################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2026-05-18 13:06:28 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-05-18 13:06:28", "1815990", "jmaeciy3.signal-vault.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-18 13:06:20", "1815989", "nizy2y1o.signal-vault.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 13:01:59", "1815988", "vbytelot-mead-automation-form.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 13:02:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 12:44:11", "1815983", "porthot-irr-gation-menthub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 12:45:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 12:20:53", "1815981", "radiopin-botn-monitor-in-gengine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 12:22:05", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 12:05:52", "1815980", "203.91.74.177:6677", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/e18e9309db33273762be1d78f5bdd78fa6ea41dadf5f6eef8ece4c841ea76110/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-05-18 12:01:06", "1815979", "activitymeal.space", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-05-18 12:00:18", "1815975", "pcapshay-bute-gard-source.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 12:05:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 11:58:43", "1815974", "http://188.137.241.213/get.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "abuse_ch" "2026-05-18 11:54:58", "1815973", "sinkwash.space", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-05-18 11:54:01", "1815972", "158.94.208.120:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/e1f179df4b7c946e7161d61da71c136c2ddd203434f6cd926556894b48c712ea/", "None", "0", "abuse_ch" "2026-05-18 11:53:14", "1815971", "https://policiacivilmg.com/zto/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/e1f179df4b7c946e7161d61da71c136c2ddd203434f6cd926556894b48c712ea/", "None", "0", "abuse_ch" "2026-05-18 11:39:32", "1815969", "wilder-flow-work-lmsystem.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 11:41:21", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 11:31:36", "1815967", "kittenschalk.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-05-18 11:30:45", "1815966", "governmentyard.cfd", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-05-18 11:28:19", "1815874", "120.27.155.171:8443", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-18 11:28:19", "1815875", "68.64.176.34:5432", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-18 11:28:18", "1815940", "207.56.229.234:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 11:28:17", "1815941", "120.53.15.64:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 11:28:17", "1815949", "120.53.15.64:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 11:28:16", "1815951", "101.126.150.253:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 11:28:15", "1815950", "101.126.150.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 11:28:14", "1815952", "1.116.121.47:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 11:28:09", "1815943", "http://144.31.203.24/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-05-18 13:17:31", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-05-18 11:28:09", "1815947", "isellchildren.online", "domain", "payload_delivery", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "Mirai", "0", "burger" "2026-05-18 11:28:07", "1815942", "120.53.15.64:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 11:28:05", "1815876", "175.178.36.137:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 11:28:05", "1815913", "http://144.31.203.12/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-05-18 12:17:04", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-05-18 11:28:02", "1815925", "185.156.43.88:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "apt28-fancy-bear,cobalt-strike,erebus-wraith", "0", "Erebu" "2026-05-18 11:28:01", "1815873", "149.88.79.76:9999", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-18 11:28:00", "1815872", "156.225.22.61:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-18 11:27:59", "1815869", "https://marinaradom.cfd/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/marinaradom.cfd", "ClickFix", "0", "CarsonWilliams" "2026-05-18 11:27:58", "1815866", "http://144.31.158.255/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-05-18 11:16:53", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-05-18 11:27:10", "1815965", "distributiontheory.cfd", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-05-18 11:23:18", "1815964", "43.199.20.55:8880", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "", "RAT,ValleyRAt", "0", "abuse_ch" "2026-05-18 11:23:14", "1815963", "ttcxdljiue.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "", "RAT,ValleyRAT", "0", "abuse_ch" "2026-05-18 11:22:11", "1815962", "volcanopin.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-05-18 11:20:59", "1815961", "rosegrip.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-05-18 11:19:25", "1815960", "slashbob-distrib-plat-form.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 11:20:27", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 11:12:40", "1815959", "whistlebook.cfd", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-05-18 11:11:00", "1815958", "doorsoap.cfd", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-05-18 11:06:25", "1815956", "q41liphc.packet-vector.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-18 11:05:44", "1815955", "c5ylbfsw.packet-vector.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 11:05:40", "1815954", "packet-vector.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 11:05:45", "100", "False", "None", "18May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-18 10:59:03", "1815948", "zoneday-green-house-oper-center.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 11:02:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 10:46:24", "1815946", "62.234.22.228:51234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:13", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-18 10:38:38", "1815945", "ecosystemmanagementcore.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 10:38:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 10:17:35", "1815944", "containerizedplantnetwork.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 10:18:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 10:00:10", "1815939", "https://yan.chadasvendas.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-18 10:00:09", "1815937", "https://yan.4k-stream.site/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-18 10:00:09", "1815938", "yan.chadasvendas.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-18 10:00:08", "1815936", "yan.4k-stream.site", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-18 09:56:53", "1815935", "floraanalyticsengine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 09:58:11", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 09:45:32", "1815934", "93.82.27.251:8000", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:45:22", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-05-18 09:45:24", "1815932", "83.136.211.4:56001", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-18 09:45:24", "1815933", "83.136.211.4:56002", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-18 09:44:56", "1815930", "46.8.226.70:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:44:50", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-18 09:44:56", "1815931", "46.8.226.70:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:44:50", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-18 09:44:44", "1815928", "34.230.7.122:8082", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:44:38", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-18 09:44:44", "1815929", "35.161.127.198:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-05-18 12:44:39", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2026-05-18 09:43:30", "1815927", "163.181.46.56:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:43:27", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-18 09:36:28", "1815926", "meadowmonitoringplatform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 09:37:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 09:16:01", "1815923", "95.217.63.87:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:16:00", "1815914", "95.216.123.224:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:16:00", "1815915", "95.216.103.169:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:16:00", "1815916", "95.216.103.168:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:16:00", "1815917", "95.216.103.173:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:16:00", "1815918", "95.216.103.175:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:16:00", "1815919", "95.216.103.170:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:16:00", "1815920", "95.216.103.172:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:16:00", "1815921", "135.181.126.151:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:16:00", "1815922", "95.216.103.171:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:45", "1815912", "irrigationautomationhub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 09:16:47", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 09:15:37", "1815904", "pti.4k-stream.site", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:37", "1815905", "tra.4k-stream.site", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:37", "1815906", "pdf.4k-stream.site", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:37", "1815907", "pgo.hearchrisnow.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:37", "1815908", "pti.chadasvendas.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:37", "1815909", "tra.chadasvendas.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:37", "1815910", "pdf.chadasvendas.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:37", "1815911", "pgo.chadasvendas.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:17", "1815899", "https://95.216.103.170/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:17", "1815900", "https://95.216.103.172/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:17", "1815901", "https://135.181.126.151/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:17", "1815902", "https://95.216.103.171/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:17", "1815903", "https://95.217.63.87/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:16", "1815894", "https://95.216.123.224/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:16", "1815895", "https://95.216.103.169/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:16", "1815896", "https://95.216.103.168/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:16", "1815897", "https://95.216.103.173/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:16", "1815898", "https://95.216.103.175/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:15", "1815889", "https://pgo.hearchrisnow.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:15", "1815890", "https://pti.chadasvendas.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:15", "1815891", "https://tra.chadasvendas.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:15", "1815892", "https://pdf.chadasvendas.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:15", "1815893", "https://pgo.chadasvendas.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:14", "1815884", "https://steamcommunity.com/profiles/76561198703616215", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:14", "1815885", "https://telegram.me/jr00ve", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:14", "1815886", "https://pti.4k-stream.site/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:14", "1815887", "https://tra.4k-stream.site/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:15:14", "1815888", "https://pdf.4k-stream.site/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-18 09:06:31", "1815883", "4q3wy64m.runtime-sphere.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 09:06:25", "1815882", "c2rdcpuv.runtime-sphere.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-18 09:06:12", "1815881", "runtime-sphere.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 09:06:14", "100", "False", "None", "18May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-18 09:00:55", "1815880", "https://cra.chadasvendas.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-18 09:00:54", "1815877", "cra.4k-stream.site", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-18 09:00:54", "1815878", "https://cra.4k-stream.site/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-18 09:00:54", "1815879", "cra.chadasvendas.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-18 08:55:36", "1815871", "botanicalworkflowcenter.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 08:56:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 08:35:07", "1815870", "distributedgrowthnetwork.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 08:36:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 08:17:52", "1815868", "89.117.19.226:8443", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/767974490348bf90c69d4c0d98ced96890b7262bcd9d7045b1cb78550b5cd423/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2026-05-18 08:17:26", "1815867", "crimesupport.cfd", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-05-18 08:14:22", "1815865", "wildfloracontrolsystem.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 08:20:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 08:09:23", "1815861", "217.60.241.17:421", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-05-18 08:09:23", "1815862", "217.60.241.17:430", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-05-18 08:09:23", "1815863", "83.142.209.228:421", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-05-18 08:09:23", "1815864", "83.142.209.228:430", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-05-18 08:06:21", "1815860", "mythicsu.biz", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch" "2026-05-18 08:03:11", "1815849", "http://45.153.34.212:8181/.rupemnasa/.system3d", "url", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "90", "False", "None", "docker-exploit,monero,romanian-operator,xmrig", "0", "nullblue67" "2026-05-18 08:03:10", "1815850", "http://45.153.34.212:8181/.rupemnasa/.config4.json", "url", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "90", "False", "None", "docker-exploit,monero,romanian-operator,xmrig", "0", "nullblue67" "2026-05-18 08:03:10", "1815851", "http://45.153.34.212:8181/muiecoaieaarch", "url", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "90", "False", "None", "docker-exploit,monero,romanian-operator,xmrig", "0", "nullblue67" "2026-05-18 08:03:09", "1815852", "http://45.153.34.212/fakewhiteblack.sh", "url", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "90", "False", "None", "docker-exploit,monero,romanian-operator,xmrig", "0", "nullblue67" "2026-05-18 08:03:08", "1815853", "45.153.34.212:3333", "ip:port", "botnet_cc", "elf.xmrig", "None", "XMRIG", "", "100", "False", "None", "mining-proxy,romanian-operator,xmrig", "0", "nullblue67" "2026-05-18 08:03:08", "1815854", "64.89.163.174:3333", "ip:port", "botnet_cc", "elf.xmrig", "None", "XMRIG", "", "100", "False", "None", "mining-proxy,romanian-operator,xmrig", "0", "nullblue67" "2026-05-18 08:03:08", "1815855", "156.248.73.66:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-18 08:03:07", "1815856", "156.248.73.115:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-18 08:03:07", "1815857", "156.238.249.187:9897", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-18 08:03:06", "1815858", "114.132.199.206:18084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-18 08:03:06", "1815859", "https://bulletpop.cyou/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/bulletpop.cyou", "ClickFix", "0", "CarsonWilliams" "2026-05-18 07:54:26", "1815848", "petalprocessingplatform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 07:55:18", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 07:50:28", "1815844", "43.156.36.214:22", "ip:port", "payload_delivery", "elf.perlbot", "ShellBot,DDoS Perl IrcBot", "PerlBot", "", "80", "False", "None", "outlaw,perlbot,propagation-node,ssh-bruteforcer", "0", "nullblue67" "2026-05-18 07:50:28", "1815845", "43.173.91.132:22", "ip:port", "payload_delivery", "elf.perlbot", "ShellBot,DDoS Perl IrcBot", "PerlBot", "", "80", "False", "None", "outlaw,perlbot,propagation-node,ssh-bruteforcer", "0", "nullblue67" "2026-05-18 07:50:27", "1815846", "43.153.36.218:22", "ip:port", "payload_delivery", "elf.perlbot", "ShellBot,DDoS Perl IrcBot", "PerlBot", "", "80", "False", "None", "outlaw,perlbot,propagation-node,ssh-bruteforcer", "0", "nullblue67" "2026-05-18 07:50:27", "1815847", "122.165.124.15:22", "ip:port", "payload_delivery", "elf.perlbot", "ShellBot,DDoS Perl IrcBot", "PerlBot", "", "80", "False", "None", "outlaw,perlbot,propagation-node,ssh-bruteforcer", "0", "nullblue67" "2026-05-18 07:48:42", "1815842", "167.88.167.9:8356", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "", "None", "0", "abuse_ch" "2026-05-18 07:48:42", "1815843", "167.88.167.9:8000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "", "None", "0", "abuse_ch" "2026-05-18 07:37:35", "1815841", "breathdoctor.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-05-18 07:34:05", "1815840", "176.65.139.43:6667", "ip:port", "botnet_cc", "elf.perlbot", "ShellBot,DDoS Perl IrcBot", "PerlBot", "", "100", "False", "None", "irc-c2,perlbot,shellbot", "0", "nullblue67" "2026-05-18 07:33:51", "1815795", "81.68.216.220:8000", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-18 07:33:50", "1815799", "91.92.243.223:8080", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "True", "None", "dcrat", "1", "_ik_" "2026-05-18 07:33:50", "1815800", "91.92.243.63:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "True", "None", "dcrat", "1", "_ik_" "2026-05-18 07:33:50", "1815807", "91.92.243.63:1000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-18 07:33:50", "1815810", "167.172.40.69:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-18 12:53:47", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-18 07:33:49", "1815811", "164.90.197.155:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-18 12:53:35", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-18 07:33:49", "1815818", "47.236.91.172:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:49", "1815819", "35.202.235.112:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-18 07:33:48", "1815820", "41.216.188.157:3741", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "True", "None", "quasarrat", "1", "_ik_" "2026-05-18 07:33:48", "1815838", "https://topnews.eu.cc/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/topnews.eu.cc", "ClickFix", "0", "CarsonWilliams" "2026-05-18 07:33:46", "1815791", "yellowtag.shop", "domain", "cc_skimming", "js.magecart", "None", "magecart", "", "100", "False", "", "magecart", "0", "WDJH" "2026-05-18 07:33:46", "1815792", "kopet.pics", "domain", "cc_skimming", "js.magecart", "None", "magecart", "", "100", "False", "", "magecart", "0", "WDJH" "2026-05-18 07:33:46", "1815794", "155.138.147.166:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:45", "1815778", "185.193.153.57:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "apt41-barium,cobalt-strike,erebus-wraith", "1", "Erebu" "2026-05-18 07:33:44", "1815780", "138.201.90.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "apt28-fancy-bear,cobalt-strike,erebus-wraith", "1", "Erebu" "2026-05-18 07:33:44", "1815781", "155.138.147.166:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:44", "1815782", "155.138.147.166:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:43", "1815783", "185.193.17.158:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "False", "None", "cobalt-strike,erebus-wraith", "0", "Erebu" "2026-05-18 07:33:40", "1815779", "185.89.79.154:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "False", "None", "cobalt-strike,erebus-wraith", "1", "Erebu" "2026-05-18 07:33:39", "1815774", "107.173.186.7:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:39", "1815775", "107.173.186.7:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:38", "1815771", "194.58.92.122:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "apt28-fancy-bear,erebus-wraith,metasploit", "1", "Erebu" "2026-05-18 07:33:37", "1815772", "107.173.186.7:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:37", "1815773", "194.163.154.86:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "True", "None", "havoc", "1", "_ik_" "2026-05-18 07:33:36", "1815765", "124.220.36.247:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:36", "1815766", "165.154.236.119:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "True", "None", "supershell", "1", "_ik_" "2026-05-18 07:33:35", "1815764", "124.220.36.247:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:34", "1815757", "124.220.36.247:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:34", "1815758", "178.154.254.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "False", "None", "cobalt-strike", "1", "Erebu" "2026-05-18 07:33:34", "1815760", "185.89.78.223:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "cobalt-strike", "1", "Erebu" "2026-05-18 07:33:33", "1815754", "124.220.6.158:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:33", "1815755", "123.57.208.37:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:33", "1815756", "123.57.208.37:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:32", "1815747", "113.31.115.231:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:32", "1815748", "cheapoca.biz", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "https://bazaar.abuse.ch/sample/48385492b6518cb2f3adcfd4a49c065ba960bdc617817068bd5faeb493d3f2db/", "c2,RemusStealer", "0", "burger" "2026-05-18 07:33:31", "1815745", "81.68.216.220:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:31", "1815746", "113.31.115.231:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:29", "1815740", "voltrix.pw", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "burger" "2026-05-18 07:33:29", "1815741", "bytearmor.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "burger" "2026-05-18 07:33:28", "1815737", "81.68.216.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:27", "1815735", "168.222.97.93:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:27", "1815736", "81.68.216.220:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:26", "1815733", "http://194.33.61.179/7dc11e58e9124f1183dc.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 13:03:35", "100", "False", "None", "c2,loader,StealC,stealer,VALIK", "0", "Bitsight" "2026-05-18 07:33:26", "1815734", "106.75.252.66:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:25", "1815729", "89.125.138.217:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-05-18 13:17:01", "100", "False", "None", "Aisuru,c2", "0", "Bitsight" "2026-05-18 07:33:25", "1815730", "103.146.30.121:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "apt28-fancy-bear,cobalt-strike", "0", "Erebu" "2026-05-18 07:33:25", "1815839", "greenhouseresourceengine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 07:34:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 07:33:23", "1815696", "185.234.157.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-18 07:33:23", "1815725", "175.178.36.137:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:22", "1815693", "106.75.252.66:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:22", "1815695", "172.252.232.23:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-18 07:33:20", "1815686", "https://linxiabeautyworks.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/linxiabeautyworks.com", "ClickFix", "0", "CarsonWilliams" "2026-05-18 07:33:20", "1815687", "https://www.womenincancer.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.womenincancer.com", "ClickFix", "0", "CarsonWilliams" "2026-05-18 07:33:19", "1815688", "https://worldrank.net/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/worldrank.net", "ClickFix", "0", "CarsonWilliams" "2026-05-18 07:33:19", "1815689", "https://www.euroequipment.co.th/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.euroequipment.co.th", "ClickFix", "0", "CarsonWilliams" "2026-05-18 07:33:19", "1815690", "https://www.beltboutique.co.uk/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.beltboutique.co.uk", "ClickFix", "0", "CarsonWilliams" "2026-05-18 07:33:18", "1815691", "https://www.angelphonerepair.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.angelphonerepair.com", "ClickFix", "0", "CarsonWilliams" "2026-05-18 07:33:17", "1815679", "81.172.90.197:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-18 07:33:16", "1815680", "172.216.54.73:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-18 07:33:16", "1815681", "172.216.116.64:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-18 07:33:15", "1815682", "192.200.220.100:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-18 07:33:15", "1815683", "interium.wtf", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://www.virustotal.com/gui/domain/interium.wtf/relations", "c2", "0", "burger" "2026-05-18 07:33:15", "1815684", "dl.interium.wtf", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://www.virustotal.com/gui/domain/dl.interium.wtf/relations", "None", "0", "burger" "2026-05-18 07:33:14", "1815677", "106.75.252.66:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-18 07:33:13", "1815671", "164.90.205.39:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-18 06:29:34", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-18 07:33:13", "1815672", "crackedsoftware.doxbin.cy", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://app.any.run/tasks/30a24379-91e4-4da9-8520-cf5cc0d04c2b", "ClickFix", "0", "burger" "2026-05-18 07:33:12", "1815670", "174.138.12.239:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-18 06:29:22", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-18 07:28:18", "1815837", "47.98.107.233:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-18 07:27:33", "1815836", "45.12.111.44:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/dc589cc0f26b91eabacaeeb7dce636a708640fe560956f68ad4724775d85b8c8/", "ConnectWise,RMM,ScreenConnect", "0", "abuse_ch" "2026-05-18 07:26:54", "1815835", "203.195.157.138:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:38", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-18 07:26:39", "1815834", "182.92.115.48:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:27:35", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-18 07:26:33", "1815833", "130.94.14.186:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:36", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-18 07:26:30", "1815832", "172.86.76.154:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:54", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-18 07:22:44", "1815831", "seosemmitos.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-05-18 07:14:00", "1815830", "70da09d825ce21f1dd43e9f3654e087ccb6cedc6a659ee6f378c41aeb81ea5d8", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClickFix,fake-plugin,WordPress", "1", "m_govcert_ch" "2026-05-18 07:13:30", "1815829", "primordial-soup-evolution.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 07:13:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 07:06:10", "1815828", "westpostva.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClickFix,compromised,fake-plugin,WordPress", "1", "m_govcert_ch" "2026-05-18 07:06:08", "1815827", "evamotion.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClickFix,compromised,fake-plugin,WordPress", "1", "m_govcert_ch" "2026-05-18 07:06:06", "1815825", "activityof.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "None", "ClickFix,MSI,msiexec", "1", "m_govcert_ch" "2026-05-18 07:06:04", "1815824", "https://activityof.com/datei", "url", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "None", "ClickFix,MSI,msiexec", "1", "m_govcert_ch" "2026-05-18 07:05:29", "1815823", "rluvz62i.observability-matrix.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 07:05:22", "1815822", "k9h20m23.observability-matrix.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-18 07:04:55", "1815821", "observability-matrix.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 07:05:00", "100", "False", "None", "18May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-18 06:52:16", "1815817", "subdermal-biometric-chip.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 06:52:45", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 06:45:43", "1815816", "marinaradom.cfd", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch" "2026-05-18 06:45:41", "1815815", "spartanec.lat", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch" "2026-05-18 06:45:40", "1815814", "bulletpop.cyou", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch" "2026-05-18 06:43:02", "1815813", "ssns-cdn-ns.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch" "2026-05-18 06:43:00", "1815812", "mistraljs.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch" "2026-05-18 06:31:38", "1815809", "renaissance-fresco-restoration.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 06:32:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 06:11:12", "1815808", "stratospheric-weather-balloon.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 06:11:44", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 05:50:14", "1815806", "holographic-projection-grid.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 05:55:39", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 05:30:10", "1815805", "deep-sea-hydrothermal-vent.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 05:30:28", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-18 05:09:14", "1815804", "gothic-cathedral-blueprint.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 05:10:16", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 05:05:49", "1815803", "wlede4d3.network-harbor.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-18 05:05:04", "1815802", "vbvfs28b.network-harbor.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 05:04:54", "1815801", "network-harbor.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 05:04:57", "100", "False", "None", "18May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-18 04:48:52", "1815798", "magnetic-levitation-train.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 04:49:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 04:28:10", "1815797", "cybernetic-prosthetic-lab.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 04:29:15", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 04:08:03", "1815796", "subfossil-oak-chronology.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 04:08:28", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 03:47:07", "1815793", "crispy-chicken-cutlets.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 03:47:47", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 03:27:06", "1815790", "orbital-docking-module.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 03:27:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 03:06:08", "1815788", "bada-bing-sopranos-lounge.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 03:06:57", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 03:05:02", "1815787", "2u5vvnoh.microservice-pulse.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-18 03:04:38", "1815786", "vla2h0e7.microservice-pulse.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 02:46:07", "1815785", "audio-attenuator-schematic.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 02:46:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-18 02:25:07", "1815784", "sicilian-defense-theory.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 02:26:09", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-18 01:03:39", "1815777", "0q9bvoqh.telemetry-vault.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-18 01:03:32", "1815776", "yjs4ih2y.telemetry-vault.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 01:04:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 23:12:04", "1815770", "ecosystemprocessingcenter.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 23:13:42", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 23:03:55", "1815769", "83j6hfza.runtime-forge.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 23:03:03", "1815768", "1qe4ncxx.runtime-forge.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 23:02:38", "1815767", "runtime-forge.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 23:02:42", "100", "False", "None", "17May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-17 22:51:32", "1815763", "containerizedgardenmesh.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 22:52:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 22:45:31", "1815762", "119.29.112.239:8005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:45", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-17 22:31:11", "1815761", "floraobservabilitysystem.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 22:31:44", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 22:10:35", "1815759", "meadowautomationplatform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 22:11:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 21:50:04", "1815753", "irrigationmanagementhub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 21:51:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 21:30:01", "1815752", "botanicalmonitoringengine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 02:05:15", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-17 21:09:11", "1815751", "distributedgardenresource.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 01:45:11", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 21:02:52", "1815750", "tiv2dcd7.cloud-sphere.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 21:02:47", "1815749", "cloud-sphere.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 21:02:52", "100", "False", "None", "17May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-17 20:55:44", "1815744", "tehpafro.script-horizon.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 20:54:48", "1815743", "hwucwxid.script-horizon.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 20:55:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 20:48:57", "1815742", "wildfloraworkflowsystem.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 01:28:44", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 20:28:02", "1815739", "petaldistributionplatform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 01:08:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 20:07:44", "1815738", "greenhouseoperationscenter.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 00:43:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 19:47:27", "1815732", "infra-blue-high-print.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 00:27:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 19:43:19", "1815731", "144.172.65.245:5656", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:19", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-17 19:07:26", "1815728", "serverless-mesh-core-yet-go.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-18 00:02:20", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 18:55:45", "1815724", "xyv1jupy.container-vector.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 18:55:00", "1815723", "hdba7cl2.container-vector.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 18:50:49", "1815718", "https://merkureEnv.net/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:50:49", "1815719", "https://sorrystartstat1.net/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:50:49", "1815720", "https://maxStatesUS.ORG/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:50:49", "1815721", "https://ostekStatmen.net/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:50:49", "1815722", "https://masterklass.net/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:50:48", "1815713", "https://infoworkerOne.com/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:50:48", "1815714", "https://infoworkerOne.org/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:50:48", "1815715", "https://jobworkNY.com/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:50:48", "1815716", "https://mstopsai.com/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:50:48", "1815717", "https://monstersStat.com/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:50:47", "1815711", "https://globalSstat.com/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:50:47", "1815712", "https://globalSstat.org/tracker.js", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815699", "globalSstat.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815700", "globalSstat.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815701", "infoworkerOne.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815702", "infoworkerOne.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815703", "jobworkNY.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815704", "mstopsai.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815705", "monstersStat.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815706", "merkureEnv.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815707", "sorrystartstat1.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815708", "maxStatesUS.ORG", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815709", "ostekStatmen.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:47:17", "1815710", "masterklass.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "None", "1", "ttakvam" "2026-05-17 18:46:43", "1815698", "kitdocs-openlow-observe-matrix.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 23:46:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 18:26:04", "1815697", "tophosts-todo-network-harbor.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 18:26:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 18:05:31", "1815694", "vaultask-micro-service-pulse.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 18:06:27", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 17:45:11", "1815692", "cleanlay-fet-telemetry-vault.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 17:49:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 17:24:29", "1815685", "clamprob-folder-runtime-forge.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 17:25:07", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 17:03:46", "1815678", "aimgrub2-cloud-sphere-get.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 17:04:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 16:55:44", "1815676", "jcdlhks8.node-pulse.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 16:54:00", "1815675", "ofx3xjbp.node-pulse.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 16:53:45", "1815674", "node-pulse.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 16:53:50", "100", "False", "None", "17May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-17 16:43:09", "1815673", "siteyet-script-horizon-go.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 16:44:32", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 16:23:10", "1815669", "open-low-container-vector.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 16:23:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 16:06:37", "1815665", "singaposta.world", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch" "2026-05-17 16:06:37", "1815666", "gayhardsystem.world", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch" "2026-05-17 16:06:37", "1815667", "ponzchq.shop", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch" "2026-05-17 16:06:37", "1815668", "coyahome.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch" "2026-05-17 16:02:03", "1815664", "cntainrs-folders-giped-green-hub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 16:02:43", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 16:01:32", "1815659", "58.215.122.13:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 16:01:31", "1815658", "59.173.55.109:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "apt41-barium,cobalt-strike,erebus-wraith", "0", "Erebu" "2026-05-17 16:01:29", "1815662", "1.117.61.9:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-17 16:01:27", "1815661", "206.119.3.253:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 16:01:26", "1815660", "206.119.3.251:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 16:01:24", "1815663", "1.117.61.9:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-17 15:53:34", "1815534", "206.119.0.242:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:33", "1815535", "206.119.0.239:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:32", "1815536", "206.119.0.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:31", "1815537", "206.119.0.237:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:30", "1815538", "206.119.0.231:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:29", "1815539", "206.119.0.226:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:28", "1815540", "206.119.7.236:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:27", "1815541", "206.119.7.233:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:26", "1815542", "206.119.7.243:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:25", "1815544", "80.83.29.44:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:11", "1815545", "206.119.7.245:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:10", "1815546", "206.119.7.239:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:10", "1815547", "206.119.7.247:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:09", "1815548", "206.119.7.250:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:08", "1815549", "206.119.7.252:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:08", "1815550", "206.119.1.242:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:07", "1815551", "207.56.229.234:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 10:00:19", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:06", "1815552", "194.233.100.40:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:05", "1815553", "68.183.190.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:04", "1815554", "103.238.225.156:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:02", "1815555", "85.239.54.130:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:53:00", "1815558", "206.119.5.251:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:59", "1815557", "u888az.dev", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "", "ClearFake,Windows", "1", "liawnhoem" "2026-05-17 15:52:57", "1815559", "167.160.188.166:58081", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:56", "1815560", "65.21.21.227:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-17 15:52:56", "1815561", "103.236.92.3:20000", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:54", "1815563", "47.91.124.11:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:52:53", "1815565", "51.222.47.161:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "80", "False", "None", "cobalt-strike,erebus-wraith,lazarus-group", "0", "Erebu" "2026-05-17 15:52:52", "1815566", "172.233.54.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:52:51", "1815567", "95.231.168.143:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:52:50", "1815568", "18.166.223.16:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 15:52:48", "1815573", "206.119.6.241:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:48", "1815574", "123.60.57.4:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:47", "1815575", "154.7.228.83:8443", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:46", "1815581", "172.233.49.36:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-17 12:13:05", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-17 15:52:45", "1815582", "172.233.49.54:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-17 12:12:53", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-17 15:52:43", "1815584", "124.222.99.37:54321", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:43", "1815585", "156.248.73.68:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:42", "1815586", "123.56.81.116:10000", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:41", "1815587", "122.51.21.103:3306", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:39", "1815588", "206.119.7.244:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:39", "1815594", "206.119.2.241:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:38", "1815595", "206.119.2.240:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:37", "1815596", "206.119.2.236:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:37", "1815599", "206.119.2.239:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:35", "1815600", "206.119.2.227:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:35", "1815601", "206.119.1.252:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:34", "1815602", "206.119.1.238:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:33", "1815608", "206.119.2.247:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:33", "1815609", "206.119.1.229:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:32", "1815610", "206.119.1.228:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:31", "1815611", "206.119.3.234:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:30", "1815612", "206.119.3.238:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:24", "1815613", "bugcnc.cw0.cc", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "https://bazaar.abuse.ch/sample/440b6d31160852093f33322a802bceb91a47cd7899a7d64f26e7bc9fee556fef/", "c2,mirai", "0", "burger" "2026-05-17 15:52:23", "1815615", "aandjequipmentrental.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:22", "1815616", "angelphonerepair.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:21", "1815617", "artmadasenegal.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:20", "1815618", "beltboutique.co.uk", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:20", "1815619", "boostpadel.se", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:19", "1815620", "deriveratreeservice.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:18", "1815621", "divinni.com.br", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:15", "1815622", "downholeinjection.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:14", "1815623", "euroequipment.co.th", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:13", "1815624", "foodturerebels.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:12", "1815625", "fotomedia.hr", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:11", "1815626", "gsmtax.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:11", "1815627", "istriamaestranza.cl", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:10", "1815628", "linxiabeautyworks.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:09", "1815629", "metaa.co.mz", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:09", "1815630", "semperfimovers.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:08", "1815631", "thegingamebroadway.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:08", "1815632", "womenincancer.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:07", "1815633", "worldrank.net", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-17 15:52:06", "1815634", "43.251.116.156:19658", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "https://bazaar.abuse.ch/sample/2a47fd8c5d0b12f0c0f949339d34bc02df683869137bd9dac491fc9010c30ec1/", "c2,mirai", "0", "burger" "2026-05-17 15:52:06", "1815635", "bigyahu.fans", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "https://bazaar.abuse.ch/sample/7468b94c51bb8fe69b3d50ff2d11a95229951ae4b7fda9d47152d30f92b0a0ce/", "c2,mirai", "0", "burger" "2026-05-17 15:52:05", "1815637", "179.43.139.83:443", "ip:port", "botnet_cc", "elf.perlbot", "ShellBot,DDoS Perl IrcBot", "PerlBot", "", "100", "False", "https://bazaar.abuse.ch/sample/e3177a205114b0645b340d5537feec0137b6d71cece0430f1c2453e826eb1777/", "irc-c2,outlaw,perlbot,shellbot", "0", "nullblue67" "2026-05-17 15:52:04", "1815638", "209.99.186.7:443", "ip:port", "botnet_cc", "elf.perlbot", "ShellBot,DDoS Perl IrcBot", "PerlBot", "", "100", "False", "https://bazaar.abuse.ch/sample/e3177a205114b0645b340d5537feec0137b6d71cece0430f1c2453e826eb1777/", "irc-c2,outlaw,perlbot,shellbot", "0", "nullblue67" "2026-05-17 15:52:04", "1815640", "179.43.139.83:80", "ip:port", "payload_delivery", "elf.perlbot", "ShellBot,DDoS Perl IrcBot", "PerlBot", "", "100", "False", "https://bazaar.abuse.ch/sample/c9d9583fb44131fe57df0c99c74e460973dd9c1f38ac57a7c3c8238be1e350eb/", "mining-pool,monero,outlaw,xmrig", "0", "nullblue67" "2026-05-17 15:52:03", "1815641", "179.43.139.85:442", "ip:port", "payload_delivery", "elf.perlbot", "ShellBot,DDoS Perl IrcBot", "PerlBot", "", "100", "False", "https://bazaar.abuse.ch/sample/c9d9583fb44131fe57df0c99c74e460973dd9c1f38ac57a7c3c8238be1e350eb/", "mining-pool,monero,outlaw,xmrig", "0", "nullblue67" "2026-05-17 15:52:02", "1815642", "179.43.180.84:80", "ip:port", "payload_delivery", "elf.perlbot", "ShellBot,DDoS Perl IrcBot", "PerlBot", "", "100", "False", "https://bazaar.abuse.ch/sample/c9d9583fb44131fe57df0c99c74e460973dd9c1f38ac57a7c3c8238be1e350eb/", "mining-pool,monero,outlaw,xmrig", "0", "nullblue67" "2026-05-17 15:52:01", "1815643", "206.119.3.250:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:52:00", "1815644", "206.119.3.254:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:51:59", "1815645", "206.119.4.229:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:51:58", "1815647", "172.233.53.89:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-17 15:22:35", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-17 15:51:57", "1815652", "206.119.4.233:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:51:56", "1815653", "206.119.4.245:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:51:55", "1815654", "206.119.4.253:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 15:41:37", "1815657", "flora-obsrvs-ability-todo.