-30 06:20:34", "1235332", "www.louangelwolf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:00", "100", "False", "", "cobaltstrike,cs-watermark-1551089073", "0", "myceliumbroker" "2024-01-28 06:22:18", "1234854", "kkudndkwatnfevcaqeefytqnh.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:58", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker" "2024-01-28 06:22:17", "1234859", "whxzqkbbtzvdyxdeseoiyujzs.co", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:00", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker" "2024-01-28 06:22:17", "1234860", "uohhunkmnfhbimtagizqgwpmv.to", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:59", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker" "2024-01-27 14:31:40", "1234928", "114.55.133.151:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:50", "100", "False", "https://search.censys.io/hosts/114.55.133.151", "AS37963,C2,censys", "0", "thehappydinoa" "2024-01-27 14:31:20", "1234909", "117.72.39.83:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:42", "100", "False", "https://search.censys.io/hosts/117.72.39.83", "AS141679,C2,censys", "0", "thehappydinoa" "2024-01-24 18:49:24", "1234304", "38.147.189.199:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:45:31", "50", "False", "https://search.censys.io/hosts/38.147.189.199", "Pupy RAT,XNNET", "0", "drb_ra" "2024-01-23 13:53:21", "1233919", "www.idn15r69vh3fwhzclfoeuaoy.today", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:00", "100", "False", "https://search.censys.io/hosts/8.219.229.99+www.idn15r69vh3fwhzclfoeuaoy.today", "AS45102,C2,censys", "0", "thehappydinoa" "2024-01-18 13:44:13", "1231802", "164-90-169-184.cprapid.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:00", "100", "False", "https://search.censys.io/hosts/164.90.169.184+164-90-169-184.cprapid.com", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa" "2024-01-16 08:13:32", "1230963", "https://65.21.187.53/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-30 13:10:15", "100", "False", "", "Vidar", "0", "crep1x" "2024-01-15 16:27:00", "1230909", "lz4.tiktok123.life", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:59", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker" "2024-01-13 06:47:25", "1230478", "164.92.79.49:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:46", "50", "False", "https://search.censys.io/hosts/164.92.79.49", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-01-12 18:36:24", "1230429", "site.dev.hutechweb.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:59", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker" "2024-01-11 06:54:21", "1230076", "ns1.fiducaire.lu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:59", "100", "False", "", "cobaltstrike,cs-watermark-1263551644", "0", "myceliumbroker" "2024-01-11 06:54:21", "1230077", "ns1.asurances.lu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:59", "100", "False", "", "cobaltstrike,cs-watermark-1263551644", "0", "myceliumbroker" "2024-01-11 06:54:20", "1230078", "sagsblog.telinduslab.lu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:59", "100", "False", "", "cobaltstrike,cs-watermark-1263551644", "0", "myceliumbroker" "2024-01-11 06:54:20", "1230079", "ns1.jocelynhealth.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:59", "100", "False", "", "cobaltstrike,cs-watermark-1590258876", "0", "myceliumbroker" "2024-01-10 10:50:13", "1229840", "ns.emaratalyoum.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:59", "100", "False", "", "cobaltstrike,cs-watermark-1727139162", "0", "myceliumbroker" "2024-01-10 06:48:20", "1229817", "161.35.239.147:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-30 12:43:43", "50", "False", "https://search.censys.io/hosts/161.35.239.147", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-01-09 14:55:19", "1229694", "emailmigration.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:58", "100", "False", "", "cobaltstrike,cs-watermark-1892870985", "0", "myceliumbroker" "2024-01-09 14:55:17", "1229695", "ns1.emailmigration.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:59", "100", "False", "", "cobaltstrike,cs-watermark-1892870985", "0", "myceliumbroker" "2024-01-09 08:45:29", "1229661", "111.92.243.236:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:50", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,HFTCL-AS-AP High Family Technology Co. Limited", "0", "drb_ra" "2024-01-05 21:31:13", "1228458", "139.9.62.19:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:52", "100", "False", "https://search.censys.io/hosts/139.9.62.19", "C2,censys", "0", "thehappydinoa" "2024-01-05 06:45:36", "1228033", "143.110.151.209:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:27", "50", "False", "https://search.censys.io/hosts/143.110.151.209", "DIGITALOCEAN-ASN,Sliver", "0", "drb_ra" "2024-01-02 14:31:12", "1227297", "106.54.209.36:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:49", "100", "False", "https://search.censys.io/hosts/106.54.209.36", "C2,censys", "0", "thehappydinoa" "2023-12-30 11:33:25", "1226488", "astra4512.startdedicated.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:00", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,GD-EMEA-DC-SXB1", "0", "drb_ra" "2023-12-27 22:15:29", "1224105", "cs.xcb.one", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:00", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra" "2023-12-26 06:46:27", "1223678", "8.140.203.92:7817", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-30 12:46:07", "50", "False", "https://search.censys.io/hosts/8.140.203.92", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Deimos", "0", "drb_ra" "2023-12-18 05:00:11", "1221451", "62.234.27.204:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:54", "80", "False", "None", "None", "0", "malpulse" "2023-12-16 22:12:14", "1213636", "MicrosoftSyst3m.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:02", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,GLOBALLAYER", "0", "drb_ra" "2023-12-15 18:59:31", "1213211", "117.72.39.83:33333", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:42", "100", "False", "https://search.censys.io/hosts/117.72.39.83", "C2,censys", "0", "thehappydinoa" "2023-12-04 08:45:50", "1209246", "unzip2.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:02", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2023-11-24 08:21:04", "1205166", "techsyscloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-11-24 08:21:04", "1205167", "yify88.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-11-24 08:21:02", "1205164", "americcorp.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:03", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-11-22 20:04:09", "1204685", "tech-guard.vguard.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:04", "100", "False", "https://search.censys.io/hosts/44.204.120.159+tech-guard.vguard.tech", "AMAZON-AES,C2,censys", "0", "thehappydinoa" "2023-11-15 20:24:37", "1202628", "ns.manager.moonlighter.space", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:04", "100", "False", "None", "CobaltStrike,cs-watermark-1893164628,DIGITALOCEAN-ASN", "0", "drb_ra" "2023-11-09 17:50:07", "1201144", "101.34.222.38:60000", "ip:port", "botnet_cc", "apk.viper_rat", "None", "Viper RAT", "2026-06-30 12:43:03", "100", "False", "https://search.censys.io/hosts/101.34.222.38", "C2,censys,RAT", "0", "thehappydinoa" "2023-11-09 04:06:44", "1200343", "dev.theokanegroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:04", "100", "False", "https://search.censys.io/hosts/134.209.164.110+dev.theokanegroup.com", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa" "2023-11-06 21:04:29", "1199545", "38.54.115.233:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:47:06", "80", "False", "None", "None", "0", "malpulse" "2023-11-06 18:07:30", "1199506", "bwyb.love", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:03", "100", "False", "https://search.censys.io/hosts/47.242.158.114+bwyb.love", "C2,censys", "0", "thehappydinoa" "2023-11-05 15:00:42", "1199160", "www.sunwu.world", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:04", "100", "False", "https://search.censys.io/hosts/82.157.149.194+www.sunwu.world", "C2,censys", "0", "thehappydinoa" "2023-10-24 10:39:59", "1192255", "139.155.148.131:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:52", "100", "False", "https://search.censys.io/hosts/139.155.148.131", "C2,censys", "0", "thehappydinoa" "2023-10-20 21:57:56", "1191379", "www.goocoinorg.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:04", "100", "False", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=name%3A+www.goocoinorg.com&ref=threatfox", "C2,censys", "0", "thehappydinoa" "2023-10-16 08:49:32", "1189545", "airlinesapp.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:02", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,DigitalOcean LLC", "0", "drb_ra" "2023-10-13 19:49:34", "1188605", "lectricelfuel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:03", "100", "False", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=name%3A+lectricelfuel.com&ref=threatfox", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa" "2023-10-12 01:35:38", "1187879", "143.110.151.209:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-30 12:43:27", "90", "False", "https://search.censys.io/hosts/143.110.151.209", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa" "2023-10-11 12:59:56", "1187462", "117.72.8.192:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:50", "100", "False", "https://search.censys.io/hosts/117.72.8.192", "C2,censys", "0", "thehappydinoa" "2023-09-30 16:12:13", "1180378", "111.229.187.212:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:49", "80", "False", "None", "None", "0", "malpulse" "2023-09-21 09:29:08", "1165497", "igo0gle.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:01", "100", "False", "None", "AS-ALVIVA,CobaltStrike,cs-watermark-674054486", "0", "drb_ra" "2023-09-20 18:47:20", "1165172", "8.217.217.243:8082", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-30 12:46:08", "50", "False", "https://search.censys.io/hosts/8.217.217.243", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Deimos", "0", "drb_ra" "2023-09-09 20:06:55", "1155921", "csxv.sec.cm", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:03", "100", "False", "None", "CHANGWAY-AS,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2023-09-05 21:52:59", "1155319", "43.136.38.59:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:53", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2023-08-26 18:42:05", "1152278", "withoutedge.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:04", "1152277", "thconnewfoot.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:03", "1152274", "caixas.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:03", "1152275", "ddllsearch.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:03", "1152276", "gepcash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:02", "1152272", "amazonclouds.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:02", "1152273", "amur-city.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-23 11:56:21", "1151693", "43.153.222.28:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:39", "100", "False", "None", "CobaltStrike,cs-watermark-100000,Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2023-08-14 18:46:43", "1149951", "164.92.145.128:7810", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-30 12:43:46", "50", "False", "https://search.censys.io/hosts/164.92.145.128", "Brute Ratel C4,DIGITALOCEAN-ASN", "0", "drb_ra" "2023-08-14 16:00:05", "1149946", "pctor.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-14 16:00:04", "1149945", "tehomics.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-14 16:00:03", "1149944", "instant-healthonline.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-05 14:38:23", "1148731", "stratpringl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:07", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,PINDC-AS", "0", "drb_ra" "2023-08-04 11:01:52", "1148487", "onlinetechdesk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:08", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike,cs-watermark-587247372", "0", "drb_ra" "2023-08-03 10:25:44", "1146843", "harmonyshoused.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:08", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,HVC-AS", "0", "drb_ra" "2023-08-03 10:24:41", "1146834", "api.office-updates.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:03", "100", "False", "None", "CobaltStrike,cs-watermark-494165167,DIGITALOCEAN-ASN", "0", "drb_ra" "2023-08-02 10:24:58", "1146619", "mkbkygbgwcdc.buzz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:07", "100", "False", "None", "CobaltStrike,cs-watermark-391144938,KAOPU-HK Kaopu Cloud HK Limited", "0", "drb_ra" "2023-07-25 10:17:22", "1140114", "tcessolution.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:04", "100", "False", "None", "AS202973,CobaltStrike,cs-watermark-587247372", "0", "drb_ra" "2023-07-15 12:48:31", "1138196", "rw1.sentrysource.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:59", "100", "False", "None", "CobaltStrike,cs-watermark-93937751,ROGERS-COMMUNICATIONS", "0", "drb_ra" "2023-07-03 15:42:02", "1135804", "pedagogists.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-07-03 15:42:01", "1135803", "cdnsupply.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-06-28 22:51:22", "1134787", "1.15.248.225:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:49", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2023-06-26 08:12:17", "1134128", "check1.judicical.ml", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:25", "100", "False", "None", "CNSERVERS,CobaltStrike,cs-watermark-100000000", "0", "drb_ra" "2023-06-26 08:11:33", "1134127", "check.judicical.ml", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:25", "100", "False", "None", "CNSERVERS,CobaltStrike,cs-watermark-100000000", "0", "drb_ra" "2023-06-22 17:12:29", "1133505", "usadevgroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:09", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,WAICORE-TRANSIT", "0", "drb_ra" "2023-06-11 22:26:06", "1128165", "heastings.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:09", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,M247", "0", "drb_ra" "2023-06-09 20:00:05", "1127715", "unitechdb.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-06-09 20:00:04", "1127713", "cornptia.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-06-09 20:00:04", "1127714", "eyefinancemonitor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-06-08 16:27:41", "1127447", "surplusofer.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:10", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,HVC-AS", "0", "drb_ra" "2023-05-25 15:42:02", "1122048", "dianqi2.dianqi1.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:26", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra" "2023-05-25 15:41:46", "1122047", "dianqi1.dianqi2.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:25", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra" "2023-05-25 15:41:31", "1122046", "dianqi2.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:26", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra" "2023-05-25 15:41:10", "1122045", "dianqi1.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:26", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra" "2023-05-24 19:35:48", "1121460", "update.microsoftapply.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:31", "100", "False", "None", "CobaltStrike,cs-watermark-Not Found,DediPath", "0", "drb_ra" "2023-05-23 12:37:36", "1120772", "australiansuper.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:09", "100", "False", "None", "Amazon.com Inc.,CobaltStrike,cs-watermark-348901740", "0", "drb_ra" "2023-05-16 10:00:03", "1116637", "sheersdesigns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-05-16 10:00:02", "1116636", "artmicrodesign.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-05-06 16:13:31", "1112839", "situotech.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:10", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,HARMONYHOSTING-AS", "0", "drb_ra" "2023-05-05 12:41:05", "1111457", "35.201.196.246:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-30 12:45:29", "50", "False", "https://search.censys.io/hosts/35.201.196.246", "GOOGLE-CLOUD-PLATFORM,Pupy RAT", "0", "drb_ra" "2023-05-04 06:46:43", "1110863", "39.106.36.96:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-30 12:45:33", "50", "False", "https://search.censys.io/hosts/39.106.36.96", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Deimos", "0", "drb_ra" "2023-05-04 06:46:41", "1110862", "36.95.131.171:9091", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-30 12:45:30", "50", "False", "https://search.censys.io/hosts/36.95.131.171", "Deimos,TELKOMNET-AS-AP PT Telekomunikasi Indonesia", "0", "drb_ra" "2023-05-04 06:46:35", "1110860", "18.162.155.202:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-30 12:43:57", "50", "False", "https://search.censys.io/hosts/18.162.155.202", "AMAZON-02,Deimos", "0", "drb_ra" "2023-05-04 06:46:33", "1110859", "8.218.26.114:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-30 12:46:08", "50", "False", "https://search.censys.io/hosts/8.218.26.114", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Deimos", "0", "drb_ra" "2023-04-22 18:00:03", "1106335", "maboloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-04-22 18:00:03", "1106336", "matong.buzz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-04-21 10:20:17", "1105988", "qw.sveexec.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:10", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,GLOBALLAYER", "0", "drb_ra" "2023-04-15 12:28:52", "1103771", "77.242.250.36:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:54", "100", "False", "None", "CobaltStrike,cs-watermark-1416875320", "0", "drb_ra" "2023-04-12 09:02:56", "1102558", "lls-rs.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:11", "100", "False", "None", "CobaltStrike,cs-watermark-0,PROSPERO-AS", "0", "drb_ra" "2023-04-03 07:21:03", "1096685", "iony.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-04-03 07:21:03", "1096686", "office36o.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-04-03 07:21:02", "1096683", "feyrijavac.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-04-03 07:21:02", "1096684", "fidelyus.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-29 22:27:30", "1095276", "jacketsupport.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:11", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,GLOBALLAYER", "0", "drb_ra" "2023-03-29 04:51:21", "1095042", "duckducklive.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:11", "100", "False", "https://www.virustotal.com/gui/file/b5da1db6d69f2f872e603beb0f121c68f3320ed33a0c9835bfc1a931d177c947", "391144938,Beacon,Cobalt Strike,CobaltStrike", "0", "AndreGironda" "2023-03-28 15:52:23", "1094484", "louvree.abudhabe.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:08", "100", "False", "None", "CobaltStrike,cs-watermark-1826426664,EMIRATES-INTERNET Emirates Internet", "0", "drb_ra" "2023-03-20 17:21:02", "1092077", "jquerymaingame.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 17:21:02", "1092078", "mail-my-account.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 17:21:02", "1092079", "my-accounts-gooogle.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 17:21:02", "1092080", "pegistrationads.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 17:21:01", "1092075", "eaglehardwares.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 17:21:01", "1092076", "information.baby", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 13:36:29", "1092009", "moviegallerys.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:11", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,UAB Cherry Servers", "0", "drb_ra" "2023-03-17 22:40:17", "1091575", "acroserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:11", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,Flyservers S.A.", "0", "drb_ra" "2023-03-17 19:45:49", "1091535", "atechniques.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:11", "100", "False", "None", "AEZA-AS,CobaltStrike,cs-watermark-674054486", "0", "drb_ra" "2023-03-17 13:33:15", "1091454", "winsatoom.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:12", "100", "False", "None", "AS-CHOOPA,CobaltStrike,cs-watermark-668694132", "0", "drb_ra" "2023-03-13 04:47:12", "1087542", "devoinnanote.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:12", "100", "False", "None", "CobaltStrike,cs-watermark-2130772225,SHARKTECH", "0", "drb_ra" "2023-02-26 09:03:09", "1082976", "ponzinivek.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-26 09:03:09", "1082977", "ruplearben.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-26 09:03:09", "1082978", "talonbilling.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-26 09:03:09", "1082979", "gorillagaz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-26 09:03:09", "1082980", "chanimoblie.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-25 14:42:02", "1082871", "kbnexc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-25 14:42:01", "1082870", "jquerysslx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-25 13:15:07", "1082838", "e-servicesolutions.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:12", "100", "False", "None", "AEZA GROUP Ltd,CobaltStrike,cs-watermark-674054486", "0", "drb_ra" "2023-02-24 02:30:56", "1082591", "devsecurityservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:13", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,Flyservers S.A.", "0", "drb_ra" "2023-02-23 13:06:07", "1082417", "www.vmware.rest", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:15", "100", "False", "None", "AS-CHOOPA,CobaltStrike,cs-watermark-1234567890", "0", "drb_ra" "2023-02-17 18:25:01", "1081018", "galspost.