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 15:42:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 15:21:15", "1815656", "load-meadows-analytics-cntr.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 15:22:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 15:00:52", "1815655", "july-feded-plants-workflow.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 15:01:15", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 14:54:07", "1815651", "4j0v33ow.cyber-lattice.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 14:53:59", "1815650", "lx5yiqf8.cyber-lattice.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 14:53:24", "1815649", "cyber-lattice.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 14:53:29", "100", "False", "None", "17May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-17 14:40:28", "1815648", "it-irrigatn-cntrl-network-go.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 14:40:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 14:19:36", "1815646", "antbots-uni-resou-plats.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 14:20:29", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 13:59:15", "1815639", "get-shell-gard-frame-work.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 14:00:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 13:38:48", "1815636", "great-fauna-tcpipgay-go-system.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 13:39:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 13:18:11", "1815614", "docktan-flexo-avastpig-engine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 13:18:33", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-17 12:57:20", "1815607", "glow-hub-herboron-sixoauth-work.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 12:57:53", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 12:53:04", "1815606", "nwwwbkkv.network-horizon.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 12:52:52", "1815605", "23dcbt0c.network-horizon.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 12:53:03", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 12:37:20", "1815604", "container-folder-gized-greenhub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 12:37:36", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-17 12:17:05", "1815603", "flora-observe-ability-engine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 12:17:22", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 11:55:56", "1815598", "coad-meadow-analytics-center.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 11:56:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 11:35:27", "1815597", "june-fed-plant-workflow.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 11:37:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 10:54:58", "1815593", "bots-unical-resource-platform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 10:55:59", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 10:52:50", "1815592", "4getd0km.script-matrix.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 10:52:26", "1815591", "i4sw7fe8.script-matrix.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 10:34:06", "1815590", "shells-garden-framework.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 10:35:22", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 10:13:49", "1815589", "wild-flora-processing-go-system.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 10:14:04", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-17 09:52:59", "1815583", "got-flexl-distrib-engine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 09:53:57", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 09:43:36", "1815580", "178.16.53.46:7331", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:35", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-17 09:43:23", "1815579", "154.29.72.21:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:23", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-17 09:43:19", "1815578", "144.172.100.157:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:19", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-17 09:32:34", "1815577", "flow-hub-green-house-work.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 09:33:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 09:15:22", "1815576", "wildfloraprocessingsystem.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 09:15:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 08:54:34", "1815572", "petal-distribution-engine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 08:55:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 08:52:56", "1815571", "2b7f1jfa.cloud-forge.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 08:51:58", "1815570", "u9n82l2u.cloud-forge.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 08:51:54", "1815569", "cloud-forge.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 08:51:59", "100", "False", "None", "17May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-17 08:34:01", "1815564", "irrigation-control-network.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 11:16:10", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 08:13:39", "1815562", "greenhouseworkflowhub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 08:14:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 07:53:22", "1815556", "distributed-garden-framework.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 07:53:42", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-17 07:32:31", "1815543", "botanicalresourceplatform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 07:33:55", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 07:11:06", "1815528", "206.119.0.249:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 07:10:16", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 07:11:06", "1815529", "206.119.0.252:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 07:11:05", "1815530", "206.119.0.250:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 07:10:20", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 07:11:04", "1815531", "206.119.0.248:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 07:10:25", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 07:11:03", "1815533", "206.119.0.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 07:10:25", "1815532", "stayba.shop", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch" "2026-05-17 07:01:47", "1815526", "39.104.25.196:38664", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 07:01:45", "1815527", "206.119.6.250:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 07:00:21", "1815525", "65.21.21.227:5222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "True", "None", "asyncrat", "1", "_ik_" "2026-05-17 06:53:53", "1815220", "206.119.6.240:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:52", "1815221", "206.119.0.234:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:51", "1815222", "206.119.0.233:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:50", "1815223", "206.119.6.236:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:50", "1815224", "206.119.6.234:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:49", "1815230", "206.119.0.230:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:48", "1815231", "206.119.6.233:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:47", "1815232", "206.119.0.229:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:46", "1815233", "206.119.6.231:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:45", "1815234", "124.70.215.164:80", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:45", "1815238", "206.119.6.227:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:44", "1815239", "206.119.6.226:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:43", "1815240", "206.119.5.253:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:42", "1815250", "206.119.6.229:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:41", "1815251", "206.119.6.228:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:38", "1815252", "206.119.5.247:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:37", "1815253", "206.119.5.245:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:36", "1815261", "206.119.5.246:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:36", "1815262", "206.119.5.243:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:35", "1815263", "206.119.5.242:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:34", "1815264", "206.119.5.240:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:34", "1815265", "206.119.5.239:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:33", "1815272", "206.119.5.233:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:32", "1815273", "206.119.5.230:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:31", "1815277", "206.119.5.237:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:31", "1815278", "206.119.5.236:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:30", "1815279", "206.119.5.227:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:29", "1815280", "206.119.4.254:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:29", "1815291", "206.119.5.232:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:28", "1815292", "206.119.4.251:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:27", "1815293", "91.92.243.223:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "True", "None", "dcrat", "1", "_ik_" "2026-05-17 06:53:26", "1815294", "206.119.4.250:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:25", "1815298", "206.119.4.249:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:24", "1815299", "206.119.4.248:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:24", "1815300", "206.119.4.238:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:23", "1815301", "206.119.4.237:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:22", "1815313", "206.119.4.234:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:21", "1815314", "206.119.3.252:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:20", "1815315", "206.119.3.249:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:19", "1815327", "206.119.4.246:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:18", "1815328", "206.119.4.226:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:15", "1815329", "206.119.3.248:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:14", "1815330", "206.119.3.244:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:13", "1815331", "206.119.3.243:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:12", "1815342", "206.119.3.242:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:11", "1815343", "206.119.3.240:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:11", "1815344", "206.119.3.235:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:10", "1815373", "206.119.3.230:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:09", "1815374", "206.119.2.252:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:09", "1815375", "47.108.62.225:18081", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:08", "1815376", "206.119.7.253:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:06", "1815377", "206.119.7.251:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:53:06", "1815378", "trashmonkey.net", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "", "StrelaStealer", "0", "varysz" "2026-05-17 06:53:03", "1815379", "acb.im", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "75", "True", "", "StrelaStealer", "0", "varysz" "2026-05-17 06:53:02", "1815381", "asasys.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "75", "True", "", "StrelaStealer", "0", "varysz" "2026-05-17 06:53:01", "1815382", "iesoretania.es", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "75", "True", "", "StrelaStealer", "0", "varysz" "2026-05-17 06:53:01", "1815383", "nintendomaine.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "75", "True", "", "StrelaStealer", "0", "varysz" "2026-05-17 06:53:00", "1815384", "holanuevazelanda.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "75", "True", "", "StrelaStealer", "0", "varysz" "2026-05-17 06:52:59", "1815385", "w3p.co.in", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "75", "True", "", "StrelaStealer", "0", "varysz" "2026-05-17 06:52:58", "1815401", "206.119.6.232:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:57", "1815403", "206.119.5.254:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:56", "1815402", "206.119.6.230:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:55", "1815413", "206.119.7.229:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:54", "1815414", "206.119.6.245:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:52", "1815415", "206.119.4.252:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:51", "1815416", "206.119.4.227:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:51", "1815426", "206.119.3.246:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:50", "1815427", "206.119.2.250:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:48", "1815428", "206.119.2.245:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:48", "1815429", "206.119.2.238:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:47", "1815438", "206.119.2.226:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:46", "1815439", "206.119.0.235:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:45", "1815445", "206.119.2.235:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:45", "1815446", "206.119.0.254:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:44", "1815447", "106.75.252.66:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:41", "1815453", "206.119.5.234:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:41", "1815454", "39.105.163.147:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:38", "1815455", "23.94.133.100:8087", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:37", "1815456", "8.148.181.158:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:36", "1815457", "101.42.108.234:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 06:52:36", "1815461", "81.71.20.155:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-17 06:52:35", "1815462", "81.71.20.155:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-17 06:52:34", "1815463", "81.71.20.155:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-17 06:52:34", "1815464", "91.214.78.65:7888", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "True", "None", "dcrat", "1", "_ik_" "2026-05-17 06:52:33", "1815465", "91.214.78.65:4954", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "True", "None", "dcrat", "1", "_ik_" "2026-05-17 06:52:32", "1815503", "137.184.102.191:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:31", "1815504", "103.147.228.13:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:30", "1815505", "206.119.5.231:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:30", "1815506", "206.119.5.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:29", "1815507", "206.119.5.241:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:29", "1815508", "206.119.5.244:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:27", "1815509", "206.119.5.248:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:27", "1815510", "206.119.4.242:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:25", "1815511", "206.119.4.247:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:25", "1815512", "206.119.5.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:23", "1815513", "206.119.5.235:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:23", "1815514", "206.119.4.244:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:22", "1815515", "206.119.5.226:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:21", "1815516", "206.119.5.228:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:20", "1815517", "154.213.180.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:19", "1815518", "206.119.0.251:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu" "2026-05-17 06:52:06", "1815524", "forgotten-civilization-myth.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 06:57:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 06:51:55", "1815523", "5kcblo2z.logic-sphere.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 06:51:46", "1815522", "ba5ufc2h.logic-sphere.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 06:51:36", "1815521", "logic-sphere.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 06:51:41", "100", "False", "None", "17May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-17 06:31:40", "1815520", "perfect-lasagna-layer.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 06:32:24", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 06:11:20", "1815519", "glacial-ice-core-sample.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 06:11:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 05:52:53", "1815274", "https://sipapudemo.xyz/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/sipapudemo.xyz", "ClickFix", "0", "CarsonWilliams" "2026-05-17 05:52:51", "1815282", "85.239.144.221:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "whoamix302" "2026-05-17 05:52:49", "1815281", "145.82.184.123:2006", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "75", "False", "", "ExtRat,Xtreme RAT", "0", "whoamix302" "2026-05-17 05:52:48", "1815283", "64.89.160.41:443", "ip:port", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "", "75", "False", "", "ProxyBox,Socks5 Systemz", "0", "whoamix302" "2026-05-17 05:52:47", "1815284", "212.86.114.77:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "75", "False", "", "1xxbot,ArechClient,SectopRAT", "0", "whoamix302" "2026-05-17 05:52:46", "1815285", "45.76.86.194:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "75", "False", "", "1xxbot,ArechClient,SectopRAT", "0", "whoamix302" "2026-05-17 05:52:45", "1815286", "199.247.19.149:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "", "Remcos,RemcosRAT,Remvio,Socmer", "0", "whoamix302" "2026-05-17 05:52:43", "1815306", "45.148.10.144:21370", "ip:port", "botnet_cc", "elf.redtail", "None", "RedTail", "", "100", "False", "", "redtail,XMRig", "0", "botnetkiller" "2026-05-17 05:52:42", "1815307", "45.148.10.112:21370", "ip:port", "botnet_cc", "elf.redtail", "None", "RedTail", "", "100", "False", "", "redtail,XMRig", "0", "botnetkiller" "2026-05-17 05:52:41", "1815308", "45.148.10.208:21370", "ip:port", "botnet_cc", "elf.redtail", "None", "RedTail", "", "100", "False", "", "redtail,XMRig", "0", "botnetkiller" "2026-05-17 05:52:40", "1815309", "45.148.10.145:21370", "ip:port", "botnet_cc", "elf.redtail", "None", "RedTail", "", "100", "False", "", "redtail,XMRig", "0", "botnetkiller" "2026-05-17 05:52:39", "1815310", "45.148.10.113:21370", "ip:port", "botnet_cc", "elf.redtail", "None", "RedTail", "", "100", "False", "", "redtail,XMRig", "0", "botnetkiller" "2026-05-17 05:52:38", "1815311", "45.148.10.68:21370", "ip:port", "botnet_cc", "elf.redtail", "None", "RedTail", "", "100", "False", "", "redtail,XMRig", "0", "botnetkiller" "2026-05-17 05:52:36", "1815312", "5.196.162.4:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-16 16:08:15", "100", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:35", "1815316", "https://lebnannews.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/lebnannews.com", "ClickFix", "0", "CarsonWilliams" "2026-05-17 05:52:34", "1815318", "proxies.internetshadow.link", "domain", "botnet_cc", "elf.redtail", "None", "RedTail", "", "100", "False", "", "redtail", "0", "botnetkiller" "2026-05-17 05:52:33", "1815319", "proxies.internetshadow.org", "domain", "botnet_cc", "elf.redtail", "None", "RedTail", "", "100", "False", "", "redtail", "0", "botnetkiller" "2026-05-17 05:52:32", "1815321", "download.skibidibopbop.lol", "domain", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "100", "False", "", "CoinMiner", "0", "botnetkiller" "2026-05-17 05:52:32", "1815322", "download.stopbanningmydomains.ru", "domain", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "100", "False", "", "CoinMiner", "0", "botnetkiller" "2026-05-17 05:52:30", "1815323", "172.233.48.35:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-16 18:15:18", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-17 05:52:29", "1815324", "172.233.48.186:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-16 18:15:06", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-17 05:52:27", "1815332", "http://144.31.57.65/2a7400fe251b4b4687fe.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 13:16:04", "100", "False", "None", "c2,loader,os,StealC,stealer", "0", "Bitsight" "2026-05-17 05:52:26", "1815333", "144.91.74.47:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:25", "1815334", "146.190.163.32:443", "ip:port", "botnet_cc", "win.cobaltmirage_tunnel", "None", "CobaltMirage FRP", "", "90", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:24", "1815335", "144.172.112.67:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:22", "1815345", "206.119.3.233:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:52:22", "1815346", "206.119.3.231:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:52:21", "1815347", "31.57.184.82:443", "ip:port", "botnet_cc", "win.cobaltmirage_tunnel", "None", "CobaltMirage FRP", "", "95", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:20", "1815348", "193.169.194.51:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:19", "1815349", "23.27.143.170:443", "ip:port", "botnet_cc", "win.cobaltmirage_tunnel", "None", "CobaltMirage FRP", "", "90", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:19", "1815353", "206.119.3.226:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:52:18", "1815354", "206.119.2.254:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:52:17", "1815355", "88.216.208.91:2052", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:52:15", "1815356", "45.92.1.165:443", "ip:port", "botnet_cc", "win.cobaltmirage_tunnel", "None", "CobaltMirage FRP", "", "95", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:13", "1815357", "188.126.90.5:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "90", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:12", "1815358", "139.60.20.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:11", "1815359", "178.236.252.244:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:11", "1815360", "91.92.41.10:443", "ip:port", "botnet_cc", "win.cobaltmirage_tunnel", "None", "CobaltMirage FRP", "", "95", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:10", "1815361", "31.57.187.91:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "90", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:09", "1815362", "217.30.169.67:443", "ip:port", "botnet_cc", "win.cobaltmirage_tunnel", "None", "CobaltMirage FRP", "", "90", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:08", "1815363", "154.126.61.41:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "90", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:07", "1815365", "181.134.198.53:443", "ip:port", "botnet_cc", "win.cobaltmirage_tunnel", "None", "CobaltMirage FRP", "", "90", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:07", "1815371", "172.239.233.54:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-17 09:10:07", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-17 05:52:06", "1815372", "172.239.233.226:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-17 09:10:19", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-17 05:52:04", "1815387", "112.125.19.107:443", "ip:port", "botnet_cc", "win.cobaltmirage_tunnel", "None", "CobaltMirage FRP", "", "95", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:02", "1815388", "192.252.183.183:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:52:01", "1815389", "41.98.219.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "cobalt_strike", "0", "Erebu" "2026-05-17 05:51:59", "1815400", "boutiquebristol.ba", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "75", "True", "", "StrelaStealer", "0", "varysz" "2026-05-17 05:51:57", "1815406", "163.245.216.78:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "cobalt_strike,erebus-hunter", "0", "Erebu" "2026-05-17 05:51:56", "1815405", "4.235.114.15:443", "ip:port", "botnet_cc", "win.cobaltmirage_tunnel", "None", "CobaltMirage FRP", "", "95", "False", "None", "cobalt_strike,erebus-hunter", "0", "Erebu" "2026-05-17 05:51:53", "1815418", "dudadelira.monster", "domain", "payload_delivery", "win.lumar", "PovertyStealer", "Lumar", "", "100", "False", "", "ClickFix,fake-captcha,infostealer,powershell,stealer", "0", "elemi" "2026-05-17 05:51:52", "1815419", "opaqueshellsoftsmoke.click", "domain", "payload_delivery", "win.lumar", "PovertyStealer", "Lumar", "", "100", "False", "", "ClickFix,fake-captcha,infostealer,powershell,stealer", "0", "elemi" "2026-05-17 05:51:51", "1815420", "kyjpwnw.monster", "domain", "payload_delivery", "win.lumar", "PovertyStealer", "Lumar", "", "100", "False", "", "ClickFix,fake-captcha,infostealer,powershell,stealer", "0", "elemi" "2026-05-17 05:51:51", "1815421", "quietbinglowdrift.monster", "domain", "payload_delivery", "win.lumar", "PovertyStealer", "Lumar", "", "100", "False", "", "ClickFix,fake-captcha,infostealer,powershell,stealer", "0", "elemi" "2026-05-17 05:51:50", "1815422", "livespacenext.monster", "domain", "payload_delivery", "win.lumar", "PovertyStealer", "Lumar", "", "100", "False", "", "ClickFix,fake-captcha,infostealer,powershell,stealer", "0", "elemi" "2026-05-17 05:51:49", "1815423", "educationcaster.monster", "domain", "payload_delivery", "win.lumar", "PovertyStealer", "Lumar", "", "100", "False", "", "ClickFix,fake-captcha,infostealer,powershell,stealer", "0", "elemi" "2026-05-17 05:51:45", "1815430", "156.246.94.183:53", "ip:port", "botnet_cc", "elf.xmrig", "None", "XMRIG", "", "100", "False", "", "XMRig", "0", "botnetkiller" "2026-05-17 05:51:44", "1815431", "156.246.94.183:80", "ip:port", "botnet_cc", "elf.xmrig", "None", "XMRIG", "", "100", "False", "", "XMRig", "0", "botnetkiller" "2026-05-17 05:51:43", "1815432", "156.246.94.183:443", "ip:port", "botnet_cc", "elf.xmrig", "None", "XMRIG", "", "100", "False", "", "XMRig", "0", "botnetkiller" "2026-05-17 05:51:42", "1815433", "156.246.94.183:123", "ip:port", "botnet_cc", "elf.xmrig", "None", "XMRIG", "", "100", "False", "", "XMRig", "0", "botnetkiller" "2026-05-17 05:51:40", "1815443", "83.142.209.228:443", "ip:port", "botnet_cc", "win.cobaltmirage_tunnel", "None", "CobaltMirage FRP", "", "95", "False", "None", "cobalt_strike,erebus-hunter", "0", "Erebu" "2026-05-17 05:51:39", "1815444", "103.75.190.47:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-16 23:45:30", "95", "False", "None", "cobalt_strike,erebus-hunter", "0", "Erebu" "2026-05-17 05:51:37", "1815476", "38.14.248.161:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:51:36", "1815477", "206.119.4.232:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:51:35", "1815478", "206.119.1.240:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:51:34", "1815483", "47.95.245.204:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:51:33", "1815484", "106.54.55.251:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:51:32", "1815485", "103.47.80.186:8088", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:51:32", "1815486", "64.190.113.127:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-17 05:51:31", "1815493", "101.126.71.214:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:51:29", "1815494", "64.190.113.127:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-17 05:51:29", "1815495", "64.190.113.127:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-17 05:51:28", "1815496", "64.190.113.127:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-17 05:51:26", "1815468", "107.175.148.68:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "90", "False", "None", "cobalt_strike,erebus-hunter", "0", "Erebu" "2026-05-17 05:51:25", "1815469", "217.60.241.17:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "90", "False", "None", "cobalt_strike,erebus-hunter", "0", "Erebu" "2026-05-17 05:51:24", "1815471", "172.216.44.212:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "False", "None", "cobalt_strike,erebus-hunter", "0", "Erebu" "2026-05-17 05:51:06", "1815472", "2.26.160.75:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "80", "False", "None", "cobalt_strike,erebus-hunter", "0", "Erebu" "2026-05-17 05:51:00", "1815202", "206.119.6.254:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:59", "1815203", "206.119.1.233:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:58", "1815204", "206.119.1.231:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:58", "1815205", "206.119.6.248:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:57", "1815206", "206.119.1.226:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:55", "1815208", "206.119.0.236:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:55", "1815209", "206.119.6.238:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:54", "1815210", "206.119.6.237:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:53", "1815215", "206.119.0.232:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:51", "1815211", "https://www.xplorerinsights.com.elitesportnews.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.xplorerinsights.com.elitesportnews.com", "ClickFix", "0", "CarsonWilliams" "2026-05-17 05:50:50", "1815216", "https://xplorerinsights.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/xplorerinsights.com", "ClickFix", "0", "CarsonWilliams" "2026-05-17 05:50:48", "1815170", "206.119.2.228:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:47", "1815171", "206.119.7.238:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:46", "1815172", "206.119.7.235:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:45", "1815173", "206.119.1.246:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:45", "1815174", "206.119.7.234:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:44", "1815183", "206.119.1.244:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:43", "1815184", "206.119.7.232:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:42", "1815185", "206.119.1.241:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:42", "1815502", "steampunkaeronautics.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 05:55:29", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 05:50:41", "1815186", "206.119.7.231:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:40", "1815187", "206.119.1.237:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:39", "1815191", "http://31.76.251.172/0f1da281ab93408e9369.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 13:16:29", "100", "False", "None", "c2,HASLO,loader,StealC,stealer", "0", "Bitsight" "2026-05-17 05:50:38", "1815192", "206.119.1.235:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:38", "1815193", "206.119.6.251:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:37", "1815194", "206.119.6.249:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:32", "1815145", "206.119.7.246:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:31", "1815146", "206.119.2.233:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:30", "1815152", "206.119.7.242:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:30", "1815153", "206.119.2.232:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:29", "1815154", "206.119.7.241:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:28", "1815156", "206.119.7.240:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:27", "1815155", "206.119.2.230:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:24", "1815160", "206.119.1.254:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:23", "1815161", "206.119.7.237:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:23", "1815162", "206.119.1.249:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:21", "1815168", "finework.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "75", "False", "", "None", "0", "tanner" "2026-05-17 05:50:19", "1815113", "206.119.5.250:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:18", "1815114", "206.119.6.246:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:17", "1815115", "206.119.6.247:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:16", "1815116", "206.119.6.252:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:15", "1815117", "nareshvastu.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "None", "0", "varysz" "2026-05-17 05:50:14", "1815118", "bssap.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "None", "0", "varysz" "2026-05-17 05:50:14", "1815120", "ggwpcheats.xyz", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "burger" "2026-05-17 05:50:12", "1815122", "https://88.99.125.33/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "https://bazaar.abuse.ch/sample/5c8bd1829492a73a399a5b6ee4af6c8f1154c10925d00db5881b4cac0fa7922f/", "c2,vidar", "0", "burger" "2026-05-17 05:50:11", "1815138", "206.119.6.253:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:02", "1815139", "206.119.7.226:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:01", "1815140", "206.119.7.227:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:50:00", "1815141", "206.119.7.228:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:49:59", "1815142", "206.119.7.230:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:49:59", "1815143", "206.119.7.248:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:49:57", "1815144", "206.119.2.234:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:49:56", "1815112", "bbs.pinwheel-toys.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "None", "0", "varysz" "2026-05-17 05:49:55", "1815111", "revveduponline.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "None", "0", "varysz" "2026-05-17 05:49:54", "1815110", "195.222.53.130:80", "ip:port", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "50", "False", "", "None", "0", "varysz" "2026-05-17 05:49:53", "1815106", "45.61.128.164:56003", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://www.huntress.com/blog/purerat-threat-actor-evolution", "cvtres-injection,LoneNone,PureRAT,PXAStealer,Verymuchxbot,Vietnamese", "1", "kaito828" "2026-05-17 05:49:52", "1815105", "45.61.128.164:56002", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://www.huntress.com/blog/purerat-threat-actor-evolution", "cvtres-injection,LoneNone,PureRAT,PXAStealer,Verymuchxbot,Vietnamese", "1", "kaito828" "2026-05-17 05:49:50", "1815104", "45.61.128.164:56001", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://www.huntress.com/blog/purerat-threat-actor-evolution", "cvtres-injection,LoneNone,PureRAT,PXAStealer,Verymuchxbot,Vietnamese", "1", "kaito828" "2026-05-17 05:49:48", "1815103", "206.119.6.244:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:49:47", "1815102", "206.119.6.243:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:49:46", "1815101", "206.119.6.242:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:49:45", "1815090", "206.119.6.239:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:49:44", "1815089", "206.119.6.235:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:49:43", "1815100", "206.119.5.249:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:49:41", "1815088", "206.119.5.252:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_" "2026-05-17 05:46:40", "1815501", "206.119.173.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:57", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-17 05:46:19", "1815500", "101.126.150.253:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 11:00:15", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-17 05:46:17", "1815499", "27.124.19.53:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:27:33", "100", "False", "None", "CobaltStrike", "0", "abuse_ch" "2026-05-17 05:30:08", "1815498", "alchemical-formula-scroll.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 05:31:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 05:09:52", "1815497", "cosmicmicrowavebackground.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 05:14:51", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 04:51:49", "1815492", "d1jtbg8r.node-matrix.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 04:51:12", "1815491", "zsg3riki.node-matrix.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 04:50:59", "1815490", "node-matrix.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 04:51:04", "100", "False", "None", "17May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-17 04:49:24", "1815489", "vintage-blueprint-vault.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 04:49:52", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-17 04:28:48", "1815488", "abyssal-kraken-trench.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 04:29:45", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 04:08:20", "1815487", "handmade-cheese-traveler.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 04:09:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 03:48:05", "1815482", "predator-hunting-chronicles.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 03:53:01", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 03:45:47", "1815481", "47.236.91.172:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:09", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-17 03:27:03", "1815480", "chronicle-archive-keeper.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 03:27:20", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 03:06:26", "1815479", "pixelartcanvas.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 03:07:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 02:51:58", "1815475", "jomn9u8k.cyber-relay.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 02:51:04", "1815474", "8ucq9gmh.cyber-relay.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 02:51:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 02:46:00", "1815473", "suboceanic-trench-sonar.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 02:47:03", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 02:25:49", "1815467", "vintage-vinyl-restoration.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 02:26:10", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-17 02:05:03", "1815466", "volcanic-magma-chamber.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 02:05:43", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 01:45:05", "1815460", "neoncyberpunkcity.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 01:45:57", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 01:24:36", "1815459", "abandoned-asylum-expedition.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 01:28:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 01:03:45", "1815458", "deep-space-artificial-gravity.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 01:04:12", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-17 00:50:40", "1815452", "wz38j642.network-pulse.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 00:50:22", "1815451", "wkqsof7p.network-pulse.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 00:50:34", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-17 00:43:07", "1815450", "retro-gaming-launcher.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 00:43:30", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-17 00:22:29", "1815449", "ziti-multicooker-hacks.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 00:23:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-17 00:02:12", "1815448", "containerizedecosystem.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-17 00:06:53", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 23:41:15", "1815442", "flora-processing-framework.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 23:46:34", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 23:20:52", "1815441", "gardenworkflowcenter.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 23:22:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 23:00:21", "1815440", "federatedmeadowcluster.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 23:02:51", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 22:50:06", "1815437", "t1mbdy5s.script-vault.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 22:49:53", "1815436", "mqo7n5b2.script-vault.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-16 22:39:50", "1815435", "irrigation-resource-system.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 22:40:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 22:19:22", "1815434", "botanicalautomationengine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 22:20:17", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 21:59:24", "1815425", "distributed-growth-network.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 22:03:59", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 21:38:25", "1815424", "wildflorainfrastructure.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 21:42:34", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 21:18:00", "1815417", "petal-routing-platform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 21:18:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 20:57:21", "1815412", "greenhouseoperationshub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 20:57:49", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 20:50:21", "1815411", "wwk6os4i.cloud-atlas.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-16 20:49:28", "1815410", "h930qz07.cloud-atlas.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 20:49:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 20:39:07", "1815409", "dehjcpyw.byte-forge.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-16 20:37:53", "1815408", "n9gkcwto.byte-forge.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 20:38:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 20:37:12", "1815407", "linguistic-puzzle-solver.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 20:38:28", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 20:16:55", "1815404", "ancient-parchment-archive.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 20:17:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 19:56:02", "1815399", "meteorite-crater-safari.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 19:56:27", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-16 19:46:20", "1815398", "91.92.243.63:39850", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:21", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-16 19:45:35", "1815397", "45.155.69.153:43345", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:45", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-16 19:44:19", "1815396", "206.81.21.156:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:54", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-16 19:43:23", "1815395", "139.99.131.177:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:17", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-16 19:43:08", "1815394", "104.236.230.184:443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:06", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-16 19:43:06", "1815392", "103.219.153.200:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-16 19:43:06", "1815393", "103.219.153.200:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-16 19:43:05", "1815391", "103.219.153.200:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-16 19:43:03", "1815390", "1.15.221.207:4379", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:01", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-16 19:35:25", "1815386", "space-debris-trajectory.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 19:40:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 19:14:48", "1815380", "crypticdialect.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 19:15:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 18:54:18", "1815370", "urban-graffiti-crew.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 18:55:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 18:46:11", "1815369", "38.14.248.199:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-16 18:38:25", "1815368", "k2bs9h2k.proxy-horizon.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-16 18:37:29", "1815367", "n8o4p1xp.proxy-horizon.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 18:38:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 18:33:55", "1815366", "containerizedplantmesh.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 18:35:03", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 18:13:15", "1815364", "flora-monitoring-core.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 18:13:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 17:52:51", "1815352", "meadowworkflowplatform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 17:53:18", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 17:32:47", "1815351", "federatedgardencluster.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 17:33:15", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 17:11:49", "1815350", "irrigation-management-system.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 17:12:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 16:38:04", "1815341", "2ol471ks.kernel-lattice.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-16 16:36:56", "1815340", "iqp9g9u7.kernel-lattice.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 16:36:53", "1815339", "kernel-lattice.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 16:36:58", "100", "False", "None", "16May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-16 16:35:47", "1815338", "botanicalprocessingengine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 16:52:07", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 16:20:07", "1815337", "103.238.225.156:15641", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-05-16 16:15:22", "1815336", "bloommonitoringengine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 16:20:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 16:00:08", "1815326", "34.92.160.93:28488", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-05-16 15:54:48", "1815325", "gardeninfrastructurelab.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 15:55:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 15:34:26", "1815320", "asynchronouswatering-system.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 15:34:54", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 15:14:12", "1815317", "ecosystemmanagementhub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 15:14:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 14:48:10", "1815305", "flora-observability-core.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 14:49:34", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 14:37:12", "1815304", "97035mb3.signal-harbor.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 14:36:46", "1815303", "3w32k3ih.signal-harbor.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-16 14:23:10", "1815302", "meadowprocessingcenter.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 14:23:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 13:57:26", "1815297", "federatedplantcluster.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 14:02:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-16 13:31:39", "1815296", "botanicalresourceengine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-16 13:36:51", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-16 09:46:35", "1815260", "38.14.248.199:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-16 09:44:54", "1815259", "31.57.184.82:7829", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-16 09:43:55", "1815258", "193.169.194.51:6325", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:47", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-16 09:43:50", "1815257", "188.126.90.5:9999", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:42", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-16 09:43:20", "1815256", "139.99.131.177:44444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:17", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-16 08:30:10", "1815244", "8.218.110.236:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-05-17 07:51:17", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-05-15 19:44:50", "1815137", "95.231.168.143:4483", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:45:24", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-15 19:44:38", "1815135", "65.21.21.227:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:06", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-15 19:44:38", "1815136", "65.21.21.227:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:06", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-15 19:44:21", "1815134", "4.235.114.15:1024", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:44:42", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-15 19:44:19", "1815133", "34.69.130.10:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:44:38", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-15 19:44:18", "1815132", "31.57.187.91:1337", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-15 19:44:14", "1815131", "217.30.169.67:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:33", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-15 19:43:41", "1815130", "2.26.160.75:4984", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-15 19:43:29", "1815129", "178.236.252.244:3333", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-15 19:43:22", "1815128", "163.245.216.78:8080", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:27", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-15 19:43:12", "1815127", "137.184.102.191:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:14", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-15 19:43:07", "1815126", "107.175.148.68:8080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:08", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-15 19:43:04", "1815125", "103.147.228.13:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-15 14:44:53", "1814940", "mexpo-gloves.