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:13", "100", "False", "None", "CobaltStrike,cs-watermark-1101991775,Microsoft Corporation", "0", "drb_ra" "2023-02-16 14:54:22", "1080735", "imvcatool.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:13", "100", "False", "None", "AEZA-AS,CobaltStrike,cs-watermark-674054486", "0", "drb_ra" "2023-02-04 19:39:46", "1078198", "aspnetcenter.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:15", "100", "False", "None", "CobaltStrike,Web Gostaran Bandar Company PJS", "0", "drb_ra" "2023-02-04 18:42:02", "1078172", "audelr.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-04 18:42:02", "1078173", "csou.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-04 18:42:02", "1078174", "integrated-security.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-04 18:42:02", "1078175", "uranustechsolution.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-03 17:24:39", "1078062", "getsafeblog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:15", "100", "False", "None", "CobaltStrike,PLI-AS", "0", "drb_ra" "2023-02-02 19:40:26", "1076907", "qw.svcshosvt.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:14", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra" "2023-02-02 19:39:18", "1076896", "nxsimdevelop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:13", "100", "False", "None", "AEZA-AS,CobaltStrike", "0", "drb_ra" "2023-02-01 02:21:19", "1075651", "appdevtechnology.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:13", "100", "False", "None", "AEZA-AS,CobaltStrike", "0", "drb_ra" "2023-01-31 15:09:13", "1075540", "dbx.formsift.io", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:13", "100", "False", "None", "Amazon.com Inc.,CobaltStrike", "0", "drb_ra" "2023-01-29 11:29:55", "1075020", "devcloudpro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:16", "100", "False", "None", "CobaltStrike,FLYSERVERS-ENDCLIENTS", "0", "drb_ra" "2023-01-28 09:40:24", "1074894", "164.90.158.199:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:46", "50", "False", "https://search.censys.io/hosts/164.90.158.199", "DIGITALOCEAN-ASN,Mythic", "0", "drb_ra" "2023-01-28 09:40:10", "1074890", "145.131.8.169:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:28", "50", "False", "https://search.censys.io/hosts/145.131.8.169", "Mythic,SENTIA", "0", "drb_ra" "2023-01-28 09:26:29", "1074833", "130.61.124.23:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-30 12:43:21", "50", "False", "https://search.censys.io/hosts/130.61.124.23", "Covenant,ORACLE-BMC-31898", "0", "drb_ra" "2023-01-25 19:42:03", "1074144", "support-wellsfargovis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-25 19:42:02", "1074141", "recoverporta1.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-25 19:42:02", "1074142", "recoverportal2.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-25 19:42:02", "1074143", "recoveryweb2.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-23 20:33:42", "1073670", "vd-ntds.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:15", "100", "False", "None", "CobaltStrike,PROSPERO-AS", "0", "drb_ra" "2023-01-20 14:21:02", "1070164", "hnsxpharm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-20 14:21:02", "1070165", "myjqueryss.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-20 14:21:02", "1070167", "telusmobility-billed.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-20 14:21:02", "1070168", "thenbkgroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-20 11:23:14", "1070137", "avdev.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:16", "100", "False", "None", "CobaltStrike,Flyservers S.A.", "0", "drb_ra" "2023-01-19 19:53:20", "1069980", "qw.execsvct.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:16", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra" "2023-01-19 14:15:53", "1069895", "azurecloudfire.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:16", "100", "False", "None", "CobaltStrike,ITRESHENIYA-AS", "0", "drb_ra" "2023-01-19 11:23:42", "1069868", "goupdatemic.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:17", "100", "False", "None", "CobaltStrike,GOOGLE", "0", "drb_ra" "2023-01-18 02:29:29", "1069579", "mwg-update.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:17", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra" "2023-01-13 17:37:32", "1068206", "goodsport2023.win", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:17", "100", "False", "None", "CobaltStrike,VOM", "0", "drb_ra" "2023-01-12 21:56:23", "1068079", "blackandwhiteshoose.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:17", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2023-01-12 20:55:06", "1068045", "qw.svcrencst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:18", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra" "2023-01-12 14:45:18", "1067954", "realsecuritystore.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:18", "100", "False", "None", "CobaltStrike,Private Layer INC", "0", "drb_ra" "2023-01-12 13:04:56", "1067924", "fixx.sbs", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:14", "100", "False", "None", "CobaltStrike,SNEL", "0", "drb_ra" "2023-01-11 10:59:45", "1067646", "allowedcloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:14", "100", "False", "None", "CobaltStrike,HIVELOCITY Inc.", "0", "drb_ra" "2022-12-31 19:48:39", "1064196", "freegaysnews.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:18", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra" "2022-12-31 18:58:09", "1064176", "topgamenetwork.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:18", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-12-31 16:21:02", "1064173", "zfuxwvouqvnttpsrxe.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:52", "1064075", "cloudyspaces.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:52", "1064076", "666621.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:23", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064069", "144.217.207.19:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064070", "allsdone.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064071", "ipsandwich.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064072", "cookieholder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064073", "pingcheker.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064074", "wagonovk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064062", "microsoftupdateassist.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064063", "qvibova.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064064", "cloudwebpictures.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064065", "metalkost.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064066", "m7r4r2i2.stackpathcdn.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064067", "online.cloudwebpictures.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:49", "1064057", "bartiba.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:49", "1064058", "varnart.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:49", "1064059", "nsfdfdfdf.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:49", "1064060", "micorsoft.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:49", "1064061", "aigouing.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064046", "ksplsoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064047", "lastinsuranceteam.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064048", "msdnsservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064049", "securequoteme.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064050", "techdevcorp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064051", "syncorporation.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064052", "visualstudioapp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064053", "altreeservicellc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064054", "discountshadesdirect.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064055", "setechnowork.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064056", "technicollit.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064038", "shiyicaster.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064039", "cdn-top.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064040", "onesecondservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064041", "vpnupdaters.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064042", "rodinscoldly.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064043", "antariscapital.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064044", "ftwealthmgt.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064045", "iconiq-capitel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064031", "asset-trades.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064032", "telemetrin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064033", "secupdate4win.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064034", "cdn-start.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064035", "capitalmanagementdata.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064036", "lawsolutions.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064024", "diegomaster.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064025", "dp-test1.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064026", "cloudkey.digital", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064027", "updatevpncitrix.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064028", "classgum.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064029", "edgeupdater.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064030", "gfcbm.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064016", "barmnava.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064017", "firewallwithadvancedserurity.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064018", "lgbtqplusfriendlydomain.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064019", "market-stats.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064020", "apabfs.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064021", "fziomerof.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064022", "fserd.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064023", "verofes.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:43", "1064015", "postofficeltdc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064006", "jarvcza.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064007", "teystyjeem.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064008", "faceupfinder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064009", "costacancordia.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064010", "lapsusareskids.world", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064011", "msupdater.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064012", "dwordname.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064013", "trademot.finance", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064014", "agreminj.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1063998", "exchangeallltd.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1063999", "guggenheimpartners-survey.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064000", "caresalonservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064001", "just-findncall.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064002", "fluoxi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064003", "buynet.digital", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064004", "everythingchecker.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064005", "dezword.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:40", "1063995", "goksearch.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:40", "1063996", "polyhaz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:40", "1063997", "data-protection-test.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:39", "1063992", "update04.microsoft-essentials.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:38", "1063991", "akaluij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:36", "1063989", "43.129.7.189:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:57", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:36", "1063990", "82.156.241.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:33", "1063985", "donormix.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:33", "1063986", "hardicki.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:33", "1063987", "stfconnect.onthewifi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:33", "1063988", "agsdef.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:00", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063978", "observerinfo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063979", "dehikz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063980", "cocanewline.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063981", "rainqor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063982", "axelkim.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063983", "azimurs.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063984", "innovativesitecreations.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:31", "1063972", "creditscore.usbankcreditcards.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:31", "1063975", "megumin.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:31", "1063976", "loanhelp.support", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:31", "1063977", "volsecure.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:30", "1063966", "domtern.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:30", "1063968", "drakr.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:30", "1063969", "devcisco.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:30", "1063971", "web-news-blog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:29", "1063963", "bankafrika.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:29", "1063964", "mssfr.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:29", "1063965", "edgekey.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063955", "webyoutubeshop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063956", "extic.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063957", "reykh.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063959", "propertynewsclub.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063960", "afindisc.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063961", "propertyinfogroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063962", "topnewscompany.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:27", "1063950", "baidenfree.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:27", "1063951", "directoryupdate.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:27", "1063952", "azmnetwork.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:27", "1063953", "onevisioncommunications.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:27", "1063954", "campioni-imam.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063943", "serviceapp1.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063944", "softcloud.digital", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063945", "appmind.center", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063946", "ms-data.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063947", "oracleup.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063948", "topinfocompany.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063949", "blockchainstartups-crypto.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063934", "expresssmash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063935", "vgroz.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063936", "baidengop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063937", "ofilopex.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063938", "aabancaa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063939", "shermango.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063940", "nongxinyin.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063941", "a6m1n.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063942", "emailbox.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063926", "wxtencent.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063927", "emergeno.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063928", "browngreeer.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063929", "processdec.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063931", "sndm-sndm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063932", "sinergil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063933", "vinergil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063918", "westtherr.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063919", "quickaccestwo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063920", "usgrim.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063921", "onelivemusicshop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063922", "zomerax.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063923", "fsamon.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063924", "sscimails.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063925", "agentrecovery.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063909", "entertainok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063910", "jatafatuna.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063911", "pluyk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063912", "affinm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063913", "gijoxupe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063914", "vangshares.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063915", "fudupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063917", "contemporaryto.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063902", "ziono.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063903", "lolutow.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063904", "niht12.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063905", "slfcorporate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063906", "baidu-cdn-10.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063907", "jandoz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063908", "casevor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:20", "1063897", "gotroops.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:20", "1063898", "wtxservice.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:20", "1063899", "xevayuhace.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:20", "1063900", "suppcat.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:20", "1063901", "softloadup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063889", "asbetysh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063890", "ascagliarinish.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063891", "ascasdsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063892", "aschamp79sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063893", "aschnurmansh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063894", "aseleeeksh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063895", "asensvsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063880", "artist2actresssh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063881", "arturprikhodkosh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063882", "arvin78sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063883", "arvind567shahsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063884", "arvindkkumsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063885", "arvosash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063886", "arwalsersh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063887", "aryaarieash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063888", "aryalalexsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063870", "dovaxanil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063871", "hehegahu.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063872", "agriculturemachineries.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063873", "arhipenkolenagenesh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063874", "aritmiagenesh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063875", "artes911sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063876", "arthas89sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063877", "arthurstevens62sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063878", "arthurtaylor13sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063879", "artis214sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063864", "zipo-cons.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063865", "fazehotafa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063866", "zendriol.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063867", "sezezapa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063868", "sorekipe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063869", "zezinuwe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063858", "shrekf.art", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063859", "amaniza.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063860", "microcloud.pro", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063861", "anexuss.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063862", "edictsoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063863", "out1etshops.