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-05-17 16:06:37", "100", "False", "", "RemusStealer", "0", "abuse_ch" "2026-05-15 14:44:53", "1814941", "digitallightandsound.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-05-17 16:06:37", "100", "False", "", "RemusStealer", "0", "abuse_ch" "2026-05-15 14:17:00", "1814924", "94.26.90.137:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-16 16:03:54", "75", "False", "https://bazaar.abuse.ch/sample/e733cc5f38c2e1830233edb6c035a9888a153b01a548cb8df5c57a82204153e1/", "None", "0", "abuse_ch" "2026-05-15 13:48:12", "1814913", "47.122.118.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:10", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2026-05-15 13:48:12", "1814914", "207.56.229.234:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 10:00:17", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-15 13:48:08", "1814912", "155.138.147.166:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:18", "100", "False", "None", "CobaltStrike,cs-watermark-1", "0", "abuse_ch" "2026-05-15 13:47:48", "1814911", "107.173.186.7:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:14", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-15 13:47:47", "1814909", "39.108.114.1:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-16 18:21:11", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-15 13:47:47", "1814910", "123.57.208.37:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:47", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-15 13:47:17", "1812273", "46.253.143.52:443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-16 16:08:24", "100", "True", "None", "adaptix", "1", "_ik_" "2026-05-15 13:47:09", "1812324", "47.99.93.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 07:15:41", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-15 13:46:12", "1814900", "134.209.89.238:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-16 15:12:55", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-15 13:46:12", "1814901", "161.35.153.14:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-16 14:53:52", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-15 13:35:43", "1812370", "139.99.131.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-16 18:02:50", "75", "False", "None", "WRAITH-IL6", "0", "VulVindicator" "2026-05-15 13:35:39", "1812358", "31.207.39.174:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 13:12:02", "100", "False", "None", "AS210403,chaos,Groupe LWS SARL", "0", "antiphishorg" "2026-05-15 13:35:37", "1812345", "158.220.127.55:8888", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 13:12:02", "100", "False", "None", "AS51167,chaos,Contabo GmbH", "0", "antiphishorg" "2026-05-15 13:35:13", "1812249", "118.31.62.238:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:11", "100", "True", "None", "cobaltstrike", "1", "_ik_" "2026-05-15 13:35:12", "1812254", "vanta.st", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-05-17 11:03:19", "100", "False", "https://app.any.run/tasks/660c3952-64b1-4e99-a7a3-e4b9f9f803c2", "None", "0", "burger" "2026-05-15 09:45:23", "1814531", "91.124.19.173:6913", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:19", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-15 09:45:20", "1814529", "85.11.167.110:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:16", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-15 09:45:20", "1814530", "85.11.167.110:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:16", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-15 09:44:54", "1814528", "5.101.81.2:63676", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:51", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-15 09:44:35", "1814527", "216.250.249.225:2195", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:32", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-15 09:43:22", "1814525", "15.236.43.82:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:22", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-15 09:43:07", "1814523", "104.243.248.63:1808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:07", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-15 09:43:04", "1814522", "103.168.67.140:3031", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-14 22:45:41", "1812322", "1.117.61.9:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-14 22:45:33", "1812320", "ct.feliz.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-14 19:47:27", "1812283", "95.141.133.7:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:23", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch" "2026-05-14 19:47:23", "1812282", "91.215.85.121:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:19", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-14 19:43:34", "1812281", "138.9.219.221:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-14 19:43:12", "1812280", "104.243.248.63:1806", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:07", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-14 15:10:13", "1812223", "bigsolutionsgc.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-05-17 16:06:37", "100", "False", "", "RemusStealer", "0", "abuse_ch" "2026-05-14 15:10:13", "1812224", "sahalexchange.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-05-17 16:06:37", "100", "False", "", "RemusStealer", "0", "abuse_ch" "2026-05-14 12:35:59", "1811932", "80.78.30.62:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:45:11", "100", "True", "None", "havoc", "1", "_ik_" "2026-05-14 12:33:30", "1811674", "47.102.184.26:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:06", "50", "False", "None", "37963,c2,censys,cobalt strike", "0", "sojubear" "2026-05-14 12:32:24", "1811552", "afroempiredance.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 13:29:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-14 12:32:21", "1811554", "chameleoninserts.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 13:29:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-14 12:32:18", "1811558", "martialnovalis.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 13:29:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-14 12:32:16", "1811559", "prostazin.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 13:29:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-14 12:32:15", "1811560", "seppiacultura.org", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 13:29:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-14 12:32:14", "1811561", "shadetree.financial", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 13:29:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-14 12:32:13", "1811563", "styledsoulseries.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 13:29:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-14 12:32:11", "1811562", "sippinservice.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 13:29:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-14 12:30:56", "1811507", "158.94.209.243:3333", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:25", "100", "True", "None", "dcrat", "1", "_ik_" "2026-05-14 12:14:55", "1812150", "47.121.117.88:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 05:46:14", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-14 12:14:40", "1812149", "175.178.36.137:8090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 19:00:13", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-14 12:14:39", "1812148", "147.78.2.110:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:19", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-14 12:14:38", "1812146", "106.75.252.66:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 17:00:12", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-14 12:14:37", "1812145", "47.121.117.88:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 05:46:15", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-14 11:46:11", "1812141", "113.31.115.231:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-14 09:51:34", "1812126", "84.46.251.62:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:15", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-14 09:45:53", "1812125", "192.159.99.34:6606", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:45", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-13 19:45:36", "1811952", "93.127.160.86:6552", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:21", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-13 19:45:31", "1811950", "85.120.252.124:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:45:16", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-13 19:45:31", "1811951", "85.17.192.68:2121", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-13 19:45:29", "1811949", "83.217.215.55:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:45:14", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-13 19:45:08", "1811948", "5.101.83.144:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-13 19:45:06", "1811947", "5.101.82.216:50044", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-13 19:45:05", "1811946", "5.101.81.81:6913", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-13 19:44:54", "1811945", "43.230.162.44:14321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:44", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-13 19:44:46", "1811944", "31.13.190.2:6552", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:35", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-13 19:43:55", "1811943", "2.26.96.209:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:51", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-13 19:43:53", "1811942", "194.33.48.221:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:49", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-13 19:43:17", "1811941", "139.99.131.177:6000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:17", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-13 19:43:03", "1811939", "103.197.191.159:443", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:43:04", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-13 19:43:03", "1811940", "103.197.191.159:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:43:04", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-13 10:45:56", "1811775", "43.139.170.200:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:03", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-13 09:45:26", "1811766", "91.134.139.176:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:45:19", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-13 09:45:12", "1811764", "62.169.31.177:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2026-05-18 12:45:03", "75", "False", "None", "drb-ra,Hook", "0", "abuse_ch" "2026-05-13 09:44:52", "1811763", "45.92.1.175:5220", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:48", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-13 09:43:56", "1811762", "203.202.232.22:3131", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-13 09:43:50", "1811761", "194.33.48.221:8081", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:49", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-13 09:43:20", "1811760", "147.124.216.58:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:21", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-13 09:43:02", "1811759", "101.109.237.93:7443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:02", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-12 22:45:18", "1811650", "168.222.97.93:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-12 22:45:18", "1811651", "168.222.97.93:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-12 22:45:17", "1811649", "161.248.87.10:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-12 20:30:05", "1811591", "34.75.35.194:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-17 06:00:19", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2026-05-12 19:45:05", "1811573", "94.198.51.234:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:45:23", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-12 19:44:29", "1811572", "37.72.172.58:7077", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:39", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-12 19:43:45", "1811571", "2.27.17.179:6644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-12 15:12:03", "1811473", "www.apartuk.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "2026-05-18 13:12:03", "50", "False", "https://tracker.viriback.com/index.php?q=www.apartuk.info", "ViriBack,XLoader", "0", "abuse_ch" "2026-05-12 15:12:02", "1811472", "www.axilo.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "2026-05-18 13:12:03", "50", "False", "https://tracker.viriback.com/index.php?q=www.axilo.top", "ViriBack,XLoader", "0", "abuse_ch" "2026-05-12 14:50:32", "1811234", "190.255.90.152:6000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:44", "50", "False", "None", "3816,asyncrat,c2,censys", "0", "sojubear" "2026-05-12 14:48:59", "1811440", "http://cdntestconnect.com/ed54b97a570943999715.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 13:04:40", "100", "False", "None", "c2,first,loader,StealC,stealer", "0", "Bitsight" "2026-05-12 14:46:47", "1811460", "175.178.36.137:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 18:00:19", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-12 11:45:40", "1811413", "118.31.62.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-12 11:45:38", "1811412", "117.72.168.103:50011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-12 11:45:31", "1811410", "101.132.156.12:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-12 11:45:31", "1811411", "101.35.102.87:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-12 09:45:18", "1811401", "91.92.243.38:35630", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:20", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-12 09:45:17", "1811400", "91.215.85.121:6466", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:19", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-12 09:45:14", "1811399", "85.158.57.247:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-12 09:45:04", "1811398", "67.180.188.88:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-12 09:45:00", "1811397", "62.84.114.70:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:04", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-12 09:44:59", "1811396", "62.171.190.148:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:45:03", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-12 09:44:43", "1811394", "45.142.107.41:1030", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:44:44", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-12 09:44:43", "1811395", "45.142.107.41:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:44:44", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-12 09:44:37", "1811392", "31.57.184.48:7456", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-12 09:44:37", "1811393", "31.57.201.105:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:37", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-12 09:43:50", "1811389", "207.148.2.115:60060", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:55", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-12 09:43:50", "1811390", "207.148.2.115:60061", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:55", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-12 09:43:47", "1811388", "2.26.96.209:8080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:52", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-12 09:43:21", "1811387", "155.103.71.115:14549", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-12 09:43:17", "1811386", "146.185.233.71:41254", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-12 09:43:06", "1811385", "104.243.248.63:1803", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:07", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-12 09:43:03", "1811384", "103.143.207.71:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:03", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-12 07:17:30", "1811288", "bcncdncl-ns.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-05-18 06:43:03", "100", "False", "None", "ClickFix", "0", "threatcat_ch" "2026-05-11 22:45:16", "1811186", "117.50.184.221:10080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-11 22:45:14", "1811185", "112.124.71.123:55555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-11 19:45:07", "1811129", "64.199.252.59:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:45:05", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-11 19:45:01", "1811128", "51.77.54.76:6769", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:59", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 19:44:51", "1811127", "46.253.143.52:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:50", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 19:44:49", "1811126", "45.77.89.29:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:48", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 19:43:58", "1811125", "213.139.77.243:55555", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:43:58", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-05-11 19:43:39", "1811124", "185.212.128.72:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:39", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-11 19:43:38", "1811123", "185.190.142.66:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:38", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 19:43:23", "1811122", "155.103.71.115:14548", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-11 19:43:16", "1811120", "139.180.153.57:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 19:43:16", "1811121", "139.99.131.177:8000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:17", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-11 19:43:10", "1811119", "13.60.193.80:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 19:43:08", "1811118", "109.73.193.242:10140", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:09", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 19:43:04", "1811117", "103.247.11.53:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:05", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-11 11:45:53", "1811018", "38.55.124.41:16571", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:00", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-11 11:45:45", "1811017", "172.245.28.187:4440", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-11 11:45:33", "1811016", "117.72.198.62:9987", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-11 09:45:20", "1810966", "91.92.243.63:35631", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:21", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-11 09:45:20", "1810967", "91.92.243.63:35635", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:21", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-11 09:45:15", "1810965", "89.42.134.220:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:18", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-11 09:44:59", "1810964", "78.47.143.18:8053", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:10", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-11 09:44:44", "1810963", "5.101.81.81:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-11 09:44:38", "1810962", "45.153.34.51:58001", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:45", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-11 09:44:36", "1810961", "44.215.161.149:4005", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:44", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-11 09:44:35", "1810960", "43.133.149.36:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:43", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-11 09:44:29", "1810959", "31.57.184.154:7007", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-11 09:43:46", "1810958", "20.114.142.61:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:52", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-11 09:43:42", "1810957", "194.163.175.135:8679", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:48", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 09:43:41", "1810956", "193.169.194.19:8264", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:47", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-11 09:43:35", "1810955", "185.242.245.27:44875", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:41", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 09:43:34", "1810954", "185.212.128.76:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:39", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-11 09:43:26", "1810952", "172.239.57.52:1234", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:31", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-11 09:43:26", "1810953", "172.245.97.237:2030", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:31", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-11 09:43:24", "1810951", "168.222.97.106:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-11 09:43:20", "1810950", "158.94.210.70:22532", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-11 09:43:15", "1810949", "144.91.78.57:9008", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:19", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-11 09:43:11", "1810948", "137.184.38.192:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-11 09:43:09", "1810947", "130.12.182.209:1525", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:12", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 23:45:17", "1810462", "150.158.109.61:9090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-10 23:45:07", "1810461", "112.213.106.53:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-10 19:44:55", "1810418", "64.23.231.32:9001", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:45:05", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-10 19:44:52", "1810417", "5.78.110.145:7989", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:44:59", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-10 19:44:43", "1810416", "46.109.239.103:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:49", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 19:44:38", "1810415", "44.206.172.239:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:44", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-10 19:44:31", "1810414", "31.57.184.154:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 19:44:30", "1810413", "24.134.4.221:4714", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:44:34", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-10 19:43:51", "1810412", "209.99.188.44:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:56", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-10 19:43:45", "1810410", "195.123.240.236:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:50", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-10 19:43:45", "1810411", "195.123.240.236:8274", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:50", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-10 19:43:39", "1810408", "189.34.188.6:5406", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:43", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-10 19:43:39", "1810409", "189.34.188.6:5407", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:43", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-10 19:43:32", "1810407", "178.16.55.171:444", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:43:36", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-05-10 19:43:31", "1810406", "178.105.40.204:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:35", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-10 19:43:15", "1810405", "138.9.237.106:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-10 19:43:11", "1810404", "130.49.214.74:50194", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:12", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 18:39:13", "1809572", "http://108.59.252.214/9290546939c94eebbdb2.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 12:25:10", "100", "False", "None", "c2,loader,modo,StealC,stealer", "0", "Bitsight" "2026-05-10 10:45:37", "1810194", "142.171.172.100:17443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-10 10:45:13", "1810193", "api.apifox.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-10 09:44:56", "1810170", "57.158.27.132:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:45:01", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-10 09:44:39", "1810169", "43.133.149.36:18080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:42", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-10 09:43:50", "1810168", "207.56.2.25:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:55", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-10 09:43:47", "1810167", "198.23.185.234:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:51", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 09:43:45", "1810166", "194.26.192.229:50", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:49", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 09:43:41", "1810165", "192.159.99.183:8080", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:45", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-10 09:43:33", "1810164", "179.43.134.189:9968", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-10 09:43:31", "1810163", "175.27.164.136:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:34", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-10 09:43:27", "1810162", "172.245.152.57:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:31", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-09 20:44:40", "1809787", "39nasm720z98q.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-09 19:44:46", "1809758", "82.25.35.113:2177", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:13", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-09 19:44:38", "1809756", "5.180.46.180:2030", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:44:58", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-09 19:43:46", "1809754", "213.130.25.141:44333", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:58", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-09 19:43:41", "1809753", "198.167.212.165:73", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:51", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-09 19:43:40", "1809751", "194.26.192.229:100", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:49", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-09 19:43:40", "1809752", "194.26.192.229:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:49", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-09 19:43:24", "1809750", "168.144.89.48:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:30", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-09 19:43:23", "1809749", "167.99.151.149:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:29", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-09 19:43:13", "1809747", "138.9.223.13:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-09 19:43:13", "1809748", "138.9.41.254:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-09 06:56:58", "1809459", "139.226.191.247:2082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:36", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-08 23:44:52", "1809219", "139.196.50.117:9930", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 23:44:44", "1809218", "106.53.82.117:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 19:45:15", "1809059", "202.95.18.30:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 19:44:47", "1809058", "ns1.cacheflow.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 19:44:41", "1809056", "93.127.160.86:6553", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:44:41", "1809057", "93.127.160.86:6554", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:44:40", "1809054", "91.92.241.142:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:20", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-08 19:44:40", "1809055", "91.92.241.142:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:20", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-08 19:44:39", "1809053", "89.208.113.158:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:18", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 19:44:36", "1809051", "83.142.209.146:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:14", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 19:44:36", "1809052", "83.142.209.60:8795", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:14", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 19:44:34", "1809050", "80.211.196.157:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:11", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 19:44:33", "1809048", "75.119.154.8:2700", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:09", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-08 19:44:33", "1809049", "75.119.154.8:3500", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:09", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-08 19:44:32", "1809046", "64.90.19.46:5432", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:06", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 19:44:32", "1809047", "66.163.112.213:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:06", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 19:44:30", "1809045", "61.7.18.194:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:02", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:44:27", "1809044", "5.101.86.70:9843", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:44:25", "1809043", "5.101.86.105:4509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:44:13", "1809042", "31.57.216.56:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:37", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:44:11", "1809041", "23.227.203.172:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:44:34", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-08 19:43:41", "1809039", "209.38.100.109:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:56", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 19:43:41", "1809040", "209.54.101.159:1414", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:36", "1809038", "193.42.24.165:4848", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:48", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 19:43:35", "1809037", "193.169.194.24:2509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:47", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:31", "1809036", "185.220.205.80:3535", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:40", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:29", "1809034", "185.212.128.15:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:39", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-08 19:43:29", "1809035", "185.212.128.24:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:39", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-08 19:43:28", "1809033", "180.97.214.70:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:43:37", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-08 19:43:26", "1809032", "177.67.105.14:8091", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:34", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-08 19:43:25", "1809031", "172.94.3.201:5816", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:33", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:19", "1809029", "160.25.82.142:80", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:19", "1809030", "160.30.231.100:553", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:26", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-08 19:43:17", "1809028", "154.7.228.167:2443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:23", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-08 19:43:15", "1809026", "146.185.233.76:7227", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:15", "1809027", "146.185.239.61:9702", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:13", "1809024", "138.9.231.141:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:13", "1809025", "138.9.234.119:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:12", "1809020", "138.9.0.156:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:12", "1809021", "138.9.114.126:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:12", "1809022", "138.9.116.98:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:12", "1809023", "138.9.216.8:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 19:43:09", "1809019", "129.212.254.59:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:11", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 19:43:06", "1809018", "107.174.234.194:7755", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:08", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 12:18:54", "1808779", "http://95.85.236.66/cd44fb36ede645bf842e.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 13:14:59", "100", "False", "None", "c2,loader,StealC,stealer,w27", "0", "Bitsight" "2026-05-08 10:44:30", "1808743", "47.94.168.149:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 10:44:29", "1808742", "47.83.254.175:1102", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 10:43:48", "1808741", "1364170351-kld29tgkc1.ap-guangzhou.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 08:43:59", "1808671", "89.203.129.126:9997", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-05-18 12:45:18", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-08 08:43:57", "1808667", "81.17.101.139:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:45:12", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-08 08:43:57", "1808668", "82.38.148.254:5902", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:13", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:57", "1808669", "82.38.148.254:5903", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:13", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:57", "1808670", "83.143.58.253:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:14", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:56", "1808666", "69.197.150.245:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:08", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:55", "1808665", "62.169.25.116:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:03", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 08:43:54", "1808664", "5.252.179.132:1616", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:53", "1808661", "5.101.86.95:4034", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:53", "1808662", "5.101.86.99:7192", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:53", "1808663", "5.252.153.0:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:58", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 08:43:52", "1808660", "5.101.86.70:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:51", "1808659", "5.101.86.41:3305", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:50", "1808658", "5.101.86.103:8834", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:49", "1808655", "5.101.83.117:8374", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:49", "1808656", "5.101.86.103:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:49", "1808657", "5.101.86.103:6913", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:48", "1808654", "5.101.82.226:3581", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:47", "1808653", "5.101.81.23:4315", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:46", "1808652", "45.79.163.107:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:48", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 08:43:45", "1808649", "45.23.73.4:5645", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:46", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:45", "1808650", "45.56.91.55:2005", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:46", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch" "2026-05-08 08:43:42", "1808648", "31.57.216.62:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:38", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:41", "1808647", "23.249.29.138:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:44:34", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-08 08:43:21", "1808643", "209.38.110.161:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:56", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 08:43:21", "1808644", "209.99.186.98:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:21", "1808645", "209.99.190.172:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:56", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-08 08:43:21", "1808646", "209.99.190.53:666", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:57", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-08 08:43:19", "1808641", "195.250.25.214:4000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:50", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-08 08:43:19", "1808642", "198.46.173.6:2208", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:18", "1808640", "194.37.80.126:7543", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:49", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-08 08:43:15", "1808639", "185.212.129.114:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:40", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-08 08:43:14", "1808638", "179.0.178.240:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:13", "1808637", "178.104.186.90:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:34", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 08:43:12", "1808635", "170.168.103.124:5342", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:30", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:12", "1808636", "172.245.209.227:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:31", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:11", "1808634", "167.114.129.165:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:29", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 08:43:08", "1808633", "146.185.239.55:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:07", "1808629", "138.9.118.8:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:07", "1808630", "138.9.216.212:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:07", "1808631", "138.9.226.206:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:07", "1808632", "138.9.41.75:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:05", "1808627", "108.61.193.141:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:09", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 08:43:05", "1808628", "113.31.118.180:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:10", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-08 08:43:04", "1808623", "104.243.248.63:1802", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:07", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-08 08:43:04", "1808624", "106.55.186.190:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:07", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 08:43:04", "1808625", "107.161.50.202:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:08", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 08:43:04", "1808626", "107.172.235.68:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:08", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-08 08:43:03", "1808621", "103.83.87.7:2492", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:05", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:43:03", "1808622", "103.83.87.81:4141", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-08 08:00:21", "1808423", "http://secure.controlpanel.asia/330311481fe14ab99814.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 12:55:23", "100", "False", "None", "c2,CDCDCDC,loader,StealC,stealer", "0", "Bitsight" "2026-05-08 07:49:28", "1808600", "45.202.249.88:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:05", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-08 07:49:24", "1808598", "45.202.249.88:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:05", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-07 20:45:06", "1808288", "49.7.54.204:8901", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-07 20:44:34", "1808287", "106.14.116.17:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-07 20:44:32", "1808286", "101.33.225.32:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-07 20:36:02", "1808282", "158.94.211.95:80", "ip:port", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "2026-05-18 13:12:03", "50", "False", "https://tracker.viriback.com/index.php?q=158.94.211.95", "Lokibot,ViriBack", "0", "abuse_ch" "2026-05-07 18:44:06", "1808259", "5.101.86.106:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-07 18:44:05", "1808258", "5.101.83.114:7312", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-07 18:43:51", "1808257", "217.145.72.202:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:32", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-07 18:43:25", "1808256", "186.169.76.228:5010", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:42", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-07 18:43:18", "1808255", "168.144.36.228:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:43:30", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-07 18:43:14", "1808254", "155.103.71.115:14648", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-07 18:43:11", "1808253", "146.185.233.41:5382", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:19", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-07 18:43:09", "1808252", "138.197.21.32:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:15", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-07 10:44:22", "1808143", "94.154.35.160:12345", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:22", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-07 10:44:18", "1808142", "83.147.38.94:2030", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:45:14", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-07 10:44:15", "1808141", "66.85.27.30:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:07", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-07 10:44:07", "1808140", "5.101.81.81:9323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-07 10:43:34", "1808139", "203.159.90.139:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-07 10:43:04", "1808138", "104.167.199.243:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:06", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-06 20:53:25", "1807882", "http://178.16.55.25/bcbb13c7c8984290857b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 13:18:56", "100", "False", "None", "c2,FFF0506,loader,StealC,stealer", "0", "Bitsight" "2026-05-06 20:53:22", "1807868", "27.102.137.139:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:35", "75", "False", "", "Remcos,RemcosRAT,Remvio,Socmer", "0", "whoamix302" "2026-05-06 20:45:39", "1807906", "45.207.192.190:30078", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:05", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 20:45:29", "1807905", "207.56.226.75:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 20:45:09", "1807904", "117.72.168.103:16337", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 20:44:56", "1807903", "static.slbc7890.shop", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 18:44:01", "1807846", "5.101.86.102:2501", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-06 18:44:01", "1807847", "5.101.86.107:4934", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-06 18:43:51", "1807845", "31.57.216.62:14641", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:38", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-06 18:43:26", "1807844", "192.109.200.143:2345", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:45", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-06 18:43:21", "1807843", "178.16.52.203:1889", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:35", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-06 18:43:14", "1807842", "154.18.238.18:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:23", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-06 18:43:05", "1807841", "104.194.157.45:7001", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:06", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-06 16:44:54", "1807793", "68.64.178.130:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:44", "1807792", "39.101.78.48:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:01", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:32", "1807791", "124.223.90.150:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:24", "1807789", "103.53.81.232:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:37", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:24", "1807790", "103.53.81.232:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:37", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:22", "1807788", "1.15.100.187:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:21", "1807787", "www.pronhub.shop", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:20", "1807786", "update.javashell.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:13", "1807783", "1325813086-kvn4jlpgeu.ap-shanghai.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:13", "1807784", "1364170351-ivarm6apjz.ap-guangzhou.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 16:44:13", "1807785", "4176rbz8vepn6.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-06 08:44:09", "1807540", "5.101.86.41:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-06 08:44:09", "1807541", "5.101.86.41:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-06 08:44:08", "1807539", "5.101.86.104:1334", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-06 08:43:54", "1807538", "31.57.184.154:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-06 06:01:23", "1807364", "77.93.152.138:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 07:00:16", "50", "False", "None", "401479,asyncrat,c2,censys", "0", "sojubear" "2026-05-06 06:01:22", "1807365", "192.109.200.143:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:45", "50", "False", "None", "51396,asyncrat,c2,censys", "0", "sojubear" "2026-05-05 20:44:19", "1807261", "www.cement-chemistry.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-05 18:49:30", "1807206", "5.101.86.98:4126", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 18:49:12", "1807204", "5.101.82.228:9362", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 18:49:12", "1807205", "5.101.82.229:3039", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 18:49:05", "1807203", "5.101.81.81:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 18:48:26", "1807201", "38.190.224.70:4338", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:40", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 17:17:43", "1807073", "http://5.252.177.67/bb7f17919d0a4d0aaf22.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 12:45:41", "100", "False", "None", "c2,loader,StealC,stealer,win20", "0", "Bitsight" "2026-05-05 13:58:25", "1807037", "http://213.165.47.49/480bee37986b4097bc20.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 12:21:49", "100", "False", "None", "c2,loader,StealC,stealer,test", "0", "Bitsight" "2026-05-05 13:58:14", "1807059", "http://89.46.38.100/c0b30d15260a4d8888dc.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 12:48:55", "100", "False", "None", "c2,loader,M1,StealC,stealer", "0", "Bitsight" "2026-05-05 13:12:36", "1807027", "http://217.119.129.37/2a7400fe251b4b4687fe.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 13:11:17", "100", "False", "None", "2,c2,loader,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:31", "1806968", "http://2.26.123.18/0f1da281ab93408e9369.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 13:07:21", "100", "False", "https://bazaar.abuse.ch/sample/b543ca5c5ce8796ed7d5d77725391b301f110d1d424d11fb7a09e0da71facee7/", "C2,Stealc", "0", "burger" "2026-05-05 12:59:27", "1806983", "http://196.251.107.130/16b022998f754137b60a.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 13:13:58", "100", "False", "None", "c2,loader,RUN,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:20", "1806998", "http://213.165.47.174/0cddd9346bd3479aab11.