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063851", "stepnbayac.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063852", "chickenpoken.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063853", "hockeysmall.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063854", "orthodoxok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063855", "cocesovo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063856", "familyinsurancepartner.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063857", "senebuvuyi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:13", "1063848", "fincheck.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:13", "1063849", "svchosst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:13", "1063850", "conhosst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:12", "1063843", "maximumservers.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:12", "1063844", "conferencedesk.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:12", "1063845", "bluetechsupply.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:12", "1063846", "allgroupservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:12", "1063847", "acitopram.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:11", "1063838", "businessservicesolution.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:11", "1063839", "gravyblicus.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:11", "1063840", "firmwarekey.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:11", "1063841", "updateraccount.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:11", "1063842", "mvnetworking.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063832", "avasecurityservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063833", "extranetserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063834", "clacem.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063835", "eonline-cdn.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063836", "cagohufe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063837", "vezawahoy.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063826", "tetafup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063827", "api-trend-micro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:26", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063828", "digital-hardware.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063829", "aboutdatabasesoftware.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063830", "high-control.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063831", "soft-base.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:08", "1063821", "iptvr.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:08", "1063823", "mingw.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:08", "1063824", "transfercloud.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:08", "1063825", "flashcom.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:07", "1063818", "sciencelifedata.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:23", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:07", "1063819", "bookingsupport.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:07", "1063820", "ateyakima.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:06", "1063813", "buy1walmart.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:06", "1063816", "drbeat.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:06", "1063817", "aialadin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:05", "1063810", "hhkj222.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:05", "1063811", "yw2204.shop", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:05", "1063812", "nordicqlobal.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:04", "1063806", "favls.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:04", "1063807", "linkkedin.life", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:04", "1063808", "magellanfit.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:03", "1063805", "afspd.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:46:51", "1063804", "164.92.70.225:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:44:07", "1063802", "abritrum-bridges.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-28 19:56:09", "1063208", "a.wv2022.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:19", "100", "False", "None", "CobaltStrike,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2022-12-28 02:22:09", "1063123", "apacheorg.wiki", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:19", "100", "False", "None", "CLOUDIE-AS-AP Cloudie Limited,CobaltStrike", "0", "drb_ra" "2022-12-24 19:00:50", "1062406", "updatemicrotok.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:19", "100", "False", "None", "AS-SERVERION,CobaltStrike", "0", "drb_ra" "2022-12-19 21:43:42", "1053949", "eserverx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:19", "100", "False", "None", "AEZA-AS,CobaltStrike", "0", "drb_ra" "2022-12-19 11:41:44", "1050306", "cmdatabase.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:15", "100", "False", "None", "ADM Service Ltd.,CobaltStrike", "0", "drb_ra" "2022-12-17 12:12:59", "1050198", "cloudmane.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:19", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra" "2022-12-13 11:43:38", "1036758", "8.212.49.116:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:55", "100", "False", "None", "Alibaba (US) Technology Co. Ltd.,CobaltStrike", "0", "drb_ra" "2022-12-12 01:38:31", "1036111", "qw.conhoosst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:20", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-12-08 20:45:56", "1035723", "expoglobalservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:20", "100", "False", "None", "CobaltStrike,TIER-NET", "0", "drb_ra" "2022-12-07 20:05:59", "1035558", "www.microsofer.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:24", "100", "False", "None", "CobaltStrike,Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2022-12-05 20:03:53", "1031731", "googlecontentuser.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:21", "100", "False", "https://twitter.com/TheDFIRReport/status/1599780643222654976", "CobaltStrike", "0", "abuse_ch" "2022-12-05 19:27:32", "1031726", "test.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:08", "100", "False", "None", "CobaltStrike,YISUCLOUDLTD-HK YISU CLOUD LTD", "0", "drb_ra" "2022-12-05 11:42:38", "1029025", "palalto.live", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:21", "100", "False", "None", "CobaltStrike,Private Layer INC", "0", "drb_ra" "2022-12-04 20:18:27", "1028963", "esoftwareupdates.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:20", "100", "False", "None", "ASGHOSTNET,CobaltStrike", "0", "drb_ra" "2022-12-02 21:28:11", "1028767", "globalplayservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:21", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2022-12-02 20:50:52", "1028737", "rapidfinact.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:21", "100", "False", "None", "CobaltStrike,SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd", "0", "drb_ra" "2022-12-02 20:38:18", "1028720", "globalsteamclub.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:21", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2022-12-01 20:32:20", "1028501", "get-music-online.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:20", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2022-11-27 16:10:54", "1024554", "msndla.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:20", "100", "False", "None", "CobaltStrike,PONYNET", "0", "drb_ra" "2022-11-24 11:54:46", "1023854", "childhealthresources.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:44", "100", "False", "None", "AMAZON-02,CobaltStrike", "0", "drb_ra" "2022-11-24 11:50:52", "1023821", "360safeupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:20", "100", "False", "None", "CobaltStrike,Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2022-11-20 10:32:06", "1021044", "aksaholdings.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:22", "100", "False", "None", "Amazon.com Inc.,CobaltStrike", "0", "drb_ra" "2022-11-15 06:56:25", "1012628", "msisfx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:22", "100", "False", "https://twitter.com/malware_traffic/status/1592262598195646464", "CobaltStrike", "0", "abuse_ch" "2022-11-12 17:46:46", "1009773", "get-smartbuyer.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:22", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-11-10 11:51:33", "1000509", "qw.stakcl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:22", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-11-08 20:20:30", "991420", "sogouupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:20", "100", "False", "None", "CobaltStrike,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2022-11-07 20:10:29", "985010", "dnsupdatecheck.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:21", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2022-11-04 11:23:08", "973832", "ipulsecloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:25", "100", "False", "None", "CobaltStrike,FLYSERVERS-ENDCLIENTS", "0", "drb_ra" "2022-11-03 18:46:15", "967402", "glamspin360.com", "domain", "payload_delivery", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2026-06-30 06:03:09", "50", "False", "None", "BB05,BV1,iso,qakbot,qbot,quakbot,tr,zip", "0", "Cryptolaemus1" "2022-11-03 12:12:17", "964538", "zadiguser.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:25", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964540", "wasazokiwo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:33", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964541", "yuwajeni.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:27", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964542", "yavahiyil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:26", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964543", "rabihino.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:37", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964545", "nokevohoh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:38", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964546", "rawocav.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:38", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964548", "deyikurihe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:38", "50", "False", "", "None", "1", "_ik_" "2022-11-02 02:18:32", "957395", "hamzehkoumakli.com", "domain", "payload_delivery", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2026-06-30 06:03:07", "50", "False", "None", "BB05,BV1,iso,qakbot,qbot,quakbot,tr,zip", "0", "Cryptolaemus1" "2022-10-30 19:51:44", "952862", "freshuper.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:23", "100", "False", "None", "CobaltStrike,tzulo inc.", "0", "drb_ra" "2022-10-29 12:32:13", "952596", "reebons.