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 12:26:25", "100", "False", "None", "c2,loader,steal,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:19", "1807009", "http://89.169.12.194/2a7400fe251b4b4687fe.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 13:02:42", "100", "False", "None", "b3,c2,loader,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:18", "1807011", "http://178.16.55.72/2d3c04d39c634992b70b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 09:12:56", "100", "False", "None", "c2,loader,sdsdsdsd,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:16", "1807013", "http://193.111.117.51/94a5dbd165044e85b88e.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-18 12:53:29", "100", "False", "None", "c2,loader,neverhigh,StealC,stealer", "0", "Bitsight" "2026-05-05 10:47:56", "1806956", "5.180.82.239:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 10:47:55", "1806955", "5.101.86.97:6913", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 10:47:42", "1806953", "5.101.82.99:6031", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 10:47:42", "1806954", "5.101.86.11:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 10:47:38", "1806952", "5.101.82.227:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 10:47:27", "1806951", "46.151.182.33:9545", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 10:43:27", "1806947", "135.136.148.120:2003", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:13", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 10:43:24", "1806946", "130.49.214.74:62582", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:12", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 08:45:25", "1806902", "8.211.130.16:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-05 08:44:56", "1806901", "172.245.156.179:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-05 08:44:35", "1806900", "webshareclouds.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-05 08:44:34", "1806899", "perfectgo.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-05 08:43:36", "1806898", "209.99.187.44:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-05 08:43:10", "1806897", "136.244.67.94:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-05 00:05:43", "1806444", "104.168.5.25:5000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:06", "75", "False", "https://bazaar.abuse.ch/sample/ee0e4e3198fd8942c1241f276857745823901fbbdd73b6827517998e17f91e09/", "remcos", "0", "abuse_ch" "2026-05-04 20:45:12", "1806230", "83.147.19.38:7899", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:18", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 20:45:07", "1806229", "8.130.80.145:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 20:44:43", "1806228", "154.219.115.123:61443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 20:44:36", "1806227", "119.29.198.193:8555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:45", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 18:44:06", "1806112", "5.101.86.101:1398", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-04 18:43:57", "1806111", "40.115.28.131:4812", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:44:42", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-04 18:43:30", "1806110", "193.93.194.101:60736", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:48", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-04 18:43:27", "1806109", "190.255.94.200:6000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:44", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-04 18:43:17", "1806108", "162.216.240.168:8443", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:27", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-04 12:45:16", "1805878", "77.74.201.243:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 12:44:30", "1805876", "t.shakesnap.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 12:44:30", "1805877", "t2.shakesnap.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 10:44:16", "1805817", "93.127.134.156:3389", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:21", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-04 10:43:59", "1805815", "45.66.248.82:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:44:46", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-04 10:43:59", "1805816", "45.66.248.82:53802", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:44:47", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-04 10:43:21", "1805813", "178.16.54.192:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-04 10:43:11", "1805812", "143.198.52.66:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:18", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-04 08:45:10", "1805769", "8.130.173.155:30006", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 08:44:52", "1805768", "31.7.62.178:14443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-04 08:44:13", "1805766", "82.165.79.60:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:45:13", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-04 08:44:12", "1805765", "82.165.79.60:1337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:45:13", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-04 08:44:06", "1805762", "5.101.86.73:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-04 08:44:06", "1805763", "5.101.86.73:8371", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-04 08:44:05", "1805761", "5.101.86.4:3841", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-04 08:43:27", "1805760", "192.3.136.228:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:46", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-04 08:43:24", "1805759", "185.91.126.198:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-04 08:43:20", "1805758", "176.65.132.131:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-04 08:43:16", "1805757", "163.181.45.55:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:43:27", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-03 18:43:37", "1805410", "190.255.86.67:5012", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:44", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-03 18:43:37", "1805411", "190.255.86.67:5061", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:44", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-03 18:43:37", "1805412", "190.255.86.67:5123", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:44", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-03 18:43:37", "1805413", "190.255.86.67:5469", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:44", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-03 12:44:50", "1805272", "80.78.22.41:783", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-03 12:44:46", "1805271", "49.232.90.5:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-03 12:44:41", "1805270", "45.227.253.121:51227", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:05", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-03 12:44:37", "1805269", "38.165.21.163:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-03 12:44:29", "1805268", "151.245.90.45:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-03 12:44:08", "1805267", "ap.johamp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-03 08:43:54", "1805202", "46.151.182.148:25608", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-03 08:43:44", "1805200", "217.145.226.192:7747", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:44:32", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-03 08:43:20", "1805199", "182.23.2.163:18569", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:37", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-03 08:43:14", "1805198", "159.69.90.48:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:26", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-03 07:33:10", "1805100", "172.245.195.206:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:31", "75", "False", "", "Remcos,RemcosRAT,Remvio,Socmer", "0", "whoamix302" "2026-05-02 20:44:32", "1804969", "34.124.142.136:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 20:44:32", "1804970", "34.124.142.136:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 20:44:31", "1804968", "203.160.54.22:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 20:44:30", "1804967", "195.123.220.237:2053", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:56", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 20:44:27", "1804966", "165.154.22.163:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 20:44:06", "1804965", "h67as5d5x.m6p3wca1.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 18:43:55", "1804930", "64.188.71.230:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:05", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-02 18:43:54", "1804929", "57.158.26.13:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:01", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-02 18:43:44", "1804928", "38.147.173.24:8562", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:40", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-02 18:43:21", "1804926", "186.169.82.230:4343", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:42", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-02 18:43:19", "1804925", "185.195.66.182:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:38", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-02 18:43:15", "1804923", "165.245.172.175:8443", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:28", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-02 18:43:13", "1804922", "157.230.26.61:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:24", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-02 18:43:08", "1804920", "137.220.137.67:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 18:43:08", "1804921", "137.220.137.67:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 18:43:07", "1804919", "134.122.99.247:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:13", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-02 18:43:05", "1804918", "107.175.113.200:11240", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:08", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 14:44:30", "1804853", "47.101.172.178:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 14:44:26", "1804852", "38.207.176.96:8520", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:00", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 14:44:25", "1804849", "23.235.186.164:7887", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 14:44:25", "1804850", "23.248.204.162:7887", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 14:44:25", "1804851", "23.248.236.163:7887", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 14:44:05", "1804848", "safeaxis.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-02 08:43:58", "1804734", "95.216.5.32:70", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:58", "1804735", "95.216.5.32:76", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:58", "1804736", "95.216.5.32:77", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:55", "1804733", "84.46.250.128:50", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:15", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:53", "1804732", "8.160.216.91:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:45:10", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-02 08:43:42", "1804730", "38.60.197.157:65347", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:44:41", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-02 08:43:40", "1804728", "31.57.184.161:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:40", "1804729", "31.57.184.161:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:39", "1804727", "31.57.184.161:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:24", "1804725", "20.24.67.42:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:53", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-02 08:43:21", "1804724", "192.3.96.154:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:46", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:14", "1804722", "172.104.57.250:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:43:30", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-02 08:43:14", "1804723", "172.104.57.250:9000", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:43:30", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-02 08:43:12", "1804721", "161.97.118.207:2500", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:27", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:07", "1804720", "137.220.137.68:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-02 08:43:06", "1804719", "124.95.172.200:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:43:11", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-02 08:43:05", "1804718", "113.45.19.19:7666", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:10", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-02 07:06:20", "1804652", "38.55.177.51:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:00", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-02 07:06:18", "1804650", "175.24.201.23:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:54", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-02 06:55:05", "1804643", "firewai.biz", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-05-18 08:06:21", "100", "False", "https://bazaar.abuse.ch/sample/5eb440933efc934628399697e2bca83ac41cefbb7c653dae1b91113596c4755e/", "RemusStealer", "0", "abuse_ch" "2026-05-02 05:24:17", "1803956", "https://arsimonopa.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:15:08", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-05-02 05:24:15", "1803960", "https://lemonimonakio.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:05:05", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-05-02 05:24:07", "1804005", "47.239.222.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:10", "100", "False", "", "AS45102,Cobalt Strike,cobeacon", "1", "xcyber901" "2026-05-01 18:44:00", "1803898", "91.92.242.228:8008", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:20", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:44:00", "1803899", "93.71.143.3:9002", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-05-18 12:45:22", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2026-05-01 18:44:00", "1803900", "94.154.32.247:2025", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:59", "1803897", "91.219.238.234:3500", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:20", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 18:43:58", "1803896", "89.114.115.200:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 13:12:03", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 18:43:55", "1803895", "72.249.124.93:1977", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:08", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:53", "1803894", "59.152.212.164:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-05-18 12:45:01", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 18:43:52", "1803892", "5.101.86.65:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:52", "1803893", "5.101.86.65:8643", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:51", "1803889", "5.101.86.15:6798", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:51", "1803890", "5.101.86.15:9267", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:51", "1803891", "5.101.86.34:5749", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:50", "1803887", "5.101.82.190:5691", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:50", "1803888", "5.101.86.15:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:49", "1803885", "46.183.222.27:39473", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:49", "1803886", "46.183.222.27:43204", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:48", "1803884", "45.9.168.220:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:48", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:46", "1803882", "45.150.11.22:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:44:45", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 18:43:46", "1803883", "45.154.98.20:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:45", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:45", "1803881", "45.10.164.177:45123", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:44", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 18:43:44", "1803879", "38.54.122.233:63689", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:44:41", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 18:43:44", "1803880", "39.101.82.73:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:44:41", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-01 18:43:43", "1803877", "38.190.224.75:4338", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:40", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:43", "1803878", "38.190.224.78:4338", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:40", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:42", "1803876", "31.57.219.42:2042", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:38", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:41", "1803874", "31.57.184.154:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 18:43:41", "1803875", "31.57.184.187:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:37", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:27", "1803872", "212.50.233.30:10115", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:27", "1803873", "212.50.233.30:10123", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:26", "1803871", "209.127.184.165:2575", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:25", "1803868", "202.144.194.238:10111", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:25", "1803869", "202.144.194.238:10115", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:25", "1803870", "202.144.194.238:10123", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:53", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:24", "1803866", "195.88.191.41:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:50", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-01 18:43:24", "1803867", "195.88.191.41:7666", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:50", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-01 18:43:23", "1803865", "194.61.120.171:5881", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:22", "1803863", "192.227.232.124:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:46", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 18:43:22", "1803864", "193.124.131.235:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:47", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:21", "1803861", "190.255.86.67:5066", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:44", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:21", "1803862", "190.255.86.67:9140", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:44", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 18:43:20", "1803860", "190.255.86.67:5011", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:43", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 18:43:19", "1803858", "185.212.128.80:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:39", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 18:43:19", "1803859", "185.212.128.85:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:40", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 18:43:18", "1803857", "185.212.128.199:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:39", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 18:43:16", "1803856", "173.211.106.231:21320", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:33", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 18:43:15", "1803854", "172.245.54.187:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:31", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 18:43:15", "1803855", "172.94.17.208:5500", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 18:43:14", "1803853", "169.40.135.17:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:30", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:12", "1803850", "155.103.71.115:50030", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:12", "1803851", "155.103.71.115:50033", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:09", "1803849", "146.185.233.71:35412", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:19", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:07", "1803848", "134.122.162.29:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:13", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 18:43:06", "1803847", "130.94.77.156:62727", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:13", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 18:43:05", "1803845", "109.227.59.160:4433", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:43:09", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 18:43:05", "1803846", "114.132.29.20:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:10", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 18:43:04", "1803842", "104.168.5.25:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:04", "1803843", "107.175.113.106:55", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:43:08", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-01 18:43:04", "1803844", "109.176.229.9:3883", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:09", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 18:43:03", "1803841", "103.79.79.105:9001", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:43:05", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch" "2026-05-01 18:43:02", "1803840", "103.110.65.166:52223", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:03", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-01 14:51:07", "1803433", "195.177.94.23:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:50", "50", "False", "", "Remcos,RemcosRAT,Remvio,Socmer", "0", "whoamix302" "2026-05-01 14:44:50", "1803693", "8.222.192.153:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-01 14:44:47", "1803691", "54.205.26.32:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:13", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-01 14:44:47", "1803692", "64.83.42.94:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:13", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-01 14:44:44", "1803689", "47.236.91.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:09", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-01 14:44:30", "1803688", "165.22.16.194:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-01 14:44:20", "1803687", "118.25.178.35:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-01 14:44:09", "1803685", "secure-server.sbs", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-01 14:44:09", "1803686", "update.cdn-update.workers.dev", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-01 08:43:51", "1803518", "83.143.58.252:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:14", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:51", "1803520", "84.201.14.11:2177", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:15", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 08:43:50", "1803517", "80.66.84.163:61845", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:11", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:49", "1803514", "72.56.246.58:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:45:08", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 08:43:49", "1803515", "74.48.194.213:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:09", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 08:43:49", "1803516", "78.40.209.53:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:09", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 08:43:48", "1803512", "62.60.226.63:6856", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:48", "1803513", "64.89.163.114:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:06", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803506", "5.101.86.57:1984", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803507", "5.101.86.60:6798", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803508", "5.101.86.76:1338", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803509", "5.101.86.76:9323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803510", "5.101.86.76:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:46", "1803511", "5.101.86.78:9323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:45", "1803502", "5.101.81.81:4315", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:52", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:45", "1803503", "5.101.86.34:6913", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:45", "1803504", "5.101.86.4:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:45", "1803505", "5.101.86.4:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:44", "1803499", "46.151.182.71:22", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:44", "1803500", "47.103.106.26:2333", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:50", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 08:43:44", "1803501", "47.83.254.175:6321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:51", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 08:43:43", "1803496", "45.77.127.102:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:47", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 08:43:43", "1803497", "46.151.182.161:58001", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:43", "1803498", "46.151.182.33:4747", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:42", "1803495", "45.43.11.194:2026", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:46", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:41", "1803494", "45.133.174.41:8080", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:44", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:40", "1803493", "4.236.165.30:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:42", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 08:43:38", "1803491", "31.58.58.168:51272", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:38", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:38", "1803492", "31.58.76.179:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:38", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 08:43:37", "1803490", "3.19.238.211:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:44:35", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-01 08:43:36", "1803489", "217.60.241.19:5903", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:33", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:24", "1803488", "207.174.0.178:8206", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:55", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 08:43:23", "1803486", "20.2.83.254:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:53", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 08:43:23", "1803487", "203.202.232.104:2444", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:22", "1803484", "195.177.94.130:2037", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:22", "1803485", "198.135.55.193:32241", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:21", "1803481", "193.24.211.62:23581", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:47", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:21", "1803482", "193.24.211.62:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:48", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:21", "1803483", "194.116.236.110:6161", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:48", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:20", "1803478", "190.2.150.52:853", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:43", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:20", "1803479", "192.159.99.131:1458", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:45", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:20", "1803480", "192.253.248.29:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:46", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:19", "1803477", "185.28.84.202:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:43:41", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 08:43:17", "1803476", "178.16.53.63:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:36", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:16", "1803473", "178.128.252.142:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:35", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 08:43:16", "1803474", "178.16.52.24:789", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:35", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:16", "1803475", "178.16.53.183:111", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:35", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:15", "1803472", "172.94.101.157:3011", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:32", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:14", "1803470", "169.40.135.35:6158", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:30", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:14", "1803471", "172.111.198.151:3001", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:31", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 08:43:13", "1803466", "163.5.102.110:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:13", "1803467", "163.5.102.110:2407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:13", "1803468", "163.5.102.99:6325", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:13", "1803469", "164.68.99.7:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:28", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 08:43:12", "1803463", "158.220.113.212:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:24", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 08:43:12", "1803464", "158.94.209.210:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:43:25", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-05-01 08:43:12", "1803465", "158.94.209.227:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:43:25", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-05-01 08:43:11", "1803459", "154.83.148.26:22050", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:23", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 08:43:11", "1803460", "155.103.70.100:50030", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:11", "1803461", "155.103.70.100:50033", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:11", "1803462", "155.103.70.68:2323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:10", "1803457", "151.243.109.10:9323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:10", "1803458", "151.243.109.213:6325", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:09", "1803456", "146.190.133.216:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:20", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 08:43:08", "1803455", "143.202.105.137:9001", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:43:18", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 08:43:07", "1803452", "136.0.41.76:8443", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:14", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 08:43:07", "1803453", "138.9.0.87:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:07", "1803454", "138.9.212.10:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:06", "1803450", "130.12.180.184:2602", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:12", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:06", "1803451", "132.243.223.0:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:13", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:05", "1803447", "109.123.249.123:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:09", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-01 08:43:05", "1803448", "111.229.144.163:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:10", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch" "2026-05-01 08:43:05", "1803449", "124.198.131.36:9958", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:11", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:04", "1803445", "103.83.87.60:1515", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:05", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:04", "1803446", "104.238.34.58:7788", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:07", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 08:43:03", "1803442", "103.140.238.45:8887", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:03", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-01 08:43:03", "1803443", "103.140.238.45:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:03", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-01 08:43:03", "1803444", "103.147.228.120:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-01 07:08:50", "1803389", "165.154.24.229:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:53", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2026-05-01 07:08:49", "1803387", "203.160.54.22:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:57", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-01 07:08:49", "1803388", "103.230.15.38:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:27:34", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-01 07:08:46", "1803385", "106.75.31.247:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:39", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-01 07:08:46", "1803386", "146.19.125.9:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:49", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-01 02:43:32", "1803286", "94.176.3.228:48765", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:23", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:32", "1803287", "94.198.96.164:52452", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:23", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:32", "1803288", "94.198.96.164:55025", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:23", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:32", "1803289", "95.111.250.175:5435", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:23", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:32", "1803290", "98.81.111.167:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:24", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:32", "1803291", "98.97.125.70:8883", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:45:24", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:31", "1803279", "91.202.233.153:43555", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:31", "1803280", "91.215.85.151:47653", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:20", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:31", "1803281", "91.219.238.234:2700", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:20", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:31", "1803282", "93.127.134.156:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:21", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:31", "1803283", "94.154.35.160:1234", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:22", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:31", "1803284", "94.154.35.160:6466", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:22", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:31", "1803285", "94.154.35.73:1111", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:23", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:30", "1803274", "84.54.33.7:6745", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:16", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:30", "1803275", "85.121.5.202:5689", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:30", "1803276", "85.155.186.2:3821", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:30", "1803277", "89.125.50.18:30031", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:30", "1803278", "90.58.26.10:6060", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:19", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:29", "1803267", "83.136.209.49:56002", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:29", "1803268", "83.136.209.49:56003", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:29", "1803269", "83.97.20.133:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-05-18 12:45:15", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:29", "1803270", "83.97.20.133:80", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-05-18 12:45:15", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:29", "1803271", "83.98.39.53:8443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:45:15", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:29", "1803272", "83.98.39.54:8443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:45:15", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:29", "1803273", "84.54.33.227:7829", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:16", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:28", "1803262", "79.135.160.20:9999", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:10", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:28", "1803263", "80.96.109.95:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:12", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:28", "1803264", "80.96.113.212:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:28", "1803265", "81.229.251.143:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:45:12", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:28", "1803266", "83.136.209.49:56001", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:27", "1803257", "66.163.115.78:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:07", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:27", "1803258", "66.85.27.18:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:45:07", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:27", "1803259", "68.64.178.130:9900", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:08", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:27", "1803260", "72.56.246.58:443", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:45:08", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:27", "1803261", "72.56.246.58:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:45:09", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:26", "1803251", "52.198.162.251:16000", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:59", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:26", "1803252", "62.164.177.229:8088", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:45:03", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:26", "1803253", "62.171.150.165:7777", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:03", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:26", "1803254", "62.81.188.1:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:45:04", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:26", "1803255", "66.163.115.78:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:07", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:26", "1803256", "66.163.115.78:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:07", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:25", "1803245", "45.95.232.195:54655", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:48", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:25", "1803246", "46.101.77.223:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:44:48", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:25", "1803247", "46.243.205.154:10666", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:50", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:25", "1803248", "5.255.111.155:32543", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:58", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:25", "1803249", "5.42.221.153:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:44:58", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:25", "1803250", "5.75.185.142:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:59", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:24", "1803239", "45.155.69.175:42455", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:46", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:24", "1803240", "45.56.91.55:2003", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:46", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:24", "1803241", "45.67.228.215:4323", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:47", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:24", "1803242", "45.77.127.102:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:47", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:24", "1803243", "45.77.127.102:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:47", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:24", "1803244", "45.81.243.52:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:48", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:23", "1803235", "45.125.67.171:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:44", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:23", "1803236", "45.144.137.216:38271", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:45", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:23", "1803237", "45.154.25.64:41236", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:45", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:23", "1803238", "45.155.69.106:42211", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:45", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:22", "1803230", "38.76.217.23:9443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:41", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:22", "1803231", "43.134.133.177:8445", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-05-18 12:44:43", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:22", "1803232", "43.142.77.170:443", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:44:43", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:22", "1803233", "43.142.77.170:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:44:43", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:22", "1803234", "43.160.225.40:39001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:43", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:21", "1803224", "31.57.184.48:6523", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:21", "1803225", "37.72.140.15:5555", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:39", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:21", "1803226", "38.255.44.50:57893", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:41", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:21", "1803227", "38.54.108.229:19433", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:41", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:21", "1803228", "38.54.119.24:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:41", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:21", "1803229", "38.60.134.130:62858", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:44:41", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:20", "1803218", "222.255.100.119:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:44:34", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:20", "1803219", "23.227.203.6:42235", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:34", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:20", "1803220", "23.27.143.222:2850", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:44:34", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:20", "1803221", "3.113.66.233:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-05-18 12:44:35", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:20", "1803222", "31.57.184.154:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:20", "1803223", "31.57.184.48:2583", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:19", "1803211", "216.107.208.250:10444", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-05-18 12:43:58", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:19", "1803212", "216.126.239.161:3333", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:19", "1803213", "217.28.130.143:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:33", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:19", "1803214", "217.60.38.14:14421", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:33", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:19", "1803215", "219.142.15.101:4353", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:44:33", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:19", "1803216", "220.231.47.163:4353", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:44:33", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:19", "1803217", "221.130.42.19:4353", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:44:33", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:18", "1803204", "207.107.147.42:4438", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-05-18 12:43:55", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:18", "1803205", "208.249.244.20:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-05-18 12:43:55", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:18", "1803206", "209.151.145.164:8443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:43:55", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:18", "1803207", "209.38.248.122:9443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:56", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:18", "1803208", "212.227.93.107:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:57", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:18", "1803209", "212.43.144.122:9346", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:57", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:18", "1803210", "213.199.35.149:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-05-18 12:43:58", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:17", "1803199", "2.27.29.65:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:52", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:17", "1803200", "202.171.43.176:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:53", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:17", "1803201", "202.181.24.236:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:53", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:17", "1803202", "202.95.17.188:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:54", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:17", "1803203", "206.189.40.107:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:54", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:16", "1803194", "194.156.89.88:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:48", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:16", "1803195", "194.156.89.88:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:48", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:16", "1803196", "194.37.80.126:4430", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:49", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:16", "1803197", "198.135.54.83:1995", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:50", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:16", "1803198", "198.23.176.38:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 13:12:03", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:15", "1803187", "192.109.200.183:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:45", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:15", "1803188", "192.109.200.183:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:45", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:15", "1803189", "192.109.200.183:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:45", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:15", "1803190", "193.112.115.127:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:46", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:15", "1803191", "193.112.169.214:30892", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:46", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:15", "1803192", "193.23.137.40:3334", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:47", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:15", "1803193", "194.156.89.88:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:48", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:14", "1803180", "185.242.3.83:9909", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:41", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:14", "1803181", "185.247.224.40:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:41", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:14", "1803182", "188.137.176.37:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:42", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:14", "1803183", "188.137.183.184:9165", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:43", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:14", "1803184", "188.137.250.221:8593", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:43", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:14", "1803185", "188.73.162.175:9443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-05-18 12:43:43", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:14", "1803186", "192.109.200.183:4040", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:45", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:13", "1803173", "185.212.128.81:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:39", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:13", "1803174", "185.212.129.23:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:40", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:13", "1803175", "185.212.129.24:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:40", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:13", "1803176", "185.212.129.29:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:40", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:13", "1803177", "185.212.129.30:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:40", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:13", "1803178", "185.213.20.250:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:40", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:13", "1803179", "185.242.245.120:42534", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:41", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:12", "1803166", "180.184.29.135:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:37", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:12", "1803167", "182.255.45.114:4848", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:37", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:12", "1803168", "185.122.171.4:44355", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:37", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:12", "1803169", "185.163.204.62:963", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:12", "1803170", "185.163.204.62:972", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:12", "1803171", "185.212.128.25:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:39", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:12", "1803172", "185.212.128.48:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:39", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:11", "1803160", "173.249.214.203:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:33", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:11", "1803161", "178.16.52.105:207", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:35", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:11", "1803162", "178.16.52.22:8396", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:35", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:11", "1803164", "178.16.53.117:35630", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:35", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:11", "1803165", "179.43.140.225:1488", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:36", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:10", "1803155", "172.94.17.208:72", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:10", "1803156", "172.94.17.208:73", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:10", "1803157", "172.94.17.208:79", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:33", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:10", "1803158", "173.211.106.231:21321", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:33", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:10", "1803159", "173.242.59.199:8888", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:33", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:09", "1803148", "162.243.100.39:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:27", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:09", "1803149", "162.243.64.101:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:27", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:09", "1803150", "166.88.4.28:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:28", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:09", "1803151", "172.111.151.97:67", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:09", "1803152", "172.111.162.252:3030", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:09", "1803153", "172.9.165.216:8096", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:43:32", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:09", "1803154", "172.93.144.164:8580", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:08", "1803140", "153.75.224.159:5400", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-05-18 12:43:22", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:08", "1803141", "154.219.115.123:60001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:23", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:08", "1803142", "156.238.236.249:7930", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:24", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:08", "1803143", "158.94.209.132:99", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:08", "1803144", "158.94.209.132:999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:25", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:08", "1803145", "161.248.179.92:1111", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:08", "1803146", "161.248.179.92:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:08", "1803147", "162.14.124.25:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:27", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:07", "1803133", "149.104.110.163:59349", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:21", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:07", "1803134", "149.104.28.204:3656", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:21", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:07", "1803135", "149.104.66.230:53661", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:21", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:07", "1803136", "149.56.190.92:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:21", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:07", "1803137", "150.230.160.171:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:22", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:07", "1803138", "151.158.1.2:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-18 12:43:22", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-01 02:43:07", "1803139", "151.236.4.135:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-18 12:43:22", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:06", "1803127", "142.93.88.220:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:17", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-01 02:43:06", "1803128", "143.198.52.66:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:18", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:06", "1803129", "143.198.52.66:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:18", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:06", "1803130", "144.172.102.234:47653", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:06", "1803131", "144.172.65.125:4786", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:06", "1803132", "144.172.65.231:7001", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:19", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:05", "1803120", "130.94.41.162:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:13", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:05", "1803121", "134.175.253.242:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:13", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:05", "1803122", "137.220.137.66:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:05", "1803123", "137.220.137.66:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:05", "1803124", "138.124.113.131:4211", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:15", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:05", "1803125", "138.197.119.51:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:15", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:05", "1803126", "139.64.164.72:63337", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:43:17", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:04", "1803114", "115.42.60.122:5440", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:10", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:04", "1803115", "117.72.101.55:9520", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:43:11", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:04", "1803116", "119.91.247.247:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:11", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:04", "1803117", "130.49.214.74:52452", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:12", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:04", "1803118", "130.49.214.74:55025", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:12", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:04", "1803119", "130.94.23.39:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:03", "1803107", "103.151.52.35:3306", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:04", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:03", "1803108", "103.57.250.99:41895", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:05", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:03", "1803109", "103.75.190.47:54630", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:43:05", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-01 02:43:03", "1803110", "104.234.174.93:57712", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:06", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:03", "1803111", "106.55.71.62:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:08", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:03", "1803112", "114.132.133.191:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:10", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:03", "1803113", "115.190.247.97:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:10", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-01 02:43:02", "1803106", "102.209.118.229:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:02", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-04-30 18:43:45", "1802897", "82.156.219.31:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:18", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-30 18:43:33", "1802895", "39.105.74.52:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:02", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-30 18:43:33", "1802896", "39.105.74.52:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:02", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-30 18:43:30", "1802894", "193.53.127.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:56", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-30 18:43:25", "1802893", "149.88.73.40:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-30 18:43:10", "1802892", "www.microsslcheck.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-30 18:43:09", "1802891", "releases-export-finishing-phillips.trycloudflare.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-30 17:43:20", "1802796", "66.97.39.94:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 13:12:03", "100", "False", "None", "AS27823,chaos,Dattatec.com", "0", "antiphishorg" "2026-04-30 12:55:24", "1802724", "101.43.29.69:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:37", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-04-29 15:18:41", "1802153", "103.140.238.45:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:03", "75", "False", "", "Sliver", "0", "whoamix302" "2026-04-29 14:50:55", "1802144", "45.9.168.219:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:48", "75", "False", "https://bazaar.abuse.ch/sample/d448f06355d7484df4c27108b0f9c4ef313c34cafee87eb3d85eec012094300f/", "remcos", "0", "abuse_ch" "2026-04-29 14:43:42", "1802141", "82.156.62.131:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:18", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-29 14:43:33", "1802140", "46.137.196.122:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-29 14:43:28", "1802139", "217.154.212.25:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-29 14:43:24", "1802138", "156.245.147.98:9010", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-29 14:43:11", "1802137", "100.113.210.8:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-29 14:43:05", "1802136", "microsoftcdn.accesscam.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-29 10:43:33", "1802063", "47.109.20.107:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-29 07:49:06", "1801960", "156.245.147.101:9010", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:52", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-28 16:42:13", "1801579", "jicinvestments.monster", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-05-16 21:33:14", "100", "False", "", "ClickFix,ErrTraffic", "0", "netgrain" "2026-04-28 14:43:02", "1801679", "1318289497-6hwi9hel8e.ap-beijing.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-28 08:02:19", "1801466", "134.122.6.193:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 13:12:03", "100", "False", "None", "AS14061,chaos,DigitalOcean LLC", "0", "antiphishorg" "2026-04-28 06:50:21", "1801432", "175.24.201.23:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:54", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-27 11:02:18", "1800975", "45.43.59.179:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 10:46:10", "1800972", "ns1.twnic.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 10:43:32", "1800970", "cc.twnic.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 08:25:23", "1800903", "107.172.252.244:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:39", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-04-27 08:23:19", "1800899", "147.78.2.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:49", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-27 08:22:39", "1800898", "45.130.148.102:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:04", "100", "False", "None", "CobaltStrike,cs-watermark-305419896", "0", "abuse_ch" "2026-04-27 04:47:42", "1800672", "82.165.179.9:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:12", "75", "False", "https://bazaar.abuse.ch/sample/dc7926a343bf4a612ebd57924bd5e3a6df997164b090c662855f2f3e6e91c930/", "asyncrat", "0", "abuse_ch" "2026-04-27 04:43:30", "1800663", "175.24.201.23:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2026-05-18 12:45:54", "100", "False", "None", "Meterpreter", "0", "abuse_ch" "2026-04-27 00:51:07", "1800596", "31.57.184.186:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:36", "75", "False", "https://bazaar.abuse.ch/sample/39c0135a0e8d46053fbcaa4efe6cbc83d33cf8e7be43efbca1622b2f77c7b9c6/", "remcos", "0", "abuse_ch" "2026-04-26 18:36:03", "1800513", "91.92.242.236:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "2026-05-18 13:12:03", "50", "False", "https://tracker.viriback.com/index.php?q=91.92.242.236", "Amadey,ViriBack", "0", "abuse_ch" "2026-04-26 18:11:00", "1800411", "http://91.92.242.236/oPvjr94jfe/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-05-18 13:20:23", "100", "False", "None", "54e64e,amadey,c2", "0", "Bitsight" "2026-04-26 18:09:40", "1800498", "8.149.139.253:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:16", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:08:56", "1800496", "2.26.133.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:56", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:08:20", "1800494", "103.230.15.38:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:27:35", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 08:48:33", "1800301", "156.245.147.98:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-26 08:43:33", "1800299", "dd.googleos-js.vip", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-26 08:43:30", "1800298", "d2.googleos-js.vip", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-25 14:39:53", "1799966", "91.92.242.228:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:20", "75", "False", "", "None", "0", "whoamix302" "2026-04-25 14:21:21", "1800020", "8.136.97.98:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:15", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2026-04-25 14:17:33", "1800017", "124.222.75.188:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:47", "100", "False", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2026-04-24 08:38:30", "1797076", "cario.gr", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "2026-05-17 02:44:32", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-24 08:14:10", "1797062", "31.56.209.78:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:36", "75", "False", "", "Remcos,RemcosRAT,Remvio,Socmer", "0", "whoamix302" "2026-04-23 04:45:34", "1796426", "http://196.251.107.248/kont2rt/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-05-18 13:07:35", "100", "False", "None", "Amadey", "0", "abuse_ch" "2026-04-22 20:53:44", "1796314", "211.154.20.173:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-22 20:53:22", "1796313", "192.210.174.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-22 20:51:59", "1796312", "154.23.182.238:2086", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-22 20:50:52", "1796311", "141.227.135.62:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-22 20:43:46", "1796309", "cs.demo888999.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-22 14:48:06", "1796139", "mail.treysbeatend.com", "domain", "botnet_cc", "win.darkcloud", "None", "DarkCloud Stealer", "2026-05-18 13:12:04", "50", "False", "https://tracker.viriback.com/index.php?q=mail.treysbeatend.com", "Darkcloud,ViriBack", "0", "abuse_ch" "2026-04-22 14:43:34", "1796138", "c2.woshishabi.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-22 14:30:19", "1796097", "47.94.162.43:2222", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:11", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-22 10:36:10", "1796009", "82.156.62.131:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:18", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-21 16:49:31", "1795676", "vjscloudjsns.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-05-16 21:33:14", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-21 14:54:03", "1795599", "43.225.158.58:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-21 14:46:24", "1795596", "ws1.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-21 14:46:21", "1795595", "ws.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-21 12:55:02", "1795440", "107.174.186.78:4445", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:39", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-21 12:55:01", "1795439", "104.143.39.243:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:37", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-21 12:54:59", "1795450", "95.216.39.54:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 13:12:04", "100", "False", "None", "AS24940,chaos,Hetzner Online GmbH", "0", "antiphishorg" "2026-04-21 12:21:08", "1795542", "maqmex.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "2026-05-17 16:48:23", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-21 11:36:06", "1795519", "139.224.67.220:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:48", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-21 11:35:54", "1795518", "38.47.100.32:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 05:46:18", "100", "False", "None", "CobaltStrike,cs-watermark-666666", "0", "abuse_ch" "2026-04-21 11:31:32", "1795513", "103.97.176.69:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:37", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-20 10:52:12", "1794910", "39.100.66.238:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:01", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-20 10:52:11", "1794909", "39.100.66.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:00", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-19 18:25:29", "1794638", "http://213.5.130.87", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:05", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-19 15:49:02", "1794524", "138.226.236.215:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 13:12:04", "100", "False", "None", "AS205775,chaos,NEON CORE NETWORK LLC", "0", "antiphishorg" "2026-04-19 15:48:58", "1794558", "82.156.90.136:9180", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:18", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-19 14:47:49", "1794580", "149.88.86.94:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-19 14:46:35", "1794579", "118.25.183.203:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-19 14:43:12", "1794577", "cdn1.wakecoin.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-19 11:12:47", "1794459", "45.227.253.121:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:05", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-19 11:12:42", "1794458", "49.233.70.247:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:12", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-19 11:10:35", "1794455", "101.201.247.234:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:36", "100", "False", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2026-04-19 11:10:19", "1794454", "20.166.18.164:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:56", "100", "False", "None", "CobaltStrike,cs-watermark-305419896", "0", "abuse_ch" "2026-04-19 11:09:55", "1794452", "152.136.159.25:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:50", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2026-04-19 11:04:31", "1794042", "218.244.142.4:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:58", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-18 02:50:54", "1793921", "67.225.255.139:8882", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-18 02:48:46", "1793920", "209.59.184.78:8882", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-18 02:46:54", "1793918", "121.4.92.72:1111", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:46", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-17 20:50:11", "1793739", "43.230.200.254:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-17 20:44:37", "1793738", "ns2.jane2010.filegear-sg.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-17 20:44:14", "1793737", "ns1.jane2010.filegear-sg.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-17 18:15:06", "1793645", "http://213.5.130.147", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:06", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-17 13:32:15", "1793534", "91.92.241.242:80", "ip:port", "botnet_cc", "win.gcleaner", "None", "GCleaner", "2026-05-18 08:47:38", "100", "False", "None", "GCleaner,loader", "0", "Bitsight" "2026-04-17 06:51:38", "1793262", "47.121.197.137:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:08", "100", "False", "None", "CobaltStrike,cs-watermark-666666", "0", "abuse_ch" "2026-04-16 19:15:16", "1792978", "https://deriveratreeservice.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 17:30:55", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-16 10:57:49", "1792708", "47.109.23.77:4567", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 10:56:58", "1792707", "43.167.177.224:7778", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 04:49:21", "1792579", "18.170.69.70:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-16 13:46:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 02:58:55", "1792542", "52.220.247.175:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 02:56:40", "1792540", "43.128.59.217:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:03", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 02:56:02", "1792538", "35.179.185.166:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-16 13:46:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 02:55:03", "1792537", "18.170.69.70:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-16 13:46:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 02:52:19", "1792536", "124.71.231.231:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 02:45:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 02:43:47", "1792533", "cdn2.raqeeb.dev", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-16 13:46:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 02:43:39", "1792532", "bxx2rghe05kng.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-15 11:39:45", "1791738", "139.224.23.63:8866", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:48", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-15 11:31:30", "1791744", "52.220.247.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:12", "75", "False", "https://bazaar.abuse.ch/sample/03ca7bcc97fccc10ac293492afc385f3d50916060d6692a8ccc631176f7fda0a/", "CobaltStrike", "0", "abuse_ch" "2026-04-15 05:59:12", "1791442", "119.91.254.137:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:45", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-04-15 04:15:06", "1791367", "https://metaa.co.mz/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 18:00:54", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 18:35:26", "1790897", "http://185.183.35.120", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:07", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-14 13:18:35", "1790044", "https://semperfimovers.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 18:00:54", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 13:16:23", "1789632", "https://divinni.com.br/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 17:30:55", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 12:16:50", "1789018", "https://artmadasenegal.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 17:30:56", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:40:28", "1788609", "https://aandjequipmentrental.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 17:30:56", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:37:07", "1787889", "https://gsmtax.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 17:30:54", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:34:43", "1787385", "https://boostpadel.se/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 17:30:56", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:34:15", "1787290", "https://foodturerebels.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 17:30:55", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:33:07", "1787069", "https://fotomedia.hr/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 17:30:55", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:32:51", "1787027", "https://cannabis-dna.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-18 13:15:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 10:39:52", "1785656", "https://mcttt.gov.fj/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-18 13:15:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 09:47:52", "1786608", "https://thegingamebroadway.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 17:30:54", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 09:47:27", "1786534", "https://istriamaestranza.cl/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-17 17:30:54", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 06:06:10", "1785529", "http://185.183.35.206", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:06", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-14 05:10:44", "1785317", "140.143.207.166:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:17", "100", "False", "", "C2,Mythic", "0", "whoamix302" "2026-04-13 09:31:10", "1785103", "43.254.218.245:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 09:46:15", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-12 13:57:18", "1784698", "172.233.50.161:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-17 15:23:11", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-04-12 07:02:44", "1784575", "156.239.47.94:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:51", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-12 06:34:43", "1784558", "47.104.248.7:8884", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:06", "100", "False", "", "Agentemis,BEACON,C2,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-11 12:10:14", "1784256", "45.74.244.142:18433", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:47", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2026-04-11 07:06:58", "1783725", "120.48.18.226:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:45", "100", "False", "", "Agentemis,BEACON,C2,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-11 06:36:58", "1784155", "101.35.214.58:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:36", "100", "False", "None", "CobaltStrike,cs-watermark-305419896", "0", "abuse_ch" "2026-04-09 14:49:35", "1783376", "47.109.202.237:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-09 14:48:47", "1783375", "39.102.125.11:4435", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:01", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-09 14:48:14", "1783374", "195.85.207.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:56", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-07 23:06:40", "1782524", "82.165.179.9:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:13", "75", "False", "https://bazaar.abuse.ch/sample/4c3b97c157d08ee298edb5d30fa86a3b90b04fedfbe517e7e0307b6013eacbf0/", "asyncrat", "0", "abuse_ch" "2026-04-06 18:49:49", "1781907", "43.139.108.161:8192", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:03", "100", "False", "", "Agentemis,BEACON,C2,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-06 09:38:32", "1781668", "198.46.178.137:3268", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "2026-05-18 11:05:37", "75", "False", "https://bazaar.abuse.ch/sample/5b05520489442578ca57f50941bac97e499e0fd3a5ddc1fc47f7c53e2fa84df0/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2026-04-06 02:47:20", "1781593", "47.76.96.68:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-04 20:44:05", "1781225", "111.230.217.36:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-04 20:44:01", "1781224", "109.244.130.113:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-04 12:57:33", "1781055", "46.151.182.19:430", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-05-18 08:09:23", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-04-04 07:03:31", "1780954", "104.168.117.123:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:38", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-04-03 12:03:02", "1780664", "43.143.242.10:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:03", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-02 07:14:51", "1780369", "43.143.242.10:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:03", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-01 10:45:34", "1780037", "164.92.67.70:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:28", "50", "False", "https://www.shodan.io/host/164.92.67.70#443", "c2,havoc,shodan", "0", "juroots" "2026-03-31 06:41:35", "1779443", "l3cdnns.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-05-16 21:33:14", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-28 14:56:18", "1777986", "47.122.47.221:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:08", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-28 10:53:14", "1777919", "77.91.97.4:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-28 06:44:10", "1777836", "74.211.98.224:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:15", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-03-27 07:14:42", "1777162", "74.211.98.224:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:15", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-03-27 00:01:49", "1777022", "161.248.179.38:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:26", "100", "False", "https://search.censys.io/hosts/161.248.179.38", "AS150895,AsyncRAT,C2,censys,EZTECH-VN,RAT", "0", "DonPasci" "2026-03-27 00:00:31", "1777014", "49.234.199.152:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:12", "100", "False", "https://search.censys.io/hosts/49.234.199.152", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2026-03-26 16:00:34", "1776825", "120.48.25.153:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:45", "100", "False", "https://search.censys.io/hosts/120.48.25.153", "AS38365,BAIDU,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-03-26 14:59:36", "1776672", "158.94.209.95:80", "ip:port", "botnet_cc", "win.gcleaner", "None", "GCleaner", "2026-05-18 08:35:03", "100", "False", "None", "GCleaner,loader", "0", "Bitsight" "2026-03-25 20:00:39", "1776411", "83.229.127.46:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:19", "100", "False", "https://search.censys.io/hosts/83.229.127.46", "AS139659,C2,censys,CobaltStrike,cs-watermark-666666666,LUCID-AS-AP", "0", "DonPasci" "2026-03-24 12:01:13", "1774903", "37.72.172.58:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:39", "100", "False", "https://search.censys.io/hosts/37.72.172.58", "AS29802,AsyncRAT,C2,censys,HVC-AS,RAT", "0", "DonPasci" "2026-03-24 12:00:35", "1774898", "47.92.208.27:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:11", "100", "False", "https://search.censys.io/hosts/47.92.208.27", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-03-23 21:06:09", "1774595", "154.83.12.132:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-23 15:24:12", "1774401", "43.154.190.128:33060", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-23 06:56:53", "1774143", "103.117.120.98:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:37", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-03-23 06:56:52", "1774142", "115.191.25.159:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:41", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-03-23 06:53:11", "1774131", "46.151.182.19:421", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-05-18 08:09:23", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-22 20:01:13", "1773942", "100.52.66.182:8080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:02", "100", "False", "https://search.censys.io/hosts/100.52.66.182", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci" "2026-03-22 18:02:20", "1773536", "156.239.252.191:448", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:51", "100", "False", "", "BEACON,C2,CobaltStrike,Shodan", "0", "whoamix302" "2026-03-21 20:00:25", "1773380", "47.76.96.68:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:10", "100", "False", "https://search.censys.io/hosts/47.76.96.68", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-03-21 00:00:22", "1772963", "111.229.48.203:10000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 05:46:18", "100", "False", "https://search.censys.io/hosts/111.229.48.203", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2026-03-20 16:00:44", "1772653", "5.101.86.72:3305", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:57", "100", "False", "https://search.censys.io/hosts/5.101.86.72", "AS-GLOBALTELEHOST,AS62563,C2,censys,RAT,Remcos", "0", "DonPasci" "2026-03-20 16:00:21", "1772652", "101.35.95.103:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:37", "100", "False", "https://search.censys.io/hosts/101.35.95.103", "AS45090,C2,censys,CobaltStrike,cs-watermark-0,TENCENT-NET-AP", "0", "DonPasci" "2026-03-20 06:42:00", "1771875", "182.255.44.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:55", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-03-20 04:19:09", "1771846", "51.222.87.16:433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-20 04:08:17", "1771843", "cdn.sys-update.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-20 00:02:12", "1771791", "8.136.13.87:7001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:10", "100", "False", "https://search.censys.io/hosts/8.136.13.87", "AdaptixC2,ALIBABA-CN-NET,AS37963,C2,censys", "0", "DonPasci" "2026-03-19 20:02:51", "1771714", "45.136.13.247:43211", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:44", "100", "False", "https://search.censys.io/hosts/45.136.13.247", "AdaptixC2,AS139659,C2,censys,LUCID-AS-AP", "0", "DonPasci" "2026-03-19 04:00:37", "1771235", "85.206.168.238:888", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:17", "100", "False", "https://search.censys.io/hosts/85.206.168.238", "AS61272,C2,censys,IST-AS,RAT,Remcos", "0", "DonPasci" "2026-03-19 00:00:22", "1771152", "165.154.244.77:2562", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:53", "100", "False", "https://search.censys.io/hosts/165.154.244.77", "AS142002,C2,censys,CobaltStrike,cs-watermark-987654321,SCLOUDPTELTD-AS", "0", "DonPasci" "2026-03-18 16:00:39", "1770846", "130.12.180.184:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:12", "100", "False", "https://search.censys.io/hosts/130.12.180.184", "AS202412,C2,censys,OMEGATECH-AS,RAT,Remcos", "0", "DonPasci" "2026-03-18 04:00:18", "1769955", "43.138.39.212:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:03", "100", "False", "https://search.censys.io/hosts/43.138.39.212", "AS45090,C2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2026-03-17 20:03:22", "1769709", "172.86.107.196:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:43:32", "100", "False", "https://search.censys.io/hosts/172.86.107.196", "AS14956,C2,censys,Pupy,RAT,ROUTERHOSTING", "0", "DonPasci" "2026-03-17 08:00:33", "1769102", "167.88.160.135:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:43:29", "100", "False", "https://search.censys.io/hosts/167.88.160.135", "AS14956,C2,censys,RAT,Remcos,ROUTERHOSTING", "0", "DonPasci" "2026-03-17 02:48:23", "1768984", "156.245.144.203:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-16 10:41:19", "1767951", "http://82.38.71.155/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-05-18 12:54:51", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-03-15 14:49:59", "1767015", "156.245.144.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-15 14:49:59", "1767016", "156.245.144.203:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-15 06:51:25", "1766813", "119.29.117.194:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:11", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-03-15 04:01:14", "1766764", "202.191.67.71:50003", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:53", "100", "False", "https://search.censys.io/hosts/202.191.67.71", "AdaptixC2,AS131262,C2,censys,KELNET-AS-AP", "0", "DonPasci" "2026-03-14 08:24:37", "1765797", "31.57.216.28:421", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-05-18 08:09:23", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-14 08:24:37", "1765798", "130.12.182.175:421", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-05-18 08:09:23", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-14 08:24:37", "1765802", "46.151.182.245:421", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-05-18 08:09:23", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-14 08:24:37", "1765803", "31.57.216.27:421", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-05-18 08:09:23", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-14 08:00:55", "1765787", "5.101.82.60:2509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:53", "100", "False", "https://search.censys.io/hosts/5.101.82.60", "AS-GLOBALTELEHOST,AS63023,C2,censys,RAT,Remcos", "0", "DonPasci" "2026-03-14 04:01:15", "1765717", "194.163.175.135:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-17 08:36:28", "100", "False", "https://search.censys.io/hosts/194.163.175.135", "AS51167,C2,censys,CONTABO,Mythic", "0", "DonPasci" "2026-03-13 04:01:11", "1764276", "46.151.182.205:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:49", "100", "False", "https://search.censys.io/hosts/46.151.182.205", "AS205759,AsyncRAT,C2,censys,GHOSTYNETWORKS,RAT", "0", "DonPasci" "2026-03-11 23:00:21", "1763737", "130.12.182.209:9456", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-05-18 12:43:12", "100", "False", "https://tria.ge/260311-zw3w6adw5k", "quasar", "0", "dyingbreeds_" "2026-03-11 16:01:48", "1763543", "159.138.31.252:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:25", "100", "False", "https://search.censys.io/hosts/159.138.31.252", "AS136907,C2,censys,HWCLOUDS-AS-AP,Mythic", "0", "DonPasci" "2026-03-11 12:01:42", "1763331", "77.237.245.173:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:09", "100", "False", "https://search.censys.io/hosts/77.237.245.173", "AS51167,C2,censys,CONTABO,Covenant", "0", "DonPasci" "2026-03-11 07:03:38", "1763170", "60.247.206.23:7443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:13", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2026-03-10 00:01:13", "1762492", "107.172.3.15:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:08", "100", "False", "https://search.censys.io/hosts/107.172.3.15", "AS-COLOCROSSING,AS36352,C2,censys,Mythic", "0", "DonPasci" "2026-03-10 00:00:32", "1762489", "115.29.231.140:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:41", "100", "False", "https://search.censys.io/hosts/115.29.231.140", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-03-09 21:47:27", "1762462", "38.147.170.252:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-09 00:00:50", "1761914", "31.57.216.128:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:37", "100", "False", "https://search.censys.io/hosts/31.57.216.128", "AS36680,C2,censys,NETIFACELLC,RAT,Remcos", "0", "DonPasci" "2026-03-08 06:45:42", "1761283", "31.57.216.28:430", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-05-18 08:09:23", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-08 06:45:42", "1761285", "31.57.216.27:430", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-05-18 08:09:23", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-08 06:45:42", "1761286", "130.12.182.175:430", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-05-18 08:09:23", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-08 06:45:42", "1761289", "46.151.182.245:430", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-05-18 08:09:23", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-07 08:01:02", "1760833", "20.100.168.21:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:52", "100", "False", "https://search.censys.io/hosts/20.100.168.21", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Mythic", "0", "DonPasci" "2026-03-07 00:01:48", "1760516", "146.190.17.255:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:20", "100", "False", "https://search.censys.io/hosts/146.190.17.255", "AdaptixC2,AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "DonPasci" "2026-03-06 00:01:40", "1759331", "194.36.178.53:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:49", "100", "False", "https://search.censys.io/hosts/194.36.178.53", "AdaptixC2,AS200740,C2,censys,FIRST-SERVER-EU-AS", "0", "DonPasci" "2026-03-05 14:50:41", "1758940", "aliyun.commandandcontrol.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-03-05 06:17:58", "1758456", "http://213.5.130.197", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:06", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:57", "1758457", "http://213.5.130.154", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:08", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:56", "1758458", "http://213.5.130.200", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:08", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:55", "1758459", "http://213.5.130.131", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:07", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:54", "1758460", "http://213.5.130.179", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:06", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:54", "1758461", "http://213.5.130.189", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:07", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-02 15:30:09", "1756955", "104.243.248.63:1801", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:07", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2026-03-01 14:27:15", "1756333", "171.22.181.114:38990", "ip:port", "botnet_cc", "elf.pink", "None", "Pink", "2026-05-18 13:16:57", "100", "False", "None", "Pink", "0", "Bitsight" "2026-02-28 11:00:05", "1755728", "188.227.14.105:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:55", "100", "False", "https://search.censys.io/hosts/188.227.14.105", "AS35000,C2,censys", "0", "dyingbreeds_" "2026-02-28 07:14:35", "1755641", "143.92.51.45:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 19:45:43", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-02-28 02:53:10", "1755599", "59.110.40.60:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:13", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-27 07:00:15", "1755300", "23.226.136.169:50051", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:58", "100", "False", "https://search.censys.io/hosts/23.226.136.169", "AS36352,C2,censys", "0", "dyingbreeds_" "2026-02-26 07:04:33", "1754986", "47.84.183.211:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:51", "100", "False", "https://search.censys.io/hosts/47.84.183.211", "AS45102,C2,censys", "0", "dyingbreeds_" "2026-02-26 03:30:06", "1754935", "178.157.59.195:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-25 19:02:08", "1754717", "103.39.79.102:7443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:37", "100", "False", "https://search.censys.io/hosts/103.39.79.102", "AS932,C2,censys", "0", "dyingbreeds_" "2026-02-25 19:01:08", "1754671", "115.190.250.28:5521", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:41", "100", "False", "https://search.censys.io/hosts/115.190.250.28", "AS137718,C2,censys", "0", "dyingbreeds_" "2026-02-25 19:00:47", "1754652", "47.92.169.87:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:10", "100", "False", "https://search.censys.io/hosts/47.92.169.87", "AS37963,C2,censys", "0", "dyingbreeds_" "2026-02-23 23:00:07", "1753846", "64.89.161.183:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:14", "100", "False", "https://search.censys.io/hosts/64.89.161.183", "AS205759,C2,censys,GHOSTYNETWORKS", "0", "dyingbreeds_" "2026-02-21 03:00:07", "1751453", "47.104.159.246:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:06", "100", "False", "https://search.censys.io/hosts/47.104.159.246", "AS37963,C2,censys", "0", "dyingbreeds_" "2026-02-20 20:01:09", "1751395", "115.190.53.184:666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:41", "100", "False", "https://search.censys.io/hosts/115.190.53.184", "AS137718,C2,censys,CobaltStrike,cs-watermark-1234567890,VOLCANO-ENGINE", "0", "DonPasci" "2026-02-20 11:00:06", "1751104", "107.172.217.220:12096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:39", "100", "False", "https://search.censys.io/hosts/107.172.217.220", "AS36352,C2,censys", "0", "dyingbreeds_" "2026-02-20 08:47:26", "1751083", "185.180.198.3:2025", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:38", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-02-20 08:47:26", "1751084", "185.180.198.3:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:38", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-02-20 07:09:34", "1751056", "81.68.89.216:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:17", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-02-16 09:05:30", "1749217", "111.228.4.54:4455", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:39", "50", "False", "https://www.shodan.io/host/111.228.4.54#4455", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2026-02-15 12:00:54", "1748709", "119.91.54.176:50001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:45", "100", "False", "https://search.censys.io/hosts/119.91.54.176", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2026-02-14 18:46:07", "1748314", "27.221.15.199:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:44:35", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-02-14 15:11:17", "1748256", "101.200.193.211:8086", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:36", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-02-13 08:01:04", "1747433", "83.229.127.46:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:18", "100", "False", "https://search.censys.io/hosts/83.229.127.46", "AS139659,C2,censys,CobaltStrike,cs-watermark-666666666,LUCID-AS-AP", "0", "DonPasci" "2026-02-13 07:00:24", "1747139", "45.66.164.17:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:46", "100", "False", "https://search.censys.io/hosts/45.66.164.17", "AS63023,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-13 06:59:13", "1747121", "117.72.191.140:8028", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:43", "50", "False", "https://www.shodan.io/host/117.72.191.140#8028", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2026-02-13 04:03:07", "1747077", "45.155.69.147:42535", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:45", "100", "False", "https://search.censys.io/hosts/45.155.69.147", "AdaptixC2,AS214927,C2,censys,PSB-AS", "0", "DonPasci" "2026-02-12 20:00:41", "1747002", "118.107.0.254:2002", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:44", "100", "False", "https://search.censys.io/hosts/118.107.0.254", "AS152194,C2,censys,CobaltStrike,cs-watermark-987654321,CTGSERVERLIMITED-AS-AP", "0", "DonPasci" "2026-02-12 16:01:27", "1746911", "175.192.75.105:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:34", "100", "False", "https://search.censys.io/hosts/175.192.75.105", "AS4766,C2,censys,KIXS-AS-KR,Netsupport,RAT", "0", "DonPasci" "2026-02-11 11:00:07", "1745677", "128.241.229.70:6001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:47", "100", "False", "https://search.censys.io/hosts/128.241.229.70", "AS213802,C2,censys,TF", "0", "dyingbreeds_" "2026-02-11 10:49:56", "1745673", "120.77.211.144:12345", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:46", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-11 03:00:10", "1744438", "45.192.110.197:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:05", "100", "False", "https://search.censys.io/hosts/45.192.110.197", "AS401701,C2,censys", "0", "dyingbreeds_" "2026-02-10 19:00:10", "1744346", "1.15.171.190:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:35", "100", "False", "https://search.censys.io/hosts/1.15.171.190", "AS45090,C2,censys", "0", "dyingbreeds_" "2026-02-10 03:25:57", "1744184", "8.141.93.66:12345", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:16", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-10 03:00:13", "1744175", "118.107.0.254:2003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:44", "100", "False", "https://search.censys.io/hosts/118.107.0.254", "AS152194,C2,censys", "0", "dyingbreeds_" "2026-02-09 23:00:07", "1744145", "47.109.45.70:12345", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:07", "100", "False", "https://search.censys.io/hosts/47.109.45.70", "AS37963,C2,censys", "0", "dyingbreeds_" "2026-02-09 11:00:33", "1743594", "15.204.14.143:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:21", "100", "False", "https://search.censys.io/hosts/15.204.14.143", "AS16276,C2,censys,OVH", "0", "dyingbreeds_" "2026-02-08 16:00:16", "1743398", "192.3.233.166:59850", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:56", "100", "False", "https://search.censys.io/hosts/192.3.233.166", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-02-08 15:42:41", "1743395", "1.15.25.