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:23", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra" "2022-10-29 12:23:49", "952587", "gaswert.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:23", "100", "False", "None", "CobaltStrike,GLOBAL INTERNET SOLUTIONS LLC", "0", "drb_ra" "2022-10-29 11:54:42", "952582", "sajij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:23", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra" "2022-10-29 10:14:36", "952555", "asasyz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:22", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra" "2022-10-29 10:12:26", "952552", "agazud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:23", "100", "False", "None", "CobaltStrike,LLC Baxet", "0", "drb_ra" "2022-10-29 09:57:36", "952534", "tuuik.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:23", "100", "False", "None", "CobaltStrike,GLOBAL INTERNET SOLUTIONS LLC", "0", "drb_ra" "2022-10-29 09:56:46", "952528", "alfuhin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:24", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra" "2022-10-27 23:43:27", "950974", "amaladin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:22", "100", "False", "None", "CobaltStrike,HOSTKEY-USA", "0", "drb_ra" "2022-10-26 10:09:11", "949937", "aualadin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:22", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra" "2022-10-23 13:42:10", "916136", "bthserv.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:23", "100", "False", "None", "CobaltStrike,Internet Solutions & Innovations LTD.", "0", "drb_ra" "2022-10-23 13:37:35", "916115", "nuesro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:23", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra" "2022-10-23 13:36:50", "916100", "pasadonline.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:22", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-10-22 19:40:40", "915911", "worldsgates.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:24", "100", "False", "None", "CobaltStrike,LUCIDACLOUD LIMITED", "0", "drb_ra" "2022-10-22 19:39:30", "915908", "protramal.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:25", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra" "2022-10-22 01:11:02", "915846", "spltst.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:23", "100", "False", "None", "CobaltStrike,combahton GmbH", "0", "drb_ra" "2022-10-16 13:10:54", "891477", "cehocihit.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:34", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-PHX", "0", "drb_ra" "2022-10-16 12:38:04", "891461", "cloudmicro.pro", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "100", "False", "None", "CobaltStrike,PLI-AS", "0", "drb_ra" "2022-10-13 21:41:28", "887212", "keycloud.live", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:25", "100", "False", "None", "CobaltStrike,PARTNER-AS", "0", "drb_ra" "2022-10-13 21:13:41", "886703", "activeservers.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:37", "100", "False", "None", "Amati Foundation,CobaltStrike", "0", "drb_ra" "2022-10-13 21:12:51", "886693", "newyearbalance.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:24", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2022-10-13 21:02:36", "886516", "xamayojir.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:27", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-PHX", "0", "drb_ra" "2022-10-13 20:58:25", "886499", "xicefoga.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-WDC", "0", "drb_ra" "2022-10-13 19:51:56", "884091", "ams-prd-cob.nl", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:29", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-10-13 19:35:22", "883488", "tagujog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:27", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-PHX", "0", "drb_ra" "2022-10-13 19:32:23", "883412", "mysqlserver.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:36", "100", "False", "None", "CobaltStrike,ICME", "0", "drb_ra" "2022-10-13 19:23:44", "883142", "xuluxetas.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:27", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-NYC", "0", "drb_ra" "2022-10-12 17:16:11", "880419", "hadujaza.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:30", "100", "False", "https://www.trendmicro.com/en_us/research/22/j/black-basta-infiltrates-networks-via-qakbot-brute-ratel-and-coba.html", "CobaltStrike", "0", "abuse_ch" "2022-10-05 18:54:33", "871733", "softsupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:25", "100", "False", "https://twitter.com/1ZRR4H/status/1577718910652129280", "CobaltStrike", "0", "abuse_ch" "2022-10-05 18:54:33", "871734", "anushl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:25", "100", "False", "https://twitter.com/1ZRR4H/status/1577718910652129280", "CobaltStrike", "0", "abuse_ch" "2022-09-29 08:45:45", "858399", "anbush.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:28", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch" "2022-09-29 08:45:45", "858402", "get-topservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:26", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch" "2022-09-29 08:45:45", "858403", "msoftupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:25", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch" "2022-09-29 08:45:45", "858404", "pregabas.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:25", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch" "2022-09-22 11:26:18", "851096", "34.92.131.12:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:29", "100", "False", "None", "CobaltStrike,Google LLC", "0", "drb_ra" "2022-09-20 16:58:14", "850706", "87.246.7.38:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:30", "75", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch" "2022-09-20 16:57:02", "850701", "cloudmicro.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:28", "100", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch" "2022-09-20 16:57:02", "850702", "fregiyu.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:29", "100", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch" "2022-09-20 16:57:02", "850704", "microcloud.live", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:27", "100", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch" "2022-09-17 21:24:41", "850260", "154.22.117.31:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:30", "100", "False", "None", "CobaltStrike,Cogent Communications", "0", "drb_ra" "2022-09-14 22:07:14", "849761", "198.98.53.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:29", "100", "False", "None", "CobaltStrike,PONYNET", "0", "drb_ra" "2022-09-05 19:10:52", "847988", "globallookclub.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:50", "847986", "realfunsolutions.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:47", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:48", "847972", "www.service1app.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:44", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:48", "847975", "youronlinesports.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:45", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:48", "847976", "yourinfosolutions.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:45", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:48", "847978", "login.onemusic24.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:48", "847981", "zx.jacollans.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:45", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847942", "satorkar.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:37", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847943", "er.theinfoinc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847957", "realmacnow.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:42", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847958", "onemusicllc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:42", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847959", "ateliernow.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:42", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847960", "er.dropklant.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:41", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:46", "847929", "sprinthunter.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:46", "847930", "newstamagavk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:46", "847934", "www.onestepstar.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:36", "100", "False", "", "None", "0", "_ik_" "2022-09-01 06:45:17", "847124", "115.75.66.68:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:18", "75", "False", "https://bazaar.abuse.ch/sample/8f7649bc068b21404fe08229026859aaa468634963eca11cc64b661fa64a6880/", "asyncrat", "0", "abuse_ch" "2022-09-01 06:45:16", "847123", "115.75.66.68:6821", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:18", "75", "False", "https://bazaar.abuse.ch/sample/8f7649bc068b21404fe08229026859aaa468634963eca11cc64b661fa64a6880/", "asyncrat", "0", "abuse_ch" "2022-09-01 06:45:14", "847122", "115.75.66.68:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:18", "75", "False", "https://bazaar.abuse.ch/sample/8f7649bc068b21404fe08229026859aaa468634963eca11cc64b661fa64a6880/", "asyncrat", "0", "abuse_ch" "2022-09-01 06:40:24", "847121", "115.75.66.68:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-30 12:43:18", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2022-08-31 18:29:19", "847028", "barabezo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:33", "100", "False", "https://bazaar.abuse.ch/sample/08ec3f13e8637a08dd763af6ccb46ff8516bc46efaacb1e5f052ada634a90c0e/", "CobaltStrike", "0", "abuse_ch" "2022-08-31 16:32:01", "847018", "alojun.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:31", "100", "False", "", "None", "0", "_ik_" "2022-08-31 16:32:01", "847019", "asdder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:32", "100", "False", "", "None", "0", "_ik_" "2022-08-31 16:32:01", "847020", "www.zominoz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:33", "100", "False", "", "None", "0", "_ik_" "2022-08-30 06:22:11", "846258", "jevomukif.