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:40", "1743391", "106.52.208.143:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:40", "1743392", "106.13.137.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:40", "1743393", "101.43.2.116:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:40", "1743394", "101.133.148.66:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:39", "1743388", "115.190.178.249:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:39", "1743389", "114.132.150.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:39", "1743390", "110.40.176.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:37", "1743386", "120.48.50.33:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:37", "1743387", "117.72.214.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:36", "1743381", "124.223.199.39:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:36", "1743382", "124.221.32.87:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:36", "1743383", "124.220.48.168:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:36", "1743384", "124.220.164.98:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:36", "1743385", "121.41.167.80:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:35", "1743378", "152.136.139.105:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:35", "1743379", "129.204.103.151:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:35", "1743380", "124.223.47.219:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:34", "1743374", "172.245.215.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:34", "1743375", "165.154.125.212:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:34", "1743376", "156.233.233.134:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:34", "1743377", "154.201.91.224:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:33", "1743370", "38.190.224.63:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:33", "1743371", "222.255.214.236:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:33", "1743372", "192.252.187.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:33", "1743373", "178.16.52.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:32", "1743365", "43.139.146.100:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:32", "1743366", "43.133.41.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:32", "1743367", "42.192.49.72:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:32", "1743368", "39.107.85.83:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:32", "1743369", "39.106.144.162:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:31", "1743363", "47.100.168.4:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:31", "1743364", "43.139.169.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:30", "1743362", "47.111.146.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:29", "1743358", "47.243.175.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:29", "1743359", "47.239.188.48:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:29", "1743360", "47.122.30.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:29", "1743361", "47.122.1.243:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:28", "1743356", "61.166.154.109:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:28", "1743357", "49.235.177.231:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:27", "1743353", "81.70.255.195:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:27", "1743354", "81.69.98.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:27", "1743355", "8.210.78.137:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:26", "1743351", "83.229.126.65:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:26", "1743352", "81.71.159.99:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:15", "1743349", "83.229.123.61:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:23", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:15", "1743350", "83.229.126.183:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:23", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:14", "1743348", "8.153.205.30:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:13", "1743347", "8.137.149.67:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:12", "1743344", "47.93.28.103:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:12", "1743345", "60.205.139.210:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:12", "1743346", "lcowpowerlite.italynorth.cloudapp.azure.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:11", "1743340", "47.109.198.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:11", "1743341", "47.120.70.161:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:11", "1743342", "47.121.137.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:11", "1743343", "47.121.29.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:10", "1743336", "45.115.236.152:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:10", "1743338", "47.107.136.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:10", "1743339", "47.109.145.121:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:09", "1743333", "192.140.176.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:09", "1743334", "36.140.162.173:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:09", "1743335", "39.105.165.37:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:08", "1743330", "152.32.251.78:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:08", "1743331", "154.201.74.112:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:08", "1743332", "179.43.186.214:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:07", "1743326", "139.196.41.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:07", "1743327", "139.224.16.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:07", "1743328", "14.103.175.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:07", "1743329", "150.187.25.242:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:06", "1743322", "120.48.168.57:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:06", "1743323", "121.40.18.128:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:06", "1743324", "122.51.93.94:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:06", "1743325", "134.122.140.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:05", "1743320", "117.72.102.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:05", "1743321", "117.72.242.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:04", "1743318", "113.44.67.52:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:04", "1743319", "115.190.161.178:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:03", "1743314", "106.38.201.95:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:03", "1743315", "106.75.162.108:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:03", "1743316", "106.75.215.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:03", "1743317", "106.75.224.31:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:02", "1743312", "106.12.219.245:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 15:42:02", "1743313", "106.13.29.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2026-02-08 11:00:25", "1743267", "15.204.14.143:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:21", "100", "False", "https://search.censys.io/hosts/15.204.14.143", "AS16276,C2,censys,OVH", "0", "dyingbreeds_" "2026-02-08 04:00:55", "1743209", "15.204.95.228:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:21", "100", "False", "https://search.censys.io/hosts/15.204.95.228", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci" "2026-02-08 02:49:47", "1743198", "47.239.230.84:20000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-07 03:00:18", "1742595", "174.138.86.141:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:34", "100", "False", "https://search.censys.io/hosts/174.138.86.141", "AS14061,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-06 14:07:28", "1742492", "45.196.97.119:443", "ip:port", "botnet_cc", "elf.xmrig", "None", "XMRIG", "2026-05-16 22:09:20", "100", "False", "", "censys,CoinMiner,XMRig", "0", "NDA0E" "2026-02-06 14:07:28", "1742493", "45.196.97.119:53", "ip:port", "botnet_cc", "elf.xmrig", "None", "XMRIG", "2026-05-16 22:09:20", "100", "False", "", "censys,CoinMiner,XMRig", "0", "NDA0E" "2026-02-06 14:07:28", "1742494", "45.196.97.119:80", "ip:port", "botnet_cc", "elf.xmrig", "None", "XMRIG", "2026-05-16 22:09:20", "100", "False", "", "censys,CoinMiner,XMRig", "0", "NDA0E" "2026-02-06 14:07:28", "1742495", "45.196.97.119:123", "ip:port", "botnet_cc", "elf.xmrig", "None", "XMRIG", "2026-05-16 22:09:20", "100", "False", "", "censys,CoinMiner,XMRig", "0", "NDA0E" "2026-02-05 13:04:12", "1741652", "192.159.99.249:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:45", "50", "False", "https://www.shodan.io/host/192.159.99.249#5555", "c2,evilginx,shodan", "0", "juroots" "2026-02-05 13:01:59", "1741587", "57.158.27.132:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:45:01", "50", "False", "https://www.shodan.io/host/57.158.27.132#31337", "c2,shodan,sliver", "0", "juroots" "2026-02-05 11:00:23", "1741476", "94.74.0.253:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:23", "100", "False", "https://search.censys.io/hosts/94.74.0.253", "AS39636,ASN-AEMNET,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-05 06:34:37", "1741375", "37.72.172.58:6066", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:39", "75", "False", "", "AS29802,asyncrat,c2,fofa,RAT", "0", "oxygen28" "2026-02-04 11:00:54", "1741132", "172.174.234.34:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:31", "100", "False", "https://search.censys.io/hosts/172.174.234.34", "AS8075,C2,censys,Mythic", "0", "dyingbreeds_" "2026-02-04 00:02:27", "1740953", "188.166.244.201:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:43", "100", "False", "https://search.censys.io/hosts/188.166.244.201", "AdaptixC2,AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "DonPasci" "2026-02-03 08:00:27", "1740691", "149.129.37.105:30002", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:50", "100", "False", "https://search.censys.io/hosts/149.129.37.105", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-02-03 06:28:43", "1740558", "85.198.98.75:443", "ip:port", "botnet_cc", "win.salatstealer", "None", "SalatStealer", "2026-05-17 07:52:30", "100", "False", "https://www.threat.rip/file/772ac7c83243cdcdea829d7b0f09caa388aa696927e64238a7d84a58e9d52621/config", "salatstealer", "0", "Neiki" "2026-02-03 02:50:21", "1740521", "192.140.176.79:12124", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-02-03 00:02:43", "1740216", "47.115.175.62:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:51", "100", "False", "https://search.censys.io/hosts/47.115.175.62", "AdaptixC2,ALIBABA-CN-NET,AS37963,C2,censys", "0", "DonPasci" "2026-02-01 04:00:57", "1739650", "143.198.215.97:8080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:18", "100", "False", "https://search.censys.io/hosts/143.198.215.97", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2026-01-31 00:05:33", "1739255", "98.85.71.175:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:24", "100", "False", "https://search.censys.io/hosts/98.85.71.175", "AMAZON-AES,AS14618,C2,censys,Mythic", "0", "DonPasci" "2026-01-30 20:05:39", "1739227", "143.198.215.97:8000", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:18", "100", "False", "https://search.censys.io/hosts/143.198.215.97", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2026-01-30 18:54:11", "1739209", "47.115.193.52:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:44:51", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-30 16:05:29", "1739169", "167.99.208.145:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:29", "100", "False", "https://search.censys.io/hosts/167.99.208.145", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2026-01-30 16:04:48", "1739163", "107.150.105.91:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:09", "100", "False", "https://search.censys.io/hosts/107.150.105.91", "AS135377,C2,censys,CobaltStrike,cs-watermark-666666666,UCLOUD-HK-AS-AP", "0", "DonPasci" "2026-01-30 08:04:49", "1739009", "111.92.243.40:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:10", "100", "False", "https://search.censys.io/hosts/111.92.243.40", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-666666666", "0", "DonPasci" "2026-01-30 02:43:40", "1738915", "104.238.60.108:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:07", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-01-30 02:43:40", "1738916", "104.238.60.108:54372", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:07", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-01-30 00:06:02", "1738909", "68.64.178.201:54321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:08", "100", "False", "https://search.censys.io/hosts/68.64.178.201", "AdaptixC2,AS139659,C2,censys,LUCID-AS-AP", "0", "DonPasci" "2026-01-27 02:48:54", "1737830", "106.12.219.245:8072", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-26 23:00:09", "1737790", "47.120.46.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:19", "100", "False", "https://search.censys.io/hosts/47.120.46.230", "AS37963,C2,censys", "0", "dyingbreeds_" "2026-01-26 16:04:28", "1737734", "121.40.37.253:50059", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:46", "100", "False", "https://search.censys.io/hosts/121.40.37.253", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-305419896", "0", "DonPasci" "2026-01-26 13:57:13", "1737664", "https://fluraresto.me/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:11:28", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-01-26 13:57:13", "1737665", "https://mastralakkot.live/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:19:31", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-01-26 08:05:39", "1737569", "27.223.85.234:58001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:35", "100", "False", "https://search.censys.io/hosts/27.223.85.234", "AdaptixC2,AS4837,C2,censys,CHINA169-BACKBONE", "0", "DonPasci" "2026-01-25 22:49:35", "1737455", "167.179.76.179:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-25 22:48:35", "1737454", "ns1.ns-apache.jo3.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-24 18:47:55", "1736696", "80.87.206.64:443", "ip:port", "botnet_cc", "win.rhysida", "None", "Rhysida", "2026-05-18 12:45:12", "75", "False", "None", "drb-ra,Rhysida", "0", "abuse_ch" "2026-01-24 18:47:55", "1736697", "80.87.206.64:80", "ip:port", "botnet_cc", "win.rhysida", "None", "Rhysida", "2026-05-18 12:45:12", "75", "False", "None", "drb-ra,Rhysida", "0", "abuse_ch" "2026-01-24 07:09:13", "1736329", "223.26.63.57:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:58", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-01-23 08:45:57", "1736034", "158.158.8.193:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-05-18 12:43:24", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2026-01-23 08:04:06", "1736014", "47.120.32.72:8075", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:08", "100", "False", "https://search.censys.io/hosts/47.120.32.72", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-01-22 12:04:28", "1735522", "176.31.71.168:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:43:34", "100", "False", "https://search.censys.io/hosts/176.31.71.168", "AS16276,C2,censys,OVH,Pupy,RAT", "0", "DonPasci" "2026-01-22 04:04:19", "1735412", "34.64.98.201:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:44:38", "100", "False", "https://search.censys.io/hosts/34.64.98.201", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Pupy,RAT", "0", "DonPasci" "2026-01-22 00:04:16", "1735387", "34.64.98.201:8443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:44:38", "100", "False", "https://search.censys.io/hosts/34.64.98.201", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Pupy,RAT", "0", "DonPasci" "2026-01-21 20:04:36", "1735342", "54.145.56.188:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:59", "100", "False", "https://search.censys.io/hosts/54.145.56.188", "AMAZON-AES,AS14618,C2,censys,Mythic", "0", "DonPasci" "2026-01-21 20:03:53", "1735337", "121.4.92.72:5000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:46", "100", "False", "https://search.censys.io/hosts/121.4.92.72", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2026-01-18 12:50:36", "1734177", "179.43.189.17:9443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-18 00:03:59", "1734081", "103.79.79.105:8444", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:43:05", "100", "False", "https://search.censys.io/hosts/103.79.79.105", "AS199959,C2,censys,CROWNCLOUD,Pupy,RAT", "0", "DonPasci" "2026-01-17 11:00:10", "1733763", "113.250.188.15:8078", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:40", "100", "False", "https://search.censys.io/hosts/113.250.188.15", "AS134420,C2,censys", "0", "dyingbreeds_" "2026-01-16 11:05:53", "1732736", "64.23.231.32:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:45:05", "50", "False", "https://www.shodan.io/host/64.23.231.32#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-16 11:05:09", "1732716", "139.196.41.201:30001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:48", "50", "False", "https://www.shodan.io/host/139.196.41.201#30001", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2026-01-16 11:03:46", "1732709", "117.72.178.246:4848", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:43", "50", "False", "https://www.shodan.io/host/117.72.178.246#4848", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2026-01-16 04:03:22", "1732603", "47.98.253.102:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:11", "100", "False", "https://search.censys.io/hosts/47.98.253.102", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2026-01-14 00:03:11", "1732041", "120.48.168.57:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:45", "100", "False", "https://search.censys.io/hosts/120.48.168.57", "AS38365,BAIDU,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-01-13 20:03:58", "1732012", "212.103.26.10:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:57", "100", "False", "https://search.censys.io/hosts/212.103.26.10", "AS15557,C2,censys,Havoc,LDCOMNET", "0", "DonPasci" "2026-01-13 08:52:00", "1731532", "54.38.94.225:8881", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:45:00", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-01-12 23:00:32", "1701407", "64.23.248.252:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:45:06", "100", "False", "https://search.censys.io/hosts/64.23.248.252", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2026-01-11 08:04:17", "1700791", "83.229.123.61:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:18", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-01-10 06:45:16", "1700297", "139.224.16.185:1234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:48", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-01-09 11:01:05", "1693493", "137.184.93.131:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:14", "100", "False", "https://search.censys.io/hosts/137.184.93.131", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "dyingbreeds_" "2026-01-09 10:49:50", "1693476", "www.quick-shares.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-09 04:02:43", "1693407", "8.148.184.136:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:16", "100", "False", "https://search.censys.io/hosts/8.148.184.136", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-01-08 23:00:12", "1693365", "117.72.178.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:12", "100", "False", "https://search.censys.io/hosts/117.72.178.246", "AS141679,C2,censys", "0", "dyingbreeds_" "2026-01-08 22:50:04", "1693357", "172.94.18.103:191", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:33", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2026-01-07 20:02:36", "1692743", "38.49.57.15:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:17", "100", "False", "https://search.censys.io/hosts/38.49.57.15", "AS8796,C2,censys,CobaltStrike,cs-watermark-666666666,FD-298-8796", "0", "DonPasci" "2026-01-06 16:02:27", "1692083", "47.243.238.194:54188", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:10", "100", "False", "https://search.censys.io/hosts/47.243.238.194", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-01-06 10:49:31", "1692008", "api.shenzhenschool.fun", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-06 08:02:23", "1691952", "115.190.233.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:11", "100", "False", "https://search.censys.io/hosts/115.190.233.79", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci" "2026-01-05 20:24:02", "1691706", "62.60.226.159:80", "ip:port", "botnet_cc", "win.tinyloader", "None", "TinyLoader", "2026-05-18 13:12:04", "50", "False", "https://tracker.viriback.com/index.php?q=62.60.226.159", "TinyLoader,ViriBack", "0", "abuse_ch" "2026-01-05 13:21:42", "1691605", "http://213.5.130.122", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:05", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:41", "1691603", "http://213.5.130.151", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:07", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:40", "1691604", "http://213.5.130.124", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:06", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:40", "1691606", "http://213.5.130.187", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:07", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 08:35:25", "1691375", "124.198.131.115:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:11", "50", "False", "https://www.shodan.io/host/124.198.131.115#5555", "c2,evilginx,shodan", "0", "juroots" "2025-12-30 16:21:16", "1688739", "101.34.205.214:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:15", "1688738", "103.171.35.66:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:14", "1688737", "107.149.192.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:13", "1688734", "124.222.218.20:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:13", "1688735", "124.221.255.78:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:13", "1688736", "123.56.78.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:12", "1688732", "152.32.202.240:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:12", "1688733", "150.158.119.242:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:11", "1688730", "165.154.244.73:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:11", "1688731", "156.225.20.77:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:10", "1688729", "182.92.239.94:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:08", "1688726", "39.105.160.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:08", "1688727", "38.38.250.99:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:08", "1688728", "211.184.175.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:07", "1688725", "45.58.56.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:05", "1688723", "8.130.80.145:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:05", "1688724", "8.130.26.216:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:03", "1688721", "94.74.164.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-30 16:21:03", "1688722", "87.251.67.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2025-12-28 20:01:34", "1687817", "118.89.88.183:56781", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:44", "100", "False", "https://search.censys.io/hosts/118.89.88.183", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-12-28 07:41:32", "1687327", "37.72.172.58:8088", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:44:39", "100", "False", "https://search.censys.io/hosts/37.72.172.58", "AS29802,C2,censys,HVC-AS,RAT", "0", "dyingbreeds_" "2025-12-25 18:44:15", "1686405", "155.102.62.60:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:43:23", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-25 07:52:31", "1686010", "139.196.223.82:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:14", "100", "False", "https://search.censys.io/hosts/139.196.223.82", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-12-24 12:48:51", "1685856", "helpremote.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-23 22:45:05", "1685596", "172.94.18.103:190", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:33", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-12-23 20:01:06", "1685256", "115.190.160.206:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:11", "100", "False", "https://search.censys.io/hosts/115.190.160.206", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci" "2025-12-23 03:00:34", "1684938", "8.159.146.72:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-23 02:54:49", "1684936", "missmovie.lol", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-22 20:01:00", "1684826", "179.43.186.214:7889", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:54", "100", "False", "https://search.censys.io/hosts/179.43.186.214", "AS51852,C2,censys,CobaltStrike,cs-watermark-987654321,PLI-AS", "0", "DonPasci" "2025-12-22 13:24:27", "1684679", "193.142.146.30:9433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:56", "100", "False", "https://search.censys.io/hosts/193.142.146.30", "AS213438,C2,censys", "0", "dyingbreeds_" "2025-12-22 00:01:20", "1684543", "64.190.113.161:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:45:05", "100", "False", "https://search.censys.io/hosts/64.190.113.161", "AS399629,BLNWX,C2,censys,Pupy,RAT", "0", "DonPasci" "2025-12-19 08:01:13", "1683269", "81.71.82.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:18", "100", "False", "https://search.censys.io/hosts/81.71.82.54", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-12-19 08:01:11", "1683268", "60.205.139.210:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:13", "100", "False", "https://search.censys.io/hosts/60.205.139.210", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-12-17 04:00:34", "1681218", "36.140.162.173:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:59", "100", "False", "https://search.censys.io/hosts/36.140.162.173", "AS9808,C2,censys,CHINAMOBILE-CN,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2025-12-16 05:57:15", "1680196", "91.208.184.203:80", "ip:port", "botnet_cc", "elf.xmrig", "None", "XMRIG", "2026-05-16 22:09:20", "75", "False", "", "None", "0", "c2hunter" "2025-12-16 04:00:27", "1680317", "47.76.185.85:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:10", "100", "False", "https://search.censys.io/hosts/47.76.185.85", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-12-16 02:49:55", "1680306", "43.161.245.186:79", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-12 02:50:28", "1676363", "67.219.102.244:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-08 14:58:40", "1670887", "20.157.116.151:8000", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:52", "100", "False", "https://search.censys.io/hosts/20.157.116.151", "AdaptixC2,AS8069,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-12-07 16:01:37", "1668967", "180.76.141.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:16", "100", "False", "https://search.censys.io/hosts/180.76.141.175", "AS38365,BAIDU,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-12-05 16:01:25", "1668066", "36.140.162.173:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:59", "100", "False", "https://search.censys.io/hosts/36.140.162.173", "AS9808,C2,censys,CHINAMOBILE-CN,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2025-12-04 00:03:19", "1667182", "216.238.89.173:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:32", "100", "False", "https://search.censys.io/hosts/216.238.89.173", "AdaptixC2,AS-VULTR,AS20473,C2,censys", "0", "DonPasci" "2025-12-03 20:01:15", "1667105", "115.190.161.178:1234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:41", "100", "False", "https://search.censys.io/hosts/115.190.161.178", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci" "2025-12-03 12:31:15", "1666902", "122.114.10.199:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:11", "90", "False", "https://search.censys.io/hosts/122.114.10.199", "AS4837,C2,censys", "0", "dyingbreeds_" "2025-12-02 12:51:03", "1666137", "8.137.149.67:8091", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:16", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-02 02:49:18", "1665931", "38.182.168.169:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:00", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-01 14:57:52", "1665523", "http://213.5.130.104", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:06", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:52", "1665524", "http://213.5.130.180", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:08", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:50", "1665525", "http://213.5.130.106", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:07", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665526", "http://213.5.130.102", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:08", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665527", "http://213.5.130.152", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:07", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665528", "http://213.5.130.107", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:06", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665529", "http://213.5.130.153", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:06", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:48", "1665530", "http://213.5.130.100", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:05", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:48", "1665531", "http://213.5.130.182", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:08", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:47", "1665532", "http://213.5.130.181", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:07", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 12:36:20", "1665454", "122.114.10.199:8001", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:11", "90", "False", "https://search.censys.io/hosts/122.114.10.199", "AS4837,C2,censys", "0", "dyingbreeds_" "2025-12-01 02:48:04", "1663883", "101.132.173.62:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-30 20:01:55", "1663611", "103.110.65.166:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:03", "100", "False", "https://search.censys.io/hosts/103.110.65.166", "AS26383,ASNET,C2,censys,Sliver", "0", "DonPasci" "2025-11-29 20:00:50", "1663223", "106.13.29.104:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:38", "100", "False", "https://search.censys.io/hosts/106.13.29.104", "AS38365,BAIDU,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-11-29 12:00:52", "1663012", "47.236.56.15:4445", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:09", "100", "False", "https://search.censys.io/hosts/47.236.56.15", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-0", "0", "DonPasci" "2025-11-28 10:51:31", "1660317", "148.135.120.162:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-28 10:50:17", "1660316", "ns2.googleclouds.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-28 10:50:14", "1660315", "ns1.googleclouds.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-28 04:01:01", "1651951", "5.101.82.51:9999", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:53", "100", "False", "https://search.censys.io/hosts/5.101.82.51", "AS-GLOBALTELEHOST,AS63023,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-11-27 18:47:59", "1651813", "47.103.143.60:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:50", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-11-26 12:50:54", "1650889", "job.itechno.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-25 10:49:55", "1650040", "156.245.248.173:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-25 06:01:37", "1649775", "http://213.5.130.84", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:08", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:36", "1649776", "http://213.5.130.96", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:08", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:36", "1649777", "http://213.5.130.98", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:08", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:35", "1649778", "http://213.5.130.160", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:08", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-24 10:50:01", "1649647", "154.201.74.112:1433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-23 08:00:29", "1649164", "5.101.86.44:61288", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:56", "100", "False", "https://search.censys.io/hosts/5.101.86.44", "AS-GLOBALTELEHOST,AS62563,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-11-21 10:49:27", "1647756", "1.13.247.208:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-21 00:02:05", "1647575", "123.58.64.57:34567", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:47", "100", "False", "https://search.censys.io/hosts/123.58.64.57", "AS17623,C2,censys,CNCGROUP-SZ,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-11-20 20:02:12", "1647454", "122.51.93.94:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:47", "100", "False", "https://search.censys.io/hosts/122.51.93.94", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-11-19 23:00:16", "1646839", "43.156.63.124:64494", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:30", "100", "False", "https://search.censys.io/hosts/43.156.63.124", "AS132203,C2,censys", "0", "dyingbreeds_" "2025-11-18 12:48:15", "1646007", "enter.xone.la", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-18 00:02:00", "1645839", "193.42.25.65:1443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:56", "100", "False", "https://search.censys.io/hosts/193.42.25.65", "AS55933,C2,censys,CLOUDIE-AS-AP,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-11-17 23:00:18", "1645785", "47.236.149.142:46832", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:09", "100", "False", "https://search.censys.io/hosts/47.236.149.142", "AS45102,C2,censys", "0", "dyingbreeds_" "2025-11-17 21:41:49", "1645767", "120.79.255.238:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:46", "100", "False", "https://search.censys.io/hosts/120.79.255.238", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-11-17 12:04:03", "1645505", "194.233.73.173:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:48", "100", "False", "https://search.censys.io/hosts/194.233.73.173", "AdaptixC2,AS141995,C2,CAPL-AS-AP,censys", "0", "DonPasci" "2025-11-13 04:54:17", "1639703", "62.60.226.183:483", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-05-18 11:46:25", "100", "False", "None", "c2,Tofsee", "0", "Bitsight" "2025-11-12 04:02:31", "1638854", "54.165.230.182:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:00", "100", "False", "https://search.censys.io/hosts/54.165.230.182", "AMAZON-AES,AS14618,C2,censys,Covenant", "0", "DonPasci" "2025-11-10 18:47:41", "1638274", "38.242.212.5:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:41", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2025-11-09 08:02:17", "1637255", "62.60.226.65:43155", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:04", "100", "False", "https://search.censys.io/hosts/62.60.226.65", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci" "2025-11-07 23:00:12", "1636099", "111.228.55.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:10", "100", "False", "https://search.censys.io/hosts/111.228.55.96", "AS141679,C2,censys", "0", "dyingbreeds_" "2025-11-07 02:49:37", "1634744", "165.154.225.239:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-06 11:38:44", "1634512", "122.51.31.224:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:46", "50", "False", "https://www.shodan.io/host/122.51.31.224#4443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-11-05 11:00:14", "1633781", "212.14.244.222:806", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:57", "100", "False", "https://search.censys.io/hosts/212.14.244.222", "AS12975,C2,censys", "0", "dyingbreeds_" "2025-11-05 08:00:35", "1633709", "156.225.20.77:5006", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:51", "100", "False", "https://search.censys.io/hosts/156.225.20.77", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-987654321", "0", "DonPasci" "2025-11-04 20:01:04", "1633501", "59.110.28.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:20", "100", "False", "https://search.censys.io/hosts/59.110.28.230", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-11-04 02:49:22", "1633063", "192.253.227.88:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-04 02:49:14", "1633061", "167.88.168.76:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-11-03 20:00:26", "1632776", "83.229.126.183:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:18", "100", "False", "https://search.censys.io/hosts/83.229.126.183", "AS139659,C2,censys,CobaltStrike,cs-watermark-987654321,LUCID-AS-AP", "0", "DonPasci" "2025-11-03 12:09:05", "1631818", "14.103.136.198:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "2026-05-17 00:00:19", "100", "False", "https://www.nviso.eu/blog", "C2,NVISO,VShell", "0", "0xThiebaut" "2025-11-03 12:08:59", "1631769", "120.48.21.184:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "2026-05-18 13:00:14", "100", "False", "https://www.nviso.eu/blog", "C2,NVISO,VShell", "0", "0xThiebaut" "2025-11-03 12:08:57", "1631753", "117.72.175.125:443", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "2026-05-18 13:00:47", "100", "False", "https://www.nviso.eu/blog", "C2,NVISO,VShell", "0", "0xThiebaut" "2025-11-03 09:03:04", "1631367", "117.72.242.9:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:43", "100", "False", "https://search.censys.io/hosts/117.72.242.9", "AS141679,C2,censys", "0", "dyingbreeds_" "2025-11-03 07:01:12", "1631471", "119.42.148.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:33", "50", "False", "https://www.shodan.io/host/119.42.148.186#443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-11-01 12:33:11", "1630767", "159.223.0.103:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:25", "50", "False", "https://www.shodan.io/host/159.223.0.103#31337", "c2,shodan,sliver", "0", "juroots" "2025-11-01 12:32:18", "1630711", "134.122.140.185:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:48", "50", "False", "https://www.shodan.io/host/134.122.140.185#80", "c2,cobaltstrike,shodan", "0", "juroots" "2025-11-01 12:31:38", "1630704", "117.72.175.125:8087", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:42", "50", "False", "https://www.shodan.io/host/117.72.175.125#8087", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2025-10-31 16:01:24", "1630391", "85.215.57.133:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:45:17", "100", "False", "https://search.censys.io/hosts/85.215.57.133", "AdaptixC2,AS8560,C2,censys,IONOS-AS", "0", "DonPasci" "2025-10-30 04:00:42", "1629384", "103.149.93.146:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:34", "100", "False", "https://search.censys.io/hosts/103.149.93.146", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-666666666", "0", "DonPasci" "2025-10-29 10:49:29", "1628837", "112.3.31.155:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-29 09:23:45", "1628814", "179.43.186.214:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:54", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-10-29 04:01:19", "1628725", "94.154.35.114:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:45:22", "100", "False", "https://search.censys.io/hosts/94.154.35.114", "AS214943,C2,censys,DcRAT,RAILNET,RAT", "0", "DonPasci" "2025-10-29 02:49:59", "1628691", "8.17.56.128:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-28 20:48:37", "1628195", "ns1.servicedata.services", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-28 12:28:01", "1628076", "8.137.149.67:8060", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:16", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-10-28 04:00:27", "1627925", "182.254.155.23:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:30", "100", "False", "https://search.censys.io/hosts/182.254.155.23", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-10-28 02:49:21", "1627719", "182.16.98.83:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-28 02:48:42", "1627718", "116.62.226.163:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-27 20:50:01", "1627659", "182.16.98.84:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-26 07:39:14", "1626705", "196.251.83.89:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:29", "100", "False", "https://search.censys.io/hosts/196.251.83.89", "AS401120,C2,censys,CHEAPY-HOST", "0", "dyingbreeds_" "2025-10-25 04:02:07", "1626312", "173.212.216.226:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:43:33", "100", "False", "https://search.censys.io/hosts/173.212.216.226", "AS51167,censys,Chaos,CONTABO,panel", "0", "DonPasci" "2025-10-25 04:00:11", "1626300", "47.121.135.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:26", "100", "False", "https://search.censys.io/hosts/47.121.135.201", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-10-24 16:00:08", "1626112", "140.143.194.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:44", "100", "False", "https://search.censys.io/hosts/140.143.194.253", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-10-23 16:48:58", "1625642", "maelootp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-23 12:50:22", "1625564", "evil.ritademo.io.vn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-23 08:02:52", "1625393", "40.66.42.246:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:42", "100", "False", "https://search.censys.io/hosts/40.66.42.246", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-10-22 22:00:43", "1625174", "40.66.42.246:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:42", "100", "False", "https://search.censys.io/hosts/40.66.42.246", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "dyingbreeds_" "2025-10-22 18:45:52", "1625107", "185.72.8.137:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:42", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-10-22 18:45:52", "1625108", "185.72.8.137:7882", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:42", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-10-22 15:43:44", "1624905", "116.62.226.163:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:47", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear" "2025-10-22 08:02:02", "1624664", "115.190.140.220:1443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:41", "100", "False", "https://search.censys.io/hosts/115.190.140.220", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci" "2025-10-21 20:01:59", "1624300", "47.110.67.64:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:39", "100", "False", "https://search.censys.io/hosts/47.110.67.64", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-10-21 13:19:24", "1624166", "http://213.5.130.75", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:05", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:23", "1624167", "http://213.5.130.10", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:05", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:22", "1624169", "http://213.5.130.90", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:07", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:22", "1624170", "http://213.5.130.89", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 06:02:06", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 02:51:22", "1618880", "47.120.70.161:6666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:08", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-21 02:49:37", "1618876", "www.salesf0rce.club", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-18 12:49:25", "1617577", "143.92.43.246:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-17 12:02:17", "1617285", "5.152.16.189:8443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:44:58", "100", "False", "https://search.censys.io/hosts/5.152.16.189", "AS35805,C2,censys,Netsupport,RAT,SILKNET-AS", "0", "DonPasci" "2025-10-16 22:50:54", "1616729", "47.129.2.130:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:09", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-16 22:49:04", "1616728", "ns1.gygiuh.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-15 18:47:32", "1616141", "23.94.44.214:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:34", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-10-15 16:51:25", "1616115", "154.201.74.112:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-14 20:02:48", "1615761", "89.58.30.49:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:18", "100", "False", "https://search.censys.io/hosts/89.58.30.49", "AS197540,C2,censys,Covenant,NETCUP-AS", "0", "DonPasci" "2025-10-14 08:01:33", "1614712", "5.101.82.60:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:44:53", "100", "False", "https://search.censys.io/hosts/5.101.82.60", "AS-GLOBALTELEHOST,AS63023,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-10-10 08:00:56", "1611156", "183.78.152.175:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:55", "100", "False", "https://search.censys.io/hosts/183.78.152.175", "AS4766,C2,censys,CobaltStrike,cs-watermark-305419896,KIXS-AS-KR", "0", "DonPasci" "2025-10-07 02:49:11", "1608605", "143.92.43.153:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-10-07 02:49:11", "1608606", "143.92.43.231:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-30 00:02:15", "1604499", "149.50.135.215:49152", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:21", "100", "False", "https://search.censys.io/hosts/149.50.135.215", "AdaptixC2,AS27823,C2,censys,Dattatec.com", "0", "DonPasci" "2025-09-28 15:48:32", "1603281", "154.92.15.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:31", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear" "2025-09-28 12:00:28", "1603219", "212.14.244.222:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:58", "100", "False", "https://search.censys.io/hosts/212.14.244.222", "AS12975,C2,censys,CobaltStrike,cs-watermark-305419896,PALTEL-AS", "0", "DonPasci" "2025-09-27 16:02:13", "1602818", "84.27.86.226:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:45:15", "100", "False", "https://search.censys.io/hosts/84.27.86.226", "AS33915,C2,censys,Netsupport,RAT,TNF-AS", "0", "DonPasci" "2025-09-25 20:00:39", "1601556", "115.120.245.134:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:11", "100", "False", "https://search.censys.io/hosts/115.120.245.134", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-09-25 12:51:01", "1601359", "196.251.69.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-24 20:00:10", "1599651", "47.113.186.138:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:39", "100", "False", "https://search.censys.io/hosts/47.113.186.138", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-24 08:02:13", "1599442", "43.162.114.240:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:43", "100", "False", "https://search.censys.io/hosts/43.162.114.240", "AS132203,censys,EvilGinx,panel,Phishing,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-09-23 06:06:58", "1598336", "43.139.170.200:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:03", "100", "False", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2025-09-23 04:00:59", "1598300", "43.162.114.107:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:43", "100", "False", "https://search.censys.io/hosts/43.162.114.107", "AS132203,censys,EvilGinx,Phishing", "0", "dyingbreeds_" "2025-09-22 08:49:38", "1597898", "ns2.cryptwechat.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-22 08:49:35", "1597894", "ns1.cryptwechat.