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:37", "100", "False", "https://raw.githubusercontent.com/pan-unit42/tweets/master/2022-08-29-IOCs-for-Monster-Libra-TA551-IcedID-with-Cobalt-Stike.txt", "CobaltStrike", "0", "abuse_ch" "2022-08-20 06:53:07", "844214", "msdnupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:37", "100", "False", "", "CobaltStrike", "0", "abuse_ch" "2022-08-20 06:53:07", "844215", "msdupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:38", "100", "False", "", "CobaltStrike", "0", "abuse_ch" "2022-08-18 12:15:06", "843958", "caxoxc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:39", "100", "False", "", "CobaltStrike", "0", "abuse_ch" "2022-08-16 11:38:21", "843546", "47.108.180.121:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:53", "100", "False", "None", "CobaltStrike,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2022-08-11 06:03:19", "842464", "jahojahi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:33", "100", "False", "https://raw.githubusercontent.com/pan-unit42/tweets/master/2022-08-10-IOCs-for-IcedID-and-Cobalt-Strike.txt", "CobaltStrike", "0", "abuse_ch" "2022-08-06 07:00:06", "841613", "zambeziz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "100", "False", "", "CobaltSrike", "0", "abuse_ch" "2022-07-27 08:49:04", "839793", "zuyonijobo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:40", "100", "False", "https://isc.sans.edu/diary/28884", "Cobalt Strike", "0", "abuse_ch" "2022-07-06 05:36:04", "802793", "digerm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:43", "100", "False", "", "None", "0", "abuse_ch" "2022-07-05 05:12:06", "796822", "chitozx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:43", "100", "False", "", "None", "0", "abuse_ch" "2022-07-02 13:06:49", "750750", "42.192.21.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:30", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2022-06-28 08:57:21", "730561", "18.117.254.165:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:55", "100", "False", "None", "Amazon.com Inc.,CobaltStrike", "0", "drb_ra" "2022-06-26 10:56:33", "729038", "blinkinuf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:43", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-26 10:56:32", "729037", "malrok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:44", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 17:11:58", "720823", "trumpiko.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:45", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 17:11:58", "720824", "freygor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:44", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 17:11:58", "720826", "sinjoan.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:47", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 17:11:58", "720827", "afluix.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:47", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:20", "720273", "www.edge-chrome.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:06", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:20", "720276", "www.hellomrsone.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:20", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:19", "720260", "we.topsmartservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:49", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:19", "720263", "wpsserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:51", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:18", "720248", "thedaily-news.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:48", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:17", "720239", "sevenhungredbucks.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:17", "720241", "snccoupr-int.cf", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:45", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:17", "720247", "telembank.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:06", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:16", "720230", "ppew.au", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:03", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:16", "720231", "pretunz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:48", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:16", "720236", "rss.top-business-blog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:49", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:16", "720237", "scarfaceserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:47", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:15", "720226", "outlet-studio.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:47", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:14", "720208", "js.msedgeupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:55", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720198", "harborfreight.delivery", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:18", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720201", "hityok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:49", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720203", "jiguz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:47", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720204", "jijuanjo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720206", "jqueryupdatenow.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:48", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720207", "jqueryupneed.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:48", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:12", "720188", "fifacud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:12", "720189", "filaspo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:49", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:12", "720193", "gasienda.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:50", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:11", "720185", "dreamkoks.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:45", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:10", "720176", "democrazzy.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:36", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:31", "720156", "cloud.sovarermscloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:50", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:28", "720136", "backupcreds.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:51", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:28", "720140", "biohazzzard.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:49", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:28", "720141", "bksfinance.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:08", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:28", "720143", "boronab.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:47", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:27", "720132", "araizx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:45", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:27", "720133", "arminext.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:49", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:47:03", "720058", "121.41.101.90:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 12:46:45", "75", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-22 18:35:13", "719898", "aginij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:46", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-05-19 18:01:58", "606362", "criobob.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:50", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1" "2022-05-19 18:01:58", "606363", "prozakx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:50", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1" "2022-05-19 18:01:58", "606364", "terroklo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:50", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1" "2022-05-19 18:01:57", "606360", "microdozz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:50", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1" "2022-05-10 18:53:07", "549372", "us189-hpgsgae5dva9fzch.z01.azurefd.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:00", "75", "False", "None", "cobaltstrike,threatview.io", "0", "Malwar3Ninja" "2022-05-08 16:20:03", "548951", "artidomain.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:53", "100", "False", "https://twitter.com/ian_kenefick/status/1523288477559062529", "Cobalt Strike", "0", "abuse_ch" "2022-04-30 19:45:18", "544836", "116.62.185.223:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:54", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" "2022-04-29 19:30:18", "540702", "165.227.180.6:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:59", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-04-25 12:31:07", "532916", "120.26.240.21:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:04", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" "2022-04-23 16:42:50", "530098", "193.29.13.216:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:06", "100", "False", "None", "***************************************,CobaltStrike", "0", "drb_ra" "2022-04-21 16:54:57", "523516", "45.8.158.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:54", "100", "False", "None", "ASBAXETN,CobaltStrike", "0", "drb_ra" "2022-04-19 13:44:33", "521565", "115.29.171.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:04", "100", "False", "None", "CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" "2022-04-18 18:01:52", "521083", "84.32.188.190:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:53", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-04-15 22:57:51", "520317", "137.184.42.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:00", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-04-14 16:59:25", "519914", "84.32.188.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:55", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-04-14 10:30:57", "519792", "furfen.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:52", "100", "False", "None", "BumbleBee,Cobalt Strike", "0", "abuse_ch" "2022-04-13 16:57:52", "519116", "175.41.21.29:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:58", "100", "False", "None", "CobaltStrike,XLC-AS-AP XLC GLOBAL", "0", "drb_ra" "2022-04-12 16:50:58", "518853", "175.41.16.98:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:05", "100", "False", "None", "CobaltStrike,XLC-AS-AP XLC GLOBAL", "0", "drb_ra" "2022-04-10 17:05:31", "518404", "138.68.110.227:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:59", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-04-06 22:59:35", "516676", "13.55.118.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:55", "100", "False", "None", "AMAZON-02,CobaltStrike", "0", "drb_ra" "2022-04-05 22:55:20", "493695", "185.186.143.111:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:54", "100", "False", "None", "ASKONTEL,CobaltStrike", "0", "drb_ra" "2022-04-05 16:53:16", "492845", "194.37.97.153:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:21", "100", "False", "None", "CobaltStrike,M247 Ltd", "0", "drb_ra" "2022-03-30 09:51:36", "466600", "blopik.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:08", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-29 08:36:59", "461231", "borizhog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:09", "100", "False", "None", "None", "0", "stoerchl" "2022-03-24 22:55:12", "448027", "37.72.172.