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-21 16:01:22", "1596535", "43.162.108.133:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:43", "100", "False", "https://search.censys.io/hosts/43.162.108.133", "AS132203,censys,EvilGinx,panel,Phishing,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-09-14 04:00:25", "1589781", "91.92.241.142:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:45:20", "100", "False", "https://search.censys.io/hosts/91.92.241.142", "AS209800,C2,censys,METASPINNER-ASN,RAT", "0", "dyingbreeds_" "2025-09-13 04:01:58", "1589068", "18.167.174.198:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:43:37", "100", "False", "https://search.censys.io/hosts/18.167.174.198", "AMAZON-02,AS16509,C2,censys,Pupy,RAT", "0", "DonPasci" "2025-09-11 20:01:36", "1588133", "195.178.110.135:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:29", "100", "False", "https://search.censys.io/hosts/195.178.110.135", "AS48090,C2,censys,CobaltStrike,cs-watermark-426352781,DMZHOST", "0", "DonPasci" "2025-09-11 20:01:30", "1588128", "150.158.170.241:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:31", "100", "False", "https://search.censys.io/hosts/150.158.170.241", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-09-11 06:43:14", "1587773", "106.12.111.209:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:34", "100", "False", "None", "CobaltStrike,cs-watermark-1234567890", "0", "abuse_ch" "2025-09-10 20:01:24", "1587441", "101.32.109.112:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:35", "100", "False", "https://search.censys.io/hosts/101.32.109.112", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-09-10 16:02:07", "1587229", "142.93.86.246:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:17", "100", "False", "https://search.censys.io/hosts/142.93.86.246", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-09-10 12:50:37", "1587191", "101.132.173.62:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-08 20:01:13", "1585239", "121.40.18.128:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:46", "100", "False", "https://search.censys.io/hosts/121.40.18.128", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-06 20:01:18", "1582910", "8.138.222.215:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:25", "100", "False", "https://search.censys.io/hosts/8.138.222.215", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-09-04 07:40:20", "1581559", "101.132.173.62:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:35", "50", "False", "https://www.shodan.io/host/101.132.173.62#443", "c2,cobaltstrike,cs-watermark-100000,shodan", "0", "juroots" "2025-09-04 07:40:17", "1581557", "8.148.194.157:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:24", "50", "False", "https://www.shodan.io/host/8.148.194.157#443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-09-02 18:52:55", "1580723", "47.236.159.248:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:09", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 18:50:45", "1580721", "ns2.microoosoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 18:50:42", "1580720", "ns1.microoosoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 05:43:42", "1580257", "47.121.137.8:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:08", "50", "False", "https://www.shodan.io/host/47.121.137.8#80", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-09-02 04:01:38", "1580237", "47.99.196.178:7001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:44:51", "100", "False", "https://search.censys.io/hosts/47.99.196.178", "AdaptixC2,ALIBABA-CN-NET,AS37963,C2,censys", "0", "DonPasci" "2025-08-31 20:50:07", "1578899", "103.73.66.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-29 22:50:45", "1577783", "43.199.78.142:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-29 22:49:03", "1577775", "n1.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-29 22:49:03", "1577776", "n2.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-29 22:49:03", "1577777", "n3.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-29 22:49:01", "1577774", "lab.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-25 20:00:36", "1574453", "116.62.64.54:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:42", "100", "False", "https://search.censys.io/hosts/116.62.64.54", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-305419896", "0", "DonPasci" "2025-08-25 16:50:36", "1574437", "183.63.173.29:8008", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-25 08:14:17", "1574099", "89.216.98.17:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:45:18", "50", "False", "https://www.shodan.io/host/89.216.98.17#3085", "c2,netsupport,shodan", "0", "juroots" "2025-08-25 00:00:27", "1573705", "43.163.112.217:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:27", "100", "False", "https://search.censys.io/hosts/43.163.112.217", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-08-23 22:49:34", "1573347", "154.201.74.112:2052", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-23 18:00:42", "1573120", "62.60.226.133:61287", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:04", "100", "False", "https://tria.ge/250823-wglgsaxsdv", "AS214351,C2,rat,remcos,triage", "0", "DonPasci" "2025-08-21 12:49:30", "1572312", "dakk5rnsax46s.cfc-execute.su.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-20 08:02:12", "1571607", "178.16.55.53:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:42", "100", "False", "https://search.censys.io/hosts/178.16.55.53", "C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-08-18 20:01:59", "1570775", "116.203.31.207:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:42", "100", "False", "https://search.censys.io/hosts/116.203.31.207", "AS24940,C2,censys,CobaltStrike,cs-watermark-987654321,HETZNER-AS", "0", "DonPasci" "2025-08-17 20:01:54", "1570558", "150.187.25.242:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:50", "100", "False", "https://search.censys.io/hosts/150.187.25.242", "AS20312,C2,censys,CobaltStrike,cs-watermark-987654321,Fundacion", "0", "DonPasci" "2025-08-16 15:22:26", "1569825", "8.138.167.123:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:25", "50", "False", "https://www.shodan.io/host/8.138.167.123#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-16 08:01:47", "1569780", "119.29.231.118:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:33", "100", "False", "https://search.censys.io/hosts/119.29.231.118", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-08-15 21:57:45", "1569167", "116.198.233.179:6666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:41", "50", "False", "https://www.shodan.io/host/116.198.233.179#6666", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-08-15 09:11:56", "1568785", "106.52.208.143:46000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:38", "75", "False", "https://threatquery.com/engines/ip.html?value=106.52.208.143&type=ip", "AS45090,c2,Cobalt Strike,threatquery", "0", "threatquery" "2025-08-15 06:21:34", "1568713", "117.72.184.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:46", "100", "False", "https://search.censys.io/hosts/117.72.184.172", "AS141679,C2,censys", "0", "dyingbreeds_" "2025-08-13 12:01:33", "1568151", "116.62.64.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:42", "100", "False", "https://search.censys.io/hosts/116.62.64.54", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-305419896", "0", "DonPasci" "2025-08-12 20:01:25", "1567756", "116.198.233.179:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:47", "100", "False", "https://search.censys.io/hosts/116.198.233.179", "AS137699,C2,censys,CHINATELECOM-JIANGSU-SUQIAN-IDC,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-12 20:01:25", "1567758", "129.211.31.181:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:48", "100", "False", "https://search.censys.io/hosts/129.211.31.181", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-08-12 10:50:19", "1567648", "107.174.115.43:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-11 16:01:20", "1567289", "38.38.250.99:5800", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:00", "100", "False", "https://search.censys.io/hosts/38.38.250.99", "AS139659,C2,censys,CobaltStrike,cs-watermark-666666666,LUCID-AS-AP", "0", "DonPasci" "2025-08-11 08:01:15", "1567234", "45.204.216.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:27", "100", "False", "https://search.censys.io/hosts/45.204.216.24", "AS62468,C2,censys,CobaltStrike,cs-watermark-987654321,HKCLOUDX", "0", "DonPasci" "2025-08-11 00:01:15", "1567194", "129.211.31.181:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:47", "100", "False", "https://search.censys.io/hosts/129.211.31.181", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-08-06 12:54:26", "1565164", "8.219.76.168:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-05 08:53:36", "1564496", "47.105.36.109:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-04 20:45:44", "1564345", "185.233.166.124:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:41", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-08-04 20:45:44", "1564346", "185.233.166.124:9702", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:41", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-08-01 20:01:06", "1563211", "89.197.168.150:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:18", "100", "False", "https://search.censys.io/hosts/89.197.168.150", "AS47474,C2,censys,Mythic,VIRTUAL1", "0", "DonPasci" "2025-07-30 12:00:13", "1562508", "39.105.165.37:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:01", "100", "False", "https://search.censys.io/hosts/39.105.165.37", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-28 05:29:47", "1561533", "217.154.212.25:3000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:44:33", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-07-27 16:00:55", "1561181", "117.72.181.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:33", "100", "False", "https://search.censys.io/hosts/117.72.181.104", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-666666", "0", "DonPasci" "2025-07-25 10:51:18", "1560617", "47.236.130.154:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:09", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-19 12:49:30", "1558329", "103.125.248.109:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-19 00:01:30", "1558180", "104.167.16.88:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-18 12:43:06", "100", "False", "https://search.censys.io/hosts/104.167.16.88", "AdaptixC2,AS16276,C2,censys,OVH", "0", "DonPasci" "2025-07-18 12:51:20", "1558066", "193.112.84.248:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-18 08:01:12", "1558027", "206.189.227.148:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:54", "100", "False", "https://search.censys.io/hosts/206.189.227.148", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-07-16 22:49:04", "1557619", "ns3.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-16 22:49:03", "1557618", "ns2.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-16 22:49:02", "1557617", "ns1.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-12 00:01:36", "1556099", "51.81.171.234:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:59", "100", "False", "https://search.censys.io/hosts/51.81.171.234", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci" "2025-07-11 12:05:09", "1555914", "38.207.178.172:8002", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:44:40", "100", "False", "None", "AS139659,chaos,LUCIDACLOUD LIMITED", "0", "antiphishorg" "2025-07-08 20:56:28", "1554642", "88.129.151.109:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:45:18", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-07 20:54:20", "1554340", "88.129.147.201:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:45:17", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-07-07 20:00:39", "1554310", "47.117.143.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:08", "100", "False", "https://search.censys.io/hosts/47.117.143.185", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike", "0", "DonPasci" "2025-07-06 20:00:32", "1554064", "8.152.99.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:24", "100", "False", "https://search.censys.io/hosts/8.152.99.85", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-07-05 00:01:06", "1553561", "134.199.166.195:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:13", "100", "False", "https://search.censys.io/hosts/134.199.166.195", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-07-03 20:00:15", "1553070", "112.125.19.107:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:37", "100", "False", "https://search.censys.io/hosts/112.125.19.107", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2025-06-28 08:51:18", "1550284", "54.38.94.225:8886", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:45:00", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-06-27 06:58:55", "1549901", "217.154.212.25:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:58", "50", "False", "https://www.shodan.io/host/217.154.212.25#80", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-25 04:00:19", "1549030", "156.227.233.153:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:31", "100", "False", "https://search.censys.io/hosts/156.227.233.153", "AS138152,C2,censys", "0", "dyingbreeds_" "2025-06-23 08:00:17", "1548591", "47.109.145.121:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:07", "100", "False", "https://search.censys.io/hosts/47.109.145.121", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-21 18:56:08", "1548335", "107.173.122.193:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-21 18:55:13", "1548333", "ns3.admlistdel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-21 18:55:10", "1548330", "ns2.admlistdel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 06:01:32", "1547925", "82.156.156.160:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:24", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-06-18 08:02:37", "1546246", "191.93.118.254:9000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:44", "75", "False", "https://bazaar.abuse.ch/sample/9265a6e0b26a240f1f8bffddf3b36d0e533919d0c894bd66839a90e351961464/", "AsyncRAT,RAT", "0", "abuse_ch" "2025-06-18 07:58:54", "1546232", "191.93.118.254:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-18 12:43:44", "75", "False", "https://bazaar.abuse.ch/sample/6ecbf71d231e9b9e7459b97c97d94aed467481b5b4f22af288bbaea5945c1af4/", "AsyncRAT,RAT", "0", "abuse_ch" "2025-06-17 03:12:25", "1545615", "8.147.128.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-16 23:10:50", "1545597", "47.107.136.106:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-16 12:01:46", "1545348", "8.137.149.67:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:15", "100", "False", "https://search.censys.io/hosts/8.137.149.67", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-13 20:01:30", "1544612", "47.109.48.57:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:26", "100", "False", "https://search.censys.io/hosts/47.109.48.57", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-12 16:01:24", "1544257", "47.109.48.57:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:08", "100", "False", "https://search.censys.io/hosts/47.109.48.57", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-12 08:56:19", "1544039", "39.104.78.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:28", "100", "False", "https://search.censys.io/hosts/39.104.78.25", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-06-10 16:01:13", "1543390", "8.155.0.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:24", "100", "False", "https://search.censys.io/hosts/8.155.0.238", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-08 20:01:01", "1542759", "119.45.29.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:46", "100", "False", "https://search.censys.io/hosts/119.45.29.172", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-06-06 20:01:59", "1542057", "172.81.131.230:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:32", "100", "False", "https://search.censys.io/hosts/172.81.131.230", "AS27176,C2,censys,DATAWAGON,Mythic", "0", "DonPasci" "2025-06-06 16:01:21", "1541666", "3.19.238.211:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:44:35", "100", "False", "https://search.censys.io/hosts/3.19.238.211", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci" "2025-06-06 16:00:50", "1541652", "68.64.176.42:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:25", "100", "False", "https://search.censys.io/hosts/68.64.176.42", "AS139659,C2,censys,CobaltStrike,cs-watermark-391144938,LUCID-AS-AP", "0", "DonPasci" "2025-06-06 02:53:59", "1541446", "ns1.admlistdel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-02 12:01:04", "1538881", "193.239.85.15:2083", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:47", "100", "False", "https://search.censys.io/hosts/193.239.85.15", "AS9009,C2,censys,Havoc,M247", "0", "DonPasci" "2025-06-02 05:47:28", "1538799", "47.109.198.8:6000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:07", "50", "False", "https://www.shodan.io/host/47.109.198.8#6000", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-01 08:52:56", "1538358", "54.38.94.225:8885", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:45:00", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-05-31 07:45:39", "1537676", "101.43.91.156:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:49", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic" "2025-05-31 07:45:38", "1537678", "59.110.7.32:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:37", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic" "2025-05-30 08:53:21", "1536850", "99.112.198.249:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:45:24", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-05-30 08:00:11", "1536831", "129.28.85.210:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:32", "100", "False", "https://search.censys.io/hosts/129.28.85.210", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-05-30 02:55:17", "1536730", "111.229.4.108:2096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-29 22:26:34", "1536683", "161.35.176.231:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:26", "100", "False", "https://search.censys.io/hosts/161.35.176.231", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-05-28 08:01:49", "1535962", "217.154.212.25:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:33", "100", "False", "https://search.censys.io/hosts/217.154.212.25", "AS8560,C2,censys,IONOS-AS,Mythic", "0", "DonPasci" "2025-05-28 08:01:49", "1535963", "159.89.36.127:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:26", "100", "False", "https://search.censys.io/hosts/159.89.36.127", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-05-26 20:01:30", "1534920", "8.216.80.229:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:45:11", "100", "False", "https://search.censys.io/hosts/8.216.80.229", "ALIBABA-CN-NET,AS45102,C2,censys,Sliver", "0", "DonPasci" "2025-05-24 20:01:31", "1533613", "221.132.29.137:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:33", "100", "False", "https://search.censys.io/hosts/221.132.29.137", "AS45899,C2,censys,Mythic,VNPT-AS-VN", "0", "DonPasci" "2025-05-24 11:13:44", "1533071", "1.15.174.189:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:35", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic" "2025-05-23 05:34:51", "1532332", "8.140.239.162:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:37", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic" "2025-05-22 23:55:29", "1532341", "msg.msdegeup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-22 20:01:48", "1532306", "178.217.98.23:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-05-18 12:43:36", "100", "False", "https://search.censys.io/hosts/178.217.98.23", "AS48282,censys,Chaos,panel,VDSINA-AS", "0", "DonPasci" "2025-05-21 12:58:33", "1531638", "138.124.15.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-21 08:00:35", "1527752", "117.72.206.39:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:46", "100", "False", "https://search.censys.io/hosts/117.72.206.39", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-05-20 18:26:13", "1527381", "106.75.215.96:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:38", "50", "False", "https://www.shodan.io/host/106.75.215.96#8081", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-05-20 06:37:42", "1526357", "106.54.61.188:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:34", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-05-19 12:00:22", "1525628", "118.26.39.237:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:44", "100", "False", "https://search.censys.io/hosts/118.26.39.237", "AS135377,C2,censys,CobaltStrike,cs-watermark-666666666,UCLOUD-HK-AS-AP", "0", "DonPasci" "2025-05-18 15:34:22", "1525250", "124.223.114.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:32", "100", "False", "https://intelinsights.substack.com/p/from-939-to-85-hunting-cobalt-strike", "censys,cobaltstrike", "0", "orlof_v" "2025-05-18 08:05:45", "1525138", "47.108.139.103:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:50", "100", "False", "https://search.censys.io/hosts/47.108.139.103", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-05-17 14:42:08", "1524773", "167.99.51.2:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:29", "50", "False", "https://www.shodan.io/host/167.99.51.2#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-17 08:00:32", "1524641", "167.99.51.2:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:29", "100", "False", "https://search.censys.io/hosts/167.99.51.2", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-05-17 06:27:29", "1524331", "8.216.80.229:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:45:10", "50", "False", "https://www.shodan.io/host/8.216.80.229#31337", "c2,shodan,sliver", "0", "juroots" "2025-05-17 06:26:23", "1524319", "101.35.109.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:35", "50", "False", "https://www.shodan.io/host/101.35.109.246#443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-05-15 21:14:57", "1523466", "103.171.35.26:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:34", "75", "False", "https://x.com/abodovic1", "c2,censys,cobalt_strike", "0", "Abodovic" "2025-05-15 21:14:47", "1523462", "60.204.169.16:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:37", "75", "False", "https://x.com/abodovic1", "c2,censys,cobalt_strike", "0", "Abodovic" "2025-05-15 21:13:56", "1523434", "179.43.186.223:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:30", "75", "False", "https://x.com/abodovic1", "c2,censys,cobalt_strike", "0", "Abodovic" "2025-05-15 05:25:01", "1523246", "8.134.70.73:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:18", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-05-13 14:08:42", "1521639", "8.134.70.73:88", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:15", "100", "False", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz" "2025-05-12 20:58:42", "1520343", "38.54.112.234:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:00", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-12 20:55:40", "1520342", "asusupdateserver.asuscomm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-11 18:56:38", "1519576", "skyprotech.ru", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-05-11 06:11:06", "1519438", "47.109.190.151:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:50", "100", "False", "https://search.censys.io/hosts/47.109.190.151", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-05-11 05:00:17", "1519450", "https://topguningit.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:19:28", "100", "False", "", "None", "0", "Rony" "2025-05-09 14:15:41", "1518693", "https://solara-support.github.io/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-05-18 09:00:52", "50", "False", "https://urlscan.io/result/0196b566-dc1c-723f-bbec-658b71a5a294", "c2,fakecaptcha,urlscan", "0", "juroots" "2025-05-09 05:36:03", "1518529", "47.108.140.10:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:50", "100", "False", "https://search.censys.io/hosts/47.108.140.10", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-05-05 12:00:58", "1516147", "41.216.189.77:2096", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:42", "100", "False", "https://search.censys.io/hosts/41.216.189.77", "AS211138,C2,censys,Havoc,PRIVATEHOSTING-NET", "0", "DonPasci" "2025-05-01 02:53:24", "1514252", "accesserdsc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-29 08:53:29", "1513590", "54.38.94.225:8882", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:45:00", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-04-29 08:43:42", "1513585", "107.143.144.154:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:43:08", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-22 12:21:47", "1509966", "167.71.13.103:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:29", "50", "False", "https://www.shodan.io/host/167.71.13.103#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-22 12:00:30", "1509951", "202.146.218.74:2024", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:56", "100", "False", "https://search.censys.io/hosts/202.146.218.74", "AS152194,C2,censys,CobaltStrike,cs-watermark-666666666,CTGSERVERLIMITED-AS-AP", "0", "DonPasci" "2025-04-17 00:01:32", "1492577", "118.31.114.149:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:44", "100", "False", "https://search.censys.io/hosts/118.31.114.149", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-16 16:01:35", "1492480", "113.45.253.80:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:41", "100", "False", "https://search.censys.io/hosts/113.45.253.80", "AS55990,C2,censys,CobaltStrike,cs-watermark-666666666,HWCSNET", "0", "DonPasci" "2025-04-16 08:01:30", "1492218", "112.126.68.61:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:40", "100", "False", "https://search.censys.io/hosts/112.126.68.61", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2025-04-15 16:02:30", "1492012", "47.83.134.97:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:51", "100", "False", "https://search.censys.io/hosts/47.83.134.97", "ALIBABA-CN-NET,AS45102,C2,censys,Havoc", "0", "DonPasci" "2025-04-10 16:56:46", "1486765", "47.93.28.103:33333", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-10 05:55:49", "1486437", "167.71.13.103:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:29", "90", "False", "https://search.censys.io/hosts/167.71.13.103", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2025-04-07 13:47:33", "1485438", "3.146.93.253:55502", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-18 10:53:23", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight" "2025-04-07 12:47:32", "1485428", "3.146.93.253:55501", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-17 20:05:23", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight" "2025-04-07 12:47:31", "1485431", "3.146.93.253:55590", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-18 06:05:59", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight" "2025-04-07 12:47:30", "1485432", "3.146.93.253:55500", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-18 10:21:13", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight" "2025-04-07 12:47:28", "1485433", "52.15.213.182:80", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-18 10:21:14", "100", "False", "None", "bot,Vo1d", "0", "Bitsight" "2025-04-07 11:09:30", "1485407", "3.146.93.253:55600", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-17 20:37:31", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight" "2025-04-07 11:09:30", "1485408", "gecsge4e1e5427f8.com", "domain", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-18 10:53:24", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight" "2025-04-05 05:50:38", "1484905", "3.132.75.97:55520", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-18 11:55:47", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight" "2025-04-05 05:50:37", "1484906", "52.14.24.94:80", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-18 12:58:29", "100", "False", "None", "bot,Vo1d", "0", "Bitsight" "2025-04-05 05:50:35", "1484910", "3.132.75.97:55530", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-18 12:58:28", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight" "2025-04-02 10:08:14", "1463173", "38.46.218.36:9999", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-18 12:33:12", "100", "False", "None", "Vo1d", "0", "Bitsight" "2025-04-02 10:08:13", "1463174", "38.46.218.38:9999", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-18 10:02:05", "100", "False", "None", "Vo1d", "0", "Bitsight" "2025-04-02 10:08:12", "1463176", "38.46.218.39:9999", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-05-18 13:04:14", "100", "False", "None", "Vo1d", "0", "Bitsight" "2025-04-02 08:01:26", "1463152", "200.107.126.227:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:53", "100", "False", "https://search.censys.io/hosts/200.107.126.227", "AS14754,C2,censys,Netsupport,RAT,TELECOMUNICACIONES", "0", "DonPasci" "2025-04-01 10:24:30", "1462468", "43.143.229.126:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:28", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-03-25 22:53:24", "1458716", "ehchq7m7rpvdr.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-24 06:29:33", "1457513", "103.142.147.17:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:03", "100", "False", "https://search.censys.io/hosts/103.142.147.17", "AS135581,censys,Viper", "0", "dyingbreeds_" "2025-03-22 20:59:56", "1454163", "106.75.224.31:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:38", "50", "False", "https://www.shodan.io/host/106.75.224.31#8082", "c2,cobaltstrike,shodan", "0", "juroots" "2025-03-22 20:43:16", "1454148", "103.142.147.18:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:03", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-03-22 20:43:16", "1454149", "103.142.147.19:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:03", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-03-21 05:37:03", "1452746", "106.75.224.31:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:38", "50", "False", "https://www.shodan.io/host/106.75.224.31#8081", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-03-20 12:01:27", "1452404", "47.116.208.81:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:39", "100", "False", "https://search.censys.io/hosts/47.116.208.81", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-03-20 00:01:20", "1451869", "120.24.64.74:63211", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:45", "100", "False", "https://search.censys.io/hosts/120.24.64.74", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-03-19 20:01:21", "1451808", "47.93.28.103:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:11", "100", "False", "https://search.censys.io/hosts/47.93.28.103", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-03-12 02:47:28", "1446559", "www.dyshop.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-06 04:01:35", "1441769", "51.81.171.234:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:44:59", "100", "False", "https://search.censys.io/hosts/51.81.171.234", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci" "2025-03-03 12:01:16", "1440087", "15.204.95.228:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:22", "100", "False", "https://search.censys.io/hosts/15.204.95.228", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci" "2025-03-02 20:01:03", "1439776", "150.5.174.231:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:22", "100", "False", "https://search.censys.io/hosts/150.5.174.231", "AS150436,BYTEPLUS-AS-AP,C2,censys,Mythic", "0", "DonPasci" "2025-03-02 08:46:23", "1439368", "54.38.94.225:8887", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:45:00", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-03-01 20:47:46", "1439168", "47.129.171.26:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:09", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-01 20:46:51", "1439166", "ns.1.3.0o0.foo", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-03-01 20:46:51", "1439167", "ns.1.4.0o0.foo", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-02-17 10:47:48", "1414086", "169.239.129.45:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-02-14 00:01:07", "1411885", "192.52.167.140:80", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:46", "100", "False", "https://search.censys.io/hosts/192.52.167.140", "AS199959,C2,censys,CROWNCLOUD,Netsupport,RAT", "0", "DonPasci" "2025-02-11 09:13:14", "1409774", "120.24.64.74:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:45", "100", "False", "https://search.censys.io/hosts/120.24.64.74", "ALIBABA-CN-NET,AS37963,c2,censys,CN,cobaltstrike,cs-watermark-987654321", "0", "DonPasci" "2025-02-10 20:43:10", "1409420", "103.215.81.156:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:04", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-02-05 22:51:06", "1404178", "20.74.209.192:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-02-02 16:00:48", "1402495", "62.60.226.42:43155", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:04", "100", "False", "https://search.censys.io/hosts/62.60.226.42", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci" "2025-02-02 12:49:35", "1402480", "service-rchqbzvz-1301033415.sh.tencentapigw.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-02-01 08:44:50", "1399002", "173.44.141.226:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:34", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-02-01 04:00:38", "1398921", "62.60.226.6:43155", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-18 12:45:04", "100", "False", "https://search.censys.io/hosts/62.60.226.6", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci" "2025-01-31 08:45:58", "1398748", "193.203.49.90:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:47", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-31 07:01:30", "1398657", "8.134.108.73:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:10", "100", "False", "https://search.censys.io/hosts/8.134.108.73", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-01-30 08:47:19", "1396136", "38.146.28.93:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:44:39", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-30 08:45:48", "1396135", "185.33.86.15:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:42", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-30 08:01:38", "1396130", "38.146.28.93:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:44:40", "100", "False", "https://search.censys.io/hosts/38.146.28.93", "AS174,backdoor,C2,censys,COGENT-174,Ransomhub", "0", "DonPasci" "2025-01-30 08:01:37", "1396129", "193.203.49.90:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:47", "100", "False", "https://search.censys.io/hosts/193.203.49.90", "AS204957,backdoor,C2,censys,GREENFLOID-AS,Ransomhub", "0", "DonPasci" "2025-01-30 04:01:31", "1396102", "185.33.86.15:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:42", "100", "False", "https://search.censys.io/hosts/185.33.86.15", "AS202015,backdoor,C2,censys,HZ-US-AS,Ransomhub", "0", "DonPasci" "2025-01-26 08:46:00", "1394408", "54.38.94.225:8883", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:45:00", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-01-25 20:47:04", "1394158", "54.38.94.225:8880", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:45:00", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-01-23 07:00:09", "1391935", "173.44.141.226:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:34", "100", "False", "https://search.censys.io/hosts/173.44.141.226", "AS62904,backdoor,C2,censys,Ransomhub", "0", "DonPasci" "2025-01-17 09:16:20", "1384954", "92.118.112.208:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:45:21", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:16:19", "1384953", "92.118.112.208:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:45:21", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:16:15", "1384947", "88.119.175.65:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:45:17", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:16:15", "1384948", "88.119.175.65:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:45:17", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:15:21", "1384933", "38.180.81.153:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:44:40", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:15:21", "1384934", "38.180.81.153:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:44:40", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:14:13", "1384921", "167.99.139.231:8004", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-18 12:43:29", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-01-17 09:13:19", "1384912", "185.174.101.240:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:38", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:13:19", "1384913", "185.174.101.240:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:38", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:13:19", "1384914", "185.174.101.69:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:38", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:13:19", "1384915", "185.174.101.69:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:38", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:12:27", "1384908", "108.181.115.171:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:09", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 09:12:27", "1384909", "108.181.115.171:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-18 12:43:09", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-01-17 07:45:55", "1384790", "at1.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-17 07:45:55", "1384791", "at2.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-17 07:45:55", "1384792", "at3.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 13:55:47", "1381420", "77.238.236.123:18300", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:45:09", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-01-10 13:43:51", "1381067", "112.5.58.181:7001", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-05-18 12:43:10", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:38", "1380875", "update.mloadspring.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:38", "1380878", "upgrade.mloadspring.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:30", "1380837", "ns3.akawowfast.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:30", "1380841", "ns3.translategoos.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:29", "1380833", "ns2.translategoos.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:27", "1380818", "ns2.cmbchina.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:26", "1380815", "ns2.akawowfast.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:25", "1380811", "ns1.translategoos.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:20", "1380783", "ns1.akawowfast.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:20", "1380787", "ns1.cmbchina.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 09:14:19", "1380782", "ns.jumpservers.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:18:57", "1380635", "8.219.78.159:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:18:43", "1380629", "70.34.196.238:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:18:28", "1380607", "47.98.134.252:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:17:37", "1380569", "38.54.115.233:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:00", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:17:20", "1380533", "207.148.68.118:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:16:46", "1380477", "16.162.137.167:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:16:21", "1380446", "139.180.189.95:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:15:44", "1380421", "118.25.91.151:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:46", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 08:15:43", "1380420", "117.72.39.83:43872", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-01-10 04:04:28", "1380232", "38.207.179.146:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:41", "100", "False", "https://search.censys.io/hosts/38.207.179.146", "AS139659,C2,censys,LUCID-AS-AP,Mythic", "0", "DonPasci" "2025-01-01 04:03:19", "1376919", "86.124.168.255:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2026-05-18 12:45:17", "100", "False", "https://search.censys.io/hosts/86.124.168.255", "AS8708,c2,censys,RCS-RDS,SocGholish", "0", "DonPasci" "2024-12-24 08:00:43", "1359401", "8.153.97.202:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:22", "100", "False", "https://search.censys.io/hosts/8.153.97.202", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-12-24 04:01:34", "1359309", "91.199.154.103:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:45:19", "100", "False", "https://search.censys.io/hosts/91.199.154.103", "AS62212,C2,censys,Sliver", "0", "DonPasci" "2024-12-20 09:04:31", "1358812", "47.93.240.197:65433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:11", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2024-12-16 16:01:41", "1357389", "45.56.69.210:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:46", "100", "False", "https://search.censys.io/hosts/45.56.69.210", "AKAMAI-LINODE-AP,AS63949,censys,EvilGoPhish,panel,Phishing", "0", "DonPasci" "2024-12-12 06:21:40", "1356002", "113.44.90.0:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:10", "100", "False", "https://search.censys.io/hosts/113.44.90.0", "AS55990,censys,Viper", "0", "dyingbreeds_" "2024-12-06 07:36:52", "1352876", "139.196.126.161:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:44", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2024-12-02 21:01:15", "1350210", "117.72.39.83:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:44", "100", "False", "https://search.censys.io/hosts/117.72.39.83", "AS141679,C2,censys", "0", "dyingbreeds_" "2024-12-01 07:43:42", "1349957", "117.72.39.83:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:43", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2024-11-30 20:06:19", "1349567", "216.118.101.24:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:20", "100", "False", "", "censys,panel,Viper", "0", "NDA0E" "2024-11-30 20:06:11", "1349531", "216.118.101.132:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:04", "100", "False", "", "censys,panel,Viper", "0", "NDA0E" "2024-11-30 20:06:08", "1349510", "216.118.101.199:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:14", "100", "False", "", "censys,panel,Viper", "0", "NDA0E" "2024-11-30 20:06:04", "1349492", "216.118.101.216:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:16", "100", "False", "", "censys,panel,Viper", "0", "NDA0E" "2024-11-30 20:05:51", "1349438", "216.118.101.54:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:26", "100", "False", "", "censys,panel,Viper", "0", "NDA0E" "2024-11-29 13:56:30", "1348902", "216.118.101.108:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:44:00", "100", "False", "", "Viper", "0", "dyingbreeds_" "2024-11-27 19:47:54", "1348295", "47.90.142.15:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:38", "100", "False", "", "censys,CobaltStrike", "0", "NDA0E" "2024-11-27 19:47:07", "1348026", "8.137.114.210:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:25", "100", "False", "", "censys,CobaltStrike", "0", "NDA0E" "2024-11-19 18:00:05", "1346058", "servicioremotoempresas.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-10-30 17:53:55", "1340201", "146.70.158.198:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:20", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Sliver%20C2", "c2,sliver,sliverc2", "0", "TheRavenFile" "2024-10-29 08:02:00", "1339913", "39.107.242.125:666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:02", "100", "False", "None", "CobaltStrike,cs-watermark-426352781", "0", "abuse_ch" "2024-10-22 13:56:41", "1338675", "https://stripplasst.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:10:15", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-10-22 13:56:39", "1338673", "https://skinnyjeanso.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:02:19", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-10-22 13:56:34", "1338670", "https://coolarition.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:18:17", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-10-06 12:01:50", "1334295", "47.116.17.233:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:08", "100", "False", "https://search.censys.io/hosts/47.116.17.233", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-10-02 06:31:45", "1332624", "154.221.17.44:2888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:51", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2024-10-01 16:02:09", "1332328", "195.100.198.220:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:50", "100", "False", "https://search.censys.io/hosts/195.100.198.220", "AS5400,BT,C2,censys,Mythic", "0", "DonPasci" "2024-09-27 16:02:26", "1330880", "45.74.34.32:1995", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-18 12:44:47", "100", "False", "https://search.censys.io/hosts/45.74.34.32", "AS9009,C2,censys,DcRAT,M247,RAT", "0", "DonPasci" "2024-09-25 08:00:47", "1329042", "118.25.148.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:33", "100", "False", "https://search.censys.io/hosts/118.25.148.25", "AS45090,C2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci" "2024-09-20 08:01:06", "1326604", "206.210.123.104:8889", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:54", "100", "False", "https://search.censys.io/hosts/206.210.123.104", "AS33130,C2,censys,IASL,RAT", "0", "DonPasci" "2024-09-19 16:01:20", "1326366", "189.115.194.189:9990", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:43", "100", "False", "https://search.censys.io/hosts/189.115.194.189", "AS18881,C2,censys,RAT,TELEFONICA", "0", "DonPasci" "2024-09-19 14:07:51", "1326051", "https://isomicrotich.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:10:20", "50", "False", "None", "1.7,Alpha", "0", "spamhaus" "2024-09-19 14:07:50", "1326052", "https://rilomenifis.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:18:23", "50", "False", "None", "1.7,Alpha", "0", "spamhaus" "2024-09-07 16:01:45", "1321901", "64.23.213.61:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:45:05", "100", "False", "https://search.censys.io/hosts/64.23.213.61", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2024-09-01 12:00:42", "1319266", "154.221.17.44:2666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:51", "100", "False", "https://search.censys.io/hosts/154.221.17.44", "AS142403,C2,censys,CobaltStrike,cs-watermark-666666666,YISUCLOUDLTD-HK", "0", "DonPasci" "2024-08-30 07:05:10", "1317376", "https://pikchestop.com/test/", "url", "botnet_cc", "win.lactrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:09:45", "49", "False", "https://www.netskope.com/jp/blog/latrodectus-rapid-evolution-continues-with-latest-new-payload-features", "None", "0", "johannes" "2024-08-30 07:05:10", "1317377", "https://indepahote.com/test/", "url", "botnet_cc", "win.lactrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-18 13:19:48", "49", "False", "https://www.netskope.com/jp/blog/latrodectus-rapid-evolution-continues-with-latest-new-payload-features", "None", "0", "johannes" "2024-08-29 00:01:11", "1317070", "86.53.241.21:447", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:45:17", "100", "False", "https://search.censys.io/hosts/86.53.241.21", "AS3257,C2,censys,GTT-BACKBONE,RAT", "0", "DonPasci" "2024-08-27 04:00:34", "1316522", "107.22.165.49:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:09", "100", "False", "https://search.censys.io/hosts/107.22.165.49", "AMAZON-AES,AS14618,C2,censys,RAT", "0", "DonPasci" "2024-08-19 19:55:59", "1313657", "193.19.242.55:1443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:47", "100", "False", "https://search.censys.io/hosts/193.19.242.55", "AS35319,AS48964,C2,censys,RAT", "0", "DonPasci" "2024-08-18 14:04:40", "1313194", "110.13.35.37:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:09", "100", "False", "https://search.censys.io/hosts/110.13.35.37", "AS9318,C2,censys,RAT,SKB-AS", "0", "DonPasci" "2024-08-17 14:04:20", "1312402", "20.188.119.195:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:52", "100", "False", "https://search.censys.io/hosts/20.188.119.195", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2024-08-17 02:04:24", "1312338", "210.249.114.154:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:57", "100", "False", "https://search.censys.io/hosts/210.249.114.154", "AS2516,C2,censys,RAT", "0", "DonPasci" "2024-08-16 14:02:33", "1312117", "20.188.119.195:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:53", "100", "False", "https://search.censys.io/hosts/20.188.119.195", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2024-08-15 22:40:43", "1311619", "23.24.178.35:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:44:34", "100", "False", "https://search.censys.io/hosts/23.24.178.35", "AS20214,C2,censys,COMCAST-20214,RAT", "0", "DonPasci" "2024-08-15 22:40:39", "1311614", "120.25.239.36:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:11", "100", "False", "https://search.censys.io/hosts/120.25.239.36", "ALIBABA-CN-NET,AS37963,C2,censys,RAT", "0", "DonPasci" "2024-08-15 04:02:49", "1310952", "47.100.16.83:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 09:46:17", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2024-08-11 21:50:57", "1309755", "146.70.158.198:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:20", "100", "False", "https://search.censys.io/hosts/146.70.158.198", "AS9009,C2,censys,M247", "0", "DonPasci" "2024-07-09 19:05:36", "1296480", "43.138.0.179:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:28", "100", "False", "None", "CobaltStrike,cs-watermark-0,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-07-09 06:51:58", "1296006", "213.149.181.121:469", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:58", "50", "False", "https://search.censys.io/hosts/213.149.181.121", "CYTA-NETWORK Internet Services,NetSupportRAT", "0", "drb_ra" "2024-07-09 06:51:48", "1296003", "20.105.139.205:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:52", "50", "False", "https://search.censys.io/hosts/20.105.139.205", "MICROSOFT-CORP-MSN-AS-BLOCK,NetSupportRAT", "0", "drb_ra" "2024-07-08 06:51:14", "1295752", "210.249.114.153:80", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:57", "50", "False", "https://search.censys.io/hosts/210.249.114.153", "KDDI KDDI CORPORATION,NetSupportRAT", "0", "drb_ra" "2024-07-07 03:48:38", "1295405", "23.24.178.33:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:44:34", "50", "False", "https://search.censys.io/hosts/23.24.178.33", "COMCAST-7922,NetSupportRAT", "0", "drb_ra" "2024-07-03 06:52:14", "1292877", "210.249.114.154:80", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:57", "50", "False", "https://search.censys.io/hosts/210.249.114.154", "KDDI KDDI CORPORATION,NetSupportRAT", "0", "drb_ra" "2024-07-01 10:05:40", "1291417", "198.244.197.118:9443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:51", "50", "False", "https://search.censys.io/hosts/198.244.197.118", "NetSupportRAT,OVH", "0", "drb_ra" "2024-07-01 10:05:30", "1291414", "206.210.123.104:8888", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:54", "50", "False", "https://search.censys.io/hosts/206.210.123.104", "IASL,NetSupportRAT", "0", "drb_ra" "2024-07-01 10:05:19", "1291411", "61.96.204.117:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:45:02", "50", "False", "https://search.censys.io/hosts/61.96.204.117", "DREAMX-AS DREAMLINE CO.,NetSupportRAT", "0", "drb_ra" "2024-07-01 10:05:15", "1291410", "185.23.192.33:444", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:41", "50", "False", "https://search.censys.io/hosts/185.23.192.33", "NetSupportRAT,WINET", "0", "drb_ra" "2024-07-01 10:05:10", "1291409", "2.136.235.200:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:51", "50", "False", "https://search.censys.io/hosts/2.136.235.200", "NetSupportRAT,TELEFONICA_DE_ESPANA", "0", "drb_ra" "2024-07-01 10:04:31", "1291397", "210.249.114.153:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-18 12:43:57", "50", "False", "https://search.censys.io/hosts/210.249.114.153", "KDDI KDDI CORPORATION,NetSupportRAT", "0", "drb_ra" "2024-06-30 21:00:04", "1291297", "londopas.