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:56", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra" "2022-03-24 10:56:07", "446029", "1.14.76.111:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:59", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2022-03-23 20:44:05", "443786", "139.60.160.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:56", "100", "False", "None", "CobaltStrike,HOSTKEY-USA", "0", "drb_ra" "2022-03-23 16:44:21", "443190", "apeduze.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:52", "100", "False", "None", "None", "0", "stoerchl" "2022-03-22 10:51:28", "438442", "drimzis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:12", "100", "False", "None", "None", "0", "stoerchl" "2022-03-22 10:51:28", "438443", "blinkij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:07", "100", "False", "None", "None", "0", "stoerchl" "2022-03-17 22:47:07", "398650", "152.136.178.142:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:05", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2022-03-17 12:19:46", "396104", "dunclikf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:15", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-10 15:29:52", "393426", "sifgu.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:07", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:52", "393427", "gfsert.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:08", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:52", "393429", "shizij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:14", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:52", "393430", "zxerm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:14", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:52", "393431", "korunder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:15", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:51", "393424", "chesft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:13", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:51", "393425", "uktyl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:07", "100", "False", "None", "None", "0", "stoerchl" "2022-03-09 17:18:35", "393312", "defenr.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:13", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-09 17:18:35", "393313", "fedij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:13", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-09 17:18:35", "393314", "kejimn.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:13", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-09 17:18:34", "393311", "brikeb.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:12", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-08 17:09:32", "393046", "kapuleti.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:13", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-06 16:43:33", "392705", "45.12.1.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:03", "100", "False", "None", "CobaltStrike,YURTEH-AS", "0", "drb_ra" "2022-03-05 16:45:53", "392630", "45.12.1.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:54", "100", "False", "None", "CobaltStrike,YURTEH-AS", "0", "drb_ra" "2022-03-05 16:43:28", "392595", "45.12.1.26:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:54", "100", "False", "None", "CLOUDNETWORKS-AS,CobaltStrike", "0", "drb_ra" "2022-03-01 07:06:28", "391528", "defegh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:14", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-01 07:06:28", "391530", "klycnmik.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:14", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-01 07:06:28", "391531", "ngrety.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:14", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-02-27 06:03:58", "391111", "lifegothistory.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:15", "100", "False", "https://twitter.com/1ZRR4H/status/1497771037718724612", "Cobalt Strike", "0", "abuse_ch" "2022-02-22 16:44:41", "390123", "192.241.133.130:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:11", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-22 16:42:29", "390104", "159.65.246.188:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:11", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:58:18", "389873", "68.183.200.63:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:10", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:57:13", "389866", "138.68.227.71:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:10", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:56:32", "389865", "165.227.219.211:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:10", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:55:44", "389864", "165.232.154.73:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:10", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:54:53", "389861", "143.198.110.248:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:09", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:54:15", "389860", "178.128.171.206:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:11", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:53:10", "389853", "165.227.23.218:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:09", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:52:19", "389850", "161.35.137.163:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:10", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:51:26", "389847", "64.227.0.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:11", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-20 16:42:59", "389656", "45.55.36.143:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:10", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-09 22:36:37", "384626", "168.61.180.98:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:21", "100", "False", "None", "CobaltStrike,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra" "2022-02-01 10:45:03", "373668", "bornometa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:16", "100", "False", "https://twitter.com/1ZRR4H/status/1488311508652204037", "Cobalt Strike", "0", "abuse_ch" "2022-02-01 10:45:03", "373671", "jenevabaiden.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:22", "100", "False", "https://twitter.com/1ZRR4H/status/1488311508652204037", "Cobalt Strike", "0", "abuse_ch" "2022-02-01 10:45:03", "373673", "sbronm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:16", "100", "False", "https://twitter.com/1ZRR4H/status/1488311508652204037", "Cobalt Strike", "0", "abuse_ch" "2022-01-29 22:33:30", "362296", "101.34.182.130:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:05", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2022-01-25 22:30:16", "332687", "192.227.155.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:56", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike", "0", "drb_ra" "2022-01-25 22:29:00", "332653", "146.70.29.233:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:57", "100", "False", "None", "CobaltStrike,M247", "0", "drb_ra" "2022-01-22 22:25:42", "313943", "107.172.219.129:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:57", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike", "0", "drb_ra" "2022-01-18 22:32:52", "299262", "193.201.9.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:21", "100", "False", "None", "CobaltStrike,SELECTEL", "0", "drb_ra" "2022-01-18 13:51:16", "298501", "citrixseruritys.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:19", "100", "False", "https://twitter.com/MichalKoczwara/status/1483137082465865729", "Cobalt Strike", "0", "abuse_ch" "2022-01-18 13:51:16", "298505", "milanvar.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:22", "100", "False", "https://twitter.com/MichalKoczwara/status/1483137082465865729", "Cobalt Strike", "0", "abuse_ch" "2022-01-15 22:26:20", "295525", "23.227.198.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:20", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra" "2022-01-15 10:32:22", "295436", "217.79.243.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:20", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra" "2022-01-14 22:28:25", "295353", "149.255.35.131:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:21", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra" "2022-01-13 22:28:33", "294999", "81.68.225.136:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:56", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2022-01-10 16:24:49", "292303", "39.98.48.153:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:00:17", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" "2022-01-07 10:30:52", "291740", "39.104.25.164:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:00", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" "2021-12-16 10:42:30", "276593", "77.83.36.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:04", "100", "False", "None", "CobaltStrike,ISI-ASN", "0", "drb_ra" "2021-12-13 10:06:28", "275144", "101.32.204.81:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:04", "100", "False", "None", "CobaltStrike,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2021-11-22 16:01:01", "252110", "62.113.255.12:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:59", "100", "False", "None", "CobaltStrike,TTM", "0", "drb_ra" "2021-11-04 17:48:48", "242948", "107.173.89.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:00", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike", "0", "drb_ra" "2021-10-31 17:43:37", "240983", "104.128.92.144:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:21", "100", "False", "None", "CobaltStrike,IT7NET", "0", "drb_ra" "2021-10-27 09:58:20", "238207", "fivepointschiro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:16", "100", "False", "https://twitter.com/mojoesec/status/1453040284686770185", "CobaltStrike", "0", "abuse_ch" "2021-10-22 12:07:15", "236436", "111.230.196.200:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:00", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2021-10-13 17:43:22", "233476", "23.224.152.139:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:57", "100", "False", "None", "CNSERVERS,CobaltStrike", "0", "drb_ra" "2021-10-11 23:27:10", "232821", "139.198.183.44:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:01:59", "100", "False", "None", "CobaltStrike,YUNIFY-NET Yunify Technologies Inc.", "0", "drb_ra" "2021-10-09 23:36:53", "232263", "121.37.255.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:05", "100", "False", "None", "CobaltStrike,HWCSNET Huawei Cloud Service data center", "0", "drb_ra" "2021-09-18 17:39:24", "223357", "47.95.207.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-30 13:02:02", "100", "False", "None", "CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" # Number of entries: 4605