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-30 21:00:03", "1291296", "berjimek.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-30 10:13:19", "1291010", "www.qianxinnbplus.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:49", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,HKLNIL Landui Cloud ComputingHK Limited", "0", "drb_ra" "2024-06-26 17:08:27", "1289464", "50.116.12.237:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 07:28:33", "100", "False", "None", "CobaltStrike,cs-watermark-426352781", "0", "abuse_ch" "2024-06-26 17:07:43", "1289423", "152.32.202.240:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:50", "100", "False", "None", "CobaltStrike,cs-watermark-666666", "0", "abuse_ch" "2024-06-22 06:45:48", "1287670", "91.199.154.103:34211", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:45:19", "50", "False", "https://search.censys.io/hosts/91.199.154.103", "Sliver", "0", "drb_ra" "2024-06-16 14:42:03", "1285430", "ieee-ecce.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-16 14:42:03", "1285431", "kauzalvip.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-16 14:42:03", "1285432", "nakit-yok.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-16 14:42:03", "1285433", "nathanhr.services", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-10 09:26:05", "1283657", "support.whatsappsignup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:51", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,PEG TECH INC", "0", "drb_ra" "2024-06-02 19:42:15", "1278385", "static.nvidiadrives.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-06-02 08:38:33", "1278172", "119.91.208.190:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:53", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-06-01 13:08:25", "1277937", "47.109.69.135:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:56", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-05-31 12:57:33", "1277588", "101.43.32.212:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:51", "100", "False", "None", "CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-05-29 12:53:46", "1276810", "asterchildrenshoes.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:58", "100", "False", "None", "BL Networks,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-05-29 12:52:55", "1276802", "124.223.41.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:53", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-05-29 10:17:04", "1276786", "8.210.9.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:57", "100", "False", "None", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-0", "0", "drb_ra" "2024-05-25 22:18:29", "1275630", "pt-security.ru", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:51", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,MTW-AS", "0", "drb_ra" "2024-05-24 13:15:35", "1274726", "47.92.127.53:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:56", "100", "False", "None", "CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-05-22 11:06:58", "1273973", "119.28.83.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:53", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-05-21 18:51:48", "1273882", "51.15.16.116:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2026-05-18 12:44:59", "50", "False", "https://search.censys.io/hosts/51.15.16.116", "Online SAS,SocGholish", "0", "drb_ra" "2024-05-21 12:53:29", "1273456", "139.159.203.44:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:54", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center", "0", "drb_ra" "2024-05-19 07:56:13", "1272788", "123.58.198.236:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:53", "100", "False", "None", "CobaltStrike,cs-watermark-391144938,UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED", "0", "drb_ra" "2024-05-16 07:53:43", "1271699", "vip8806.mom", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:51", "100", "False", "None", "CNSERVERS LLC,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-05-15 22:13:26", "1271605", "blmdiscount.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:50", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,FBWNETWORKS", "0", "drb_ra" "2024-05-15 22:13:26", "1271606", "91.238.181.235:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:58", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,FBWNETWORKS", "0", "drb_ra" "2024-05-15 15:33:07", "1271347", "118.25.85.198:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:46", "100", "False", "https://search.censys.io/hosts/118.25.85.198", "AS45090,c2,censys,CobaltStrike,cs-watermark-305419896,TENCENT-NET-AP", "0", "DonPasci" "2024-05-14 10:14:21", "1270684", "64.7.198.58:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:57", "100", "False", "None", "BLNWX,CobaltStrike,cs-watermark-426352781", "0", "drb_ra" "2024-05-11 22:47:31", "1269727", "113.31.105.33:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:52", "100", "False", "None", "China Telecom (Group),CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-05-11 22:47:10", "1269724", "185.196.8.18:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:55", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Simple Carrier LLC", "0", "drb_ra" "2024-05-11 22:47:09", "1269723", "action-winds.cfd", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:58", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Simple Carrier LLC", "0", "drb_ra" "2024-05-11 22:47:08", "1269721", "microstar.cfd", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:58", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Simple Carrier LLC", "0", "drb_ra" "2024-05-07 10:14:57", "1267565", "113.31.106.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:52", "100", "False", "None", "CHINANET-SHANGHAI-MAN China Telecom Group,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-05-07 07:48:08", "1267486", "111.230.12.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:52", "100", "False", "https://search.censys.io/hosts/111.230.12.238", "AS45090,c2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci" "2024-05-06 12:49:25", "1266959", "134.122.130.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:54", "100", "False", "None", "BGPNET Global ASN,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-29 12:51:26", "1263972", "134.122.130.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:53", "100", "False", "None", "BGPNET Global ASN,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-28 17:59:06", "1263319", "124.71.106.234:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:53", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,Huawei Cloud Service data center", "0", "drb_ra" "2024-04-26 12:59:31", "1262666", "118.31.116.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:52", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 22:12:56", "1262568", "8.134.11.7:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:57", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-24 13:08:20", "1261845", "165.227.108.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:55", "100", "False", "None", "CobaltStrike,cs-watermark-970865301,DigitalOcean LLC", "0", "drb_ra" "2024-04-23 18:05:49", "1260893", "80.66.75.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:57", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,GRIZ-INET-SERVICE", "0", "drb_ra" "2024-04-23 18:05:43", "1260890", "101.201.54.74:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:51", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-21 15:09:17", "1259796", "62.204.41.11:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:56", "100", "False", "https://search.censys.io/hosts/62.204.41.11", "AS59425,c2,censys,CobaltStrike,cs-watermark-1580103824,HORIZONMSK-AS", "0", "DonPasci" "2024-04-11 10:15:16", "1255726", "124.220.6.158:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:47", "100", "False", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28services.software.uniform_resource_identifier%3A+%60cpe%3A2.3%3Aa%3Afortra%3Acobalt_strike%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-04-11 10:15:15", "1255727", "124.220.6.158:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:47", "100", "False", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28services.software.uniform_resource_identifier%3A+%60cpe%3A2.3%3Aa%3Afortra%3Acobalt_strike%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-04-09 06:47:29", "1255012", "159.223.0.103:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:25", "50", "False", "https://search.censys.io/hosts/159.223.0.103", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-04-02 10:17:26", "1252542", "185.196.10.121:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:55", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,SIMPLECARRIER", "0", "drb_ra" "2024-03-27 14:42:02", "1250157", "soneypaly.club", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2024-03-27 07:57:29", "1249815", "47.105.69.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:56", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-03-22 19:47:18", "1248363", "https://titnovacrion.top/live/", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "2026-05-18 13:10:21", "100", "False", "", "None", "0", "Cryptolaemus1" "2024-03-09 20:54:40", "1245476", "47.100.87.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:56", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-03-06 20:55:37", "1244781", "194.165.16.55:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:55", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS", "0", "drb_ra" "2024-03-06 10:12:56", "1244726", "googlesupportacc.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:58", "100", "False", "None", "ASSEFLOW,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-03-06 06:48:00", "1244707", "45.150.198.28:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:44:45", "50", "False", "https://search.censys.io/hosts/45.150.198.28", "Pupy RAT,XNNET", "0", "drb_ra" "2024-03-03 13:28:44", "1243964", "121.43.58.124:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:46", "80", "False", "None", "c2,cobalt_strike", "0", "malpulse" "2024-02-21 22:13:19", "1241656", "121.43.55.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:53", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-02-21 14:17:36", "1241525", "121.43.58.124:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:46", "100", "False", "https://search.censys.io/hosts/121.43.58.124", "AS37963,C2,censys", "0", "thehappydinoa" "2024-02-07 10:12:21", "1237621", "qw.regcssv.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:02", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,FLYSERVERS-ASN", "0", "drb_ra" "2024-02-03 19:38:29", "1236591", "43.154.190.128:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:04", "100", "False", "https://search.censys.io/hosts/43.154.190.128", "AS132203,C2,censys", "0", "thehappydinoa" "2024-02-03 19:38:15", "1236577", "ec2-3-22-66-152.us-east-2.compute.amazonaws.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:02", "100", "False", "https://search.censys.io/hosts/3.22.66.152+ec2-3-22-66-152.us-east-2.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys", "0", "thehappydinoa" "2024-02-02 06:00:13", "1236276", "20.56.70.245:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:55", "80", "False", "None", "None", "0", "malpulse" "2024-01-30 06:20:34", "1235332", "www.louangelwolf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:05", "100", "False", "", "cobaltstrike,cs-watermark-1551089073", "0", "myceliumbroker" "2024-01-28 06:22:18", "1234854", "kkudndkwatnfevcaqeefytqnh.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:03", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker" "2024-01-28 06:22:17", "1234859", "whxzqkbbtzvdyxdeseoiyujzs.co", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:04", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker" "2024-01-28 06:22:17", "1234860", "uohhunkmnfhbimtagizqgwpmv.to", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:04", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker" "2024-01-27 14:31:40", "1234928", "114.55.133.151:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:52", "100", "False", "https://search.censys.io/hosts/114.55.133.151", "AS37963,C2,censys", "0", "thehappydinoa" "2024-01-27 14:31:20", "1234909", "117.72.39.83:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:43", "100", "False", "https://search.censys.io/hosts/117.72.39.83", "AS141679,C2,censys", "0", "thehappydinoa" "2024-01-24 18:49:24", "1234304", "38.147.189.199:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:44:40", "50", "False", "https://search.censys.io/hosts/38.147.189.199", "Pupy RAT,XNNET", "0", "drb_ra" "2024-01-23 13:53:21", "1233919", "www.idn15r69vh3fwhzclfoeuaoy.today", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:04", "100", "False", "https://search.censys.io/hosts/8.219.229.99+www.idn15r69vh3fwhzclfoeuaoy.today", "AS45102,C2,censys", "0", "thehappydinoa" "2024-01-18 13:44:13", "1231802", "164-90-169-184.cprapid.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:04", "100", "False", "https://search.censys.io/hosts/164.90.169.184+164-90-169-184.cprapid.com", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa" "2024-01-15 16:27:00", "1230909", "lz4.tiktok123.life", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:03", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker" "2024-01-13 06:47:25", "1230478", "164.92.79.49:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:28", "50", "False", "https://search.censys.io/hosts/164.92.79.49", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-01-12 18:36:24", "1230429", "site.dev.hutechweb.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:04", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker" "2024-01-11 06:54:21", "1230076", "ns1.fiducaire.lu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:03", "100", "False", "", "cobaltstrike,cs-watermark-1263551644", "0", "myceliumbroker" "2024-01-11 06:54:21", "1230077", "ns1.asurances.lu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:03", "100", "False", "", "cobaltstrike,cs-watermark-1263551644", "0", "myceliumbroker" "2024-01-11 06:54:20", "1230078", "sagsblog.telinduslab.lu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:04", "100", "False", "", "cobaltstrike,cs-watermark-1263551644", "0", "myceliumbroker" "2024-01-11 06:54:20", "1230079", "ns1.jocelynhealth.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:03", "100", "False", "", "cobaltstrike,cs-watermark-1590258876", "0", "myceliumbroker" "2024-01-10 10:50:13", "1229840", "ns.emaratalyoum.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:03", "100", "False", "", "cobaltstrike,cs-watermark-1727139162", "0", "myceliumbroker" "2024-01-10 06:48:20", "1229817", "161.35.239.147:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-18 12:43:26", "50", "False", "https://search.censys.io/hosts/161.35.239.147", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-01-09 14:55:19", "1229694", "emailmigration.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:02", "100", "False", "", "cobaltstrike,cs-watermark-1892870985", "0", "myceliumbroker" "2024-01-09 14:55:17", "1229695", "ns1.emailmigration.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:03", "100", "False", "", "cobaltstrike,cs-watermark-1892870985", "0", "myceliumbroker" "2024-01-09 08:45:29", "1229661", "111.92.243.236:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:52", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,HFTCL-AS-AP High Family Technology Co. Limited", "0", "drb_ra" "2024-01-05 21:31:13", "1228458", "139.9.62.19:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:54", "100", "False", "https://search.censys.io/hosts/139.9.62.19", "C2,censys", "0", "thehappydinoa" "2024-01-05 14:48:41", "1228181", "101.133.225.51:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:36", "100", "False", "https://search.censys.io/hosts/101.133.225.51", "C2,censys", "0", "thehappydinoa" "2024-01-05 06:45:36", "1228033", "143.110.151.209:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:18", "50", "False", "https://search.censys.io/hosts/143.110.151.209", "DIGITALOCEAN-ASN,Sliver", "0", "drb_ra" "2024-01-02 14:31:12", "1227297", "106.54.209.36:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:51", "100", "False", "https://search.censys.io/hosts/106.54.209.36", "C2,censys", "0", "thehappydinoa" "2023-12-30 11:33:25", "1226488", "astra4512.startdedicated.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:05", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,GD-EMEA-DC-SXB1", "0", "drb_ra" "2023-12-27 22:15:29", "1224105", "cs.xcb.one", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:05", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra" "2023-12-26 06:46:27", "1223678", "8.140.203.92:7817", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-05-18 12:45:10", "50", "False", "https://search.censys.io/hosts/8.140.203.92", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Deimos", "0", "drb_ra" "2023-12-18 05:00:11", "1221451", "62.234.27.204:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:57", "80", "False", "None", "None", "0", "malpulse" "2023-12-16 22:12:14", "1213636", "MicrosoftSyst3m.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:06", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,GLOBALLAYER", "0", "drb_ra" "2023-12-15 18:59:31", "1213211", "117.72.39.83:33333", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:43", "100", "False", "https://search.censys.io/hosts/117.72.39.83", "C2,censys", "0", "thehappydinoa" "2023-12-04 08:45:50", "1209246", "unzip2.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:06", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2023-11-24 08:21:04", "1205166", "techsyscloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-11-24 08:21:04", "1205167", "yify88.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-11-24 08:21:02", "1205164", "americcorp.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-11-22 20:04:09", "1204685", "tech-guard.vguard.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:08", "100", "False", "https://search.censys.io/hosts/44.204.120.159+tech-guard.vguard.tech", "AMAZON-AES,C2,censys", "0", "thehappydinoa" "2023-11-15 20:24:37", "1202628", "ns.manager.moonlighter.space", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:07", "100", "False", "None", "CobaltStrike,cs-watermark-1893164628,DIGITALOCEAN-ASN", "0", "drb_ra" "2023-11-09 17:50:07", "1201144", "101.34.222.38:60000", "ip:port", "botnet_cc", "apk.viper_rat", "None", "Viper RAT", "2026-05-18 12:43:02", "100", "False", "https://search.censys.io/hosts/101.34.222.38", "C2,censys,RAT", "0", "thehappydinoa" "2023-11-09 04:06:44", "1200343", "dev.theokanegroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:08", "100", "False", "https://search.censys.io/hosts/134.209.164.110+dev.theokanegroup.com", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa" "2023-11-06 21:04:29", "1199545", "38.54.115.233:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:00", "80", "False", "None", "None", "0", "malpulse" "2023-11-06 18:07:30", "1199506", "bwyb.love", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:06", "100", "False", "https://search.censys.io/hosts/47.242.158.114+bwyb.love", "C2,censys", "0", "thehappydinoa" "2023-11-05 15:00:42", "1199160", "www.sunwu.world", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:08", "100", "False", "https://search.censys.io/hosts/82.157.149.194+www.sunwu.world", "C2,censys", "0", "thehappydinoa" "2023-10-24 10:39:59", "1192255", "139.155.148.131:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:54", "100", "False", "https://search.censys.io/hosts/139.155.148.131", "C2,censys", "0", "thehappydinoa" "2023-10-20 21:57:56", "1191379", "www.goocoinorg.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:08", "100", "False", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=name%3A+www.goocoinorg.com&ref=threatfox", "C2,censys", "0", "thehappydinoa" "2023-10-16 08:49:32", "1189545", "airlinesapp.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:06", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,DigitalOcean LLC", "0", "drb_ra" "2023-10-13 19:49:34", "1188605", "lectricelfuel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:07", "100", "False", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=name%3A+lectricelfuel.com&ref=threatfox", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa" "2023-10-12 01:35:38", "1187879", "143.110.151.209:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-18 12:43:18", "90", "False", "https://search.censys.io/hosts/143.110.151.209", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa" "2023-10-11 12:59:56", "1187462", "117.72.8.192:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:52", "100", "False", "https://search.censys.io/hosts/117.72.8.192", "C2,censys", "0", "thehappydinoa" "2023-09-30 16:12:13", "1180378", "111.229.187.212:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:51", "80", "False", "None", "None", "0", "malpulse" "2023-09-21 09:29:08", "1165497", "igo0gle.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:05", "100", "False", "None", "AS-ALVIVA,CobaltStrike,cs-watermark-674054486", "0", "drb_ra" "2023-09-20 18:47:20", "1165172", "8.217.217.243:8082", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-05-18 12:45:11", "50", "False", "https://search.censys.io/hosts/8.217.217.243", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Deimos", "0", "drb_ra" "2023-09-09 20:06:55", "1155921", "csxv.sec.cm", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:06", "100", "False", "None", "CHANGWAY-AS,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2023-09-05 21:52:59", "1155319", "43.136.38.59:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:56", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2023-08-26 18:42:05", "1152278", "withoutedge.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:04", "1152277", "thconnewfoot.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:03", "1152274", "caixas.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:03", "1152275", "ddllsearch.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:03", "1152276", "gepcash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:02", "1152272", "amazonclouds.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-26 18:42:02", "1152273", "amur-city.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-23 11:56:21", "1151693", "43.153.222.28:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:40", "100", "False", "None", "CobaltStrike,cs-watermark-100000,Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2023-08-14 18:46:43", "1149951", "164.92.145.128:7810", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-05-18 12:43:28", "50", "False", "https://search.censys.io/hosts/164.92.145.128", "Brute Ratel C4,DIGITALOCEAN-ASN", "0", "drb_ra" "2023-08-14 16:00:05", "1149946", "pctor.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-14 16:00:04", "1149945", "tehomics.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-14 16:00:03", "1149944", "instant-healthonline.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-08-05 14:38:23", "1148731", "stratpringl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:12", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,PINDC-AS", "0", "drb_ra" "2023-08-04 11:01:52", "1148487", "onlinetechdesk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:13", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike,cs-watermark-587247372", "0", "drb_ra" "2023-08-03 10:25:44", "1146843", "harmonyshoused.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:13", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,HVC-AS", "0", "drb_ra" "2023-08-03 10:24:41", "1146834", "api.office-updates.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:06", "100", "False", "None", "CobaltStrike,cs-watermark-494165167,DIGITALOCEAN-ASN", "0", "drb_ra" "2023-08-02 10:24:58", "1146619", "mkbkygbgwcdc.buzz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:11", "100", "False", "None", "CobaltStrike,cs-watermark-391144938,KAOPU-HK Kaopu Cloud HK Limited", "0", "drb_ra" "2023-07-31 11:01:39", "1144026", "ekostroy33.ru", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:28", "100", "False", "None", "AS-SUISSE,CobaltStrike,cs-watermark-0", "0", "drb_ra" "2023-07-25 10:17:22", "1140114", "tcessolution.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:08", "100", "False", "None", "AS202973,CobaltStrike,cs-watermark-587247372", "0", "drb_ra" "2023-07-15 12:48:31", "1138196", "rw1.sentrysource.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:04", "100", "False", "None", "CobaltStrike,cs-watermark-93937751,ROGERS-COMMUNICATIONS", "0", "drb_ra" "2023-07-03 15:42:02", "1135804", "pedagogists.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-07-03 15:42:01", "1135803", "cdnsupply.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-06-28 22:51:22", "1134787", "1.15.248.225:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:51", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2023-06-26 08:12:17", "1134128", "check1.judicical.ml", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:27", "100", "False", "None", "CNSERVERS,CobaltStrike,cs-watermark-100000000", "0", "drb_ra" "2023-06-26 08:11:33", "1134127", "check.judicical.ml", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:27", "100", "False", "None", "CNSERVERS,CobaltStrike,cs-watermark-100000000", "0", "drb_ra" "2023-06-22 17:12:29", "1133505", "usadevgroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:14", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,WAICORE-TRANSIT", "0", "drb_ra" "2023-06-11 22:26:06", "1128165", "heastings.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:14", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,M247", "0", "drb_ra" "2023-06-11 17:23:14", "1128099", "45.135.118.251:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:05", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra" "2023-06-09 20:00:05", "1127715", "unitechdb.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-06-09 20:00:04", "1127713", "cornptia.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-06-09 20:00:04", "1127714", "eyefinancemonitor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-06-08 16:27:41", "1127447", "surplusofer.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:14", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,HVC-AS", "0", "drb_ra" "2023-05-25 15:42:02", "1122048", "dianqi2.dianqi1.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:28", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra" "2023-05-25 15:41:46", "1122047", "dianqi1.dianqi2.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:28", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra" "2023-05-25 15:41:31", "1122046", "dianqi2.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:28", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra" "2023-05-25 15:41:10", "1122045", "dianqi1.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:45:28", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra" "2023-05-23 12:37:36", "1120772", "australiansuper.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:14", "100", "False", "None", "Amazon.com Inc.,CobaltStrike,cs-watermark-348901740", "0", "drb_ra" "2023-05-16 10:00:03", "1116637", "sheersdesigns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-05-16 10:00:02", "1116636", "artmicrodesign.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-05-10 18:49:37", "1114522", "103.27.186.185:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:43:05", "50", "False", "https://search.censys.io/hosts/103.27.186.185", "Pupy RAT,SNL-HK Starry Network Limited", "0", "drb_ra" "2023-05-06 16:13:31", "1112839", "situotech.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:15", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,HARMONYHOSTING-AS", "0", "drb_ra" "2023-05-05 12:42:01", "1111486", "143.42.74.25:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:43:18", "50", "False", "https://search.censys.io/hosts/143.42.74.25", "AKAMAI-LINODE-AP Akamai Connected Cloud,Pupy RAT", "0", "drb_ra" "2023-05-05 12:41:05", "1111457", "35.201.196.246:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-05-18 12:44:39", "50", "False", "https://search.censys.io/hosts/35.201.196.246", "GOOGLE-CLOUD-PLATFORM,Pupy RAT", "0", "drb_ra" "2023-05-04 06:46:43", "1110863", "39.106.36.96:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-05-18 12:44:42", "50", "False", "https://search.censys.io/hosts/39.106.36.96", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Deimos", "0", "drb_ra" "2023-05-04 06:46:41", "1110862", "36.95.131.171:9091", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-05-18 12:44:39", "50", "False", "https://search.censys.io/hosts/36.95.131.171", "Deimos,TELKOMNET-AS-AP PT Telekomunikasi Indonesia", "0", "drb_ra" "2023-05-04 06:46:35", "1110860", "18.162.155.202:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-05-18 12:43:36", "50", "False", "https://search.censys.io/hosts/18.162.155.202", "AMAZON-02,Deimos", "0", "drb_ra" "2023-05-04 06:46:33", "1110859", "8.218.26.114:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-05-18 12:45:11", "50", "False", "https://search.censys.io/hosts/8.218.26.114", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Deimos", "0", "drb_ra" "2023-05-04 06:46:30", "1110858", "3.209.12.178:3060", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-05-18 12:44:35", "50", "False", "https://search.censys.io/hosts/3.209.12.178", "AMAZON-AES,Deimos", "0", "drb_ra" "2023-04-22 18:00:03", "1106335", "maboloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-04-22 18:00:03", "1106336", "matong.buzz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-04-21 10:20:17", "1105988", "qw.sveexec.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:15", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,GLOBALLAYER", "0", "drb_ra" "2023-04-15 12:28:52", "1103771", "77.242.250.36:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:57", "100", "False", "None", "CobaltStrike,cs-watermark-1416875320", "0", "drb_ra" "2023-04-12 09:02:56", "1102558", "lls-rs.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:16", "100", "False", "None", "CobaltStrike,cs-watermark-0,PROSPERO-AS", "0", "drb_ra" "2023-04-03 07:21:03", "1096685", "iony.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-04-03 07:21:03", "1096686", "office36o.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-04-03 07:21:02", "1096683", "feyrijavac.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-04-03 07:21:02", "1096684", "fidelyus.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-29 22:27:30", "1095276", "jacketsupport.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:16", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,GLOBALLAYER", "0", "drb_ra" "2023-03-29 04:51:21", "1095042", "duckducklive.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:16", "100", "False", "https://www.virustotal.com/gui/file/b5da1db6d69f2f872e603beb0f121c68f3320ed33a0c9835bfc1a931d177c947", "391144938,Beacon,Cobalt Strike,CobaltStrike", "0", "AndreGironda" "2023-03-28 15:52:23", "1094484", "louvree.abudhabe.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:12", "100", "False", "None", "CobaltStrike,cs-watermark-1826426664,EMIRATES-INTERNET Emirates Internet", "0", "drb_ra" "2023-03-20 17:21:02", "1092077", "jquerymaingame.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 17:21:02", "1092078", "mail-my-account.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 17:21:02", "1092079", "my-accounts-gooogle.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 17:21:02", "1092080", "pegistrationads.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 17:21:01", "1092075", "eaglehardwares.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 17:21:01", "1092076", "information.baby", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-03-20 13:36:29", "1092009", "moviegallerys.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:17", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,UAB Cherry Servers", "0", "drb_ra" "2023-03-17 22:40:17", "1091575", "acroserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:17", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,Flyservers S.A.", "0", "drb_ra" "2023-03-17 19:45:49", "1091535", "atechniques.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:17", "100", "False", "None", "AEZA-AS,CobaltStrike,cs-watermark-674054486", "0", "drb_ra" "2023-03-17 13:33:15", "1091454", "winsatoom.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:19", "100", "False", "None", "AS-CHOOPA,CobaltStrike,cs-watermark-668694132", "0", "drb_ra" "2023-03-13 04:47:12", "1087542", "devoinnanote.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:18", "100", "False", "None", "CobaltStrike,cs-watermark-2130772225,SHARKTECH", "0", "drb_ra" "2023-02-26 09:03:09", "1082976", "ponzinivek.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-26 09:03:09", "1082977", "ruplearben.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-26 09:03:09", "1082978", "talonbilling.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-26 09:03:09", "1082979", "gorillagaz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-26 09:03:09", "1082980", "chanimoblie.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-25 14:42:02", "1082871", "kbnexc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-25 14:42:01", "1082870", "jquerysslx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-25 13:15:07", "1082838", "e-servicesolutions.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:18", "100", "False", "None", "AEZA GROUP Ltd,CobaltStrike,cs-watermark-674054486", "0", "drb_ra" "2023-02-24 02:30:56", "1082591", "devsecurityservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:19", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,Flyservers S.A.", "0", "drb_ra" "2023-02-23 13:06:07", "1082417", "www.vmware.rest", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:24", "100", "False", "None", "AS-CHOOPA,CobaltStrike,cs-watermark-1234567890", "0", "drb_ra" "2023-02-17 18:25:01", "1081018", "galspost.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:19", "100", "False", "None", "CobaltStrike,cs-watermark-1101991775,Microsoft Corporation", "0", "drb_ra" "2023-02-16 14:54:22", "1080735", "imvcatool.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:20", "100", "False", "None", "AEZA-AS,CobaltStrike,cs-watermark-674054486", "0", "drb_ra" "2023-02-04 19:39:46", "1078198", "aspnetcenter.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:22", "100", "False", "None", "CobaltStrike,Web Gostaran Bandar Company PJS", "0", "drb_ra" "2023-02-04 18:42:02", "1078172", "audelr.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-04 18:42:02", "1078173", "csou.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-04 18:42:02", "1078174", "integrated-security.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-04 18:42:02", "1078175", "uranustechsolution.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-02-03 17:24:39", "1078062", "getsafeblog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:23", "100", "False", "None", "CobaltStrike,PLI-AS", "0", "drb_ra" "2023-02-03 00:16:03", "1077913", "39.107.242.125:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 12:46:03", "75", "False", "https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-39-107-242-125-port-80/", "CobaltStrike,RedPacketSecurity", "0", "abuse_ch" "2023-02-02 19:40:26", "1076907", "qw.svcshosvt.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:21", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra" "2023-02-02 19:39:18", "1076896", "nxsimdevelop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:21", "100", "False", "None", "AEZA-AS,CobaltStrike", "0", "drb_ra" "2023-02-01 02:21:19", "1075651", "appdevtechnology.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:19", "100", "False", "None", "AEZA-AS,CobaltStrike", "0", "drb_ra" "2023-01-31 15:09:13", "1075540", "dbx.formsift.io", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:19", "100", "False", "None", "Amazon.com Inc.,CobaltStrike", "0", "drb_ra" "2023-01-29 11:29:55", "1075020", "devcloudpro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:24", "100", "False", "None", "CobaltStrike,FLYSERVERS-ENDCLIENTS", "0", "drb_ra" "2023-01-28 09:40:24", "1074894", "164.90.158.199:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:28", "50", "False", "https://search.censys.io/hosts/164.90.158.199", "DIGITALOCEAN-ASN,Mythic", "0", "drb_ra" "2023-01-28 09:40:10", "1074890", "145.131.8.169:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:19", "50", "False", "https://search.censys.io/hosts/145.131.8.169", "Mythic,SENTIA", "0", "drb_ra" "2023-01-28 09:26:29", "1074833", "130.61.124.23:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-18 12:43:12", "50", "False", "https://search.censys.io/hosts/130.61.124.23", "Covenant,ORACLE-BMC-31898", "0", "drb_ra" "2023-01-25 19:42:03", "1074144", "support-wellsfargovis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-25 19:42:02", "1074141", "recoverporta1.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-25 19:42:02", "1074142", "recoverportal2.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-25 19:42:02", "1074143", "recoveryweb2.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-23 20:33:42", "1073670", "vd-ntds.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:23", "100", "False", "None", "CobaltStrike,PROSPERO-AS", "0", "drb_ra" "2023-01-20 14:21:02", "1070164", "hnsxpharm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-20 14:21:02", "1070165", "myjqueryss.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-20 14:21:02", "1070167", "telusmobility-billed.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-20 14:21:02", "1070168", "thenbkgroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2023-01-20 11:23:14", "1070137", "avdev.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:24", "100", "False", "None", "CobaltStrike,Flyservers S.A.", "0", "drb_ra" "2023-01-19 19:53:20", "1069980", "qw.execsvct.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:25", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra" "2023-01-19 14:15:53", "1069895", "azurecloudfire.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:24", "100", "False", "None", "CobaltStrike,ITRESHENIYA-AS", "0", "drb_ra" "2023-01-19 11:23:42", "1069868", "goupdatemic.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:25", "100", "False", "None", "CobaltStrike,GOOGLE", "0", "drb_ra" "2023-01-18 02:29:29", "1069579", "mwg-update.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:28", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra" "2023-01-13 17:37:32", "1068206", "goodsport2023.win", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:26", "100", "False", "None", "CobaltStrike,VOM", "0", "drb_ra" "2023-01-12 21:56:23", "1068079", "blackandwhiteshoose.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:25", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2023-01-12 20:55:06", "1068045", "qw.svcrencst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:28", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra" "2023-01-12 14:45:18", "1067954", "realsecuritystore.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:28", "100", "False", "None", "CobaltStrike,Private Layer INC", "0", "drb_ra" "2023-01-12 13:04:56", "1067924", "fixx.sbs", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:21", "100", "False", "None", "CobaltStrike,SNEL", "0", "drb_ra" "2023-01-11 10:59:45", "1067646", "allowedcloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:22", "100", "False", "None", "CobaltStrike,HIVELOCITY Inc.", "0", "drb_ra" "2022-12-31 19:48:39", "1064196", "freegaysnews.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:30", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra" "2022-12-31 18:58:09", "1064176", "topgamenetwork.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:30", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-12-31 16:21:02", "1064173", "zfuxwvouqvnttpsrxe.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:52", "1064075", "cloudyspaces.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:52", "1064076", "666621.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064069", "144.217.207.19:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064070", "allsdone.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064071", "ipsandwich.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064072", "cookieholder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064073", "pingcheker.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:51", "1064074", "wagonovk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064062", "microsoftupdateassist.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064063", "qvibova.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064064", "cloudwebpictures.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064065", "metalkost.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064066", "m7r4r2i2.stackpathcdn.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:50", "1064067", "online.cloudwebpictures.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:49", "1064057", "bartiba.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:49", "1064058", "varnart.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:49", "1064059", "nsfdfdfdf.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:49", "1064060", "micorsoft.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:49", "1064061", "aigouing.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064046", "ksplsoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064047", "lastinsuranceteam.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064048", "msdnsservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064049", "securequoteme.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064050", "techdevcorp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064051", "syncorporation.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064052", "visualstudioapp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064053", "altreeservicellc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064054", "discountshadesdirect.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064055", "setechnowork.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:48", "1064056", "technicollit.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064038", "shiyicaster.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064039", "cdn-top.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064040", "onesecondservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064041", "vpnupdaters.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064042", "rodinscoldly.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064043", "antariscapital.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064044", "ftwealthmgt.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:47", "1064045", "iconiq-capitel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064031", "asset-trades.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064032", "telemetrin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064033", "secupdate4win.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064034", "cdn-start.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064035", "capitalmanagementdata.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:46", "1064036", "lawsolutions.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064024", "diegomaster.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064025", "dp-test1.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064026", "cloudkey.digital", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064027", "updatevpncitrix.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064028", "classgum.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064029", "edgeupdater.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:45", "1064030", "gfcbm.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064016", "barmnava.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064017", "firewallwithadvancedserurity.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064018", "lgbtqplusfriendlydomain.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064019", "market-stats.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064020", "apabfs.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064021", "fziomerof.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064022", "fserd.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:44", "1064023", "verofes.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:43", "1064015", "postofficeltdc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064006", "jarvcza.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064007", "teystyjeem.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064008", "faceupfinder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064009", "costacancordia.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064010", "lapsusareskids.world", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064011", "msupdater.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064012", "dwordname.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064013", "trademot.finance", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:42", "1064014", "agreminj.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1063998", "exchangeallltd.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1063999", "guggenheimpartners-survey.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064000", "caresalonservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064001", "just-findncall.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064002", "fluoxi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064003", "buynet.digital", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064004", "everythingchecker.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:41", "1064005", "dezword.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:40", "1063995", "goksearch.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:40", "1063996", "polyhaz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:40", "1063997", "data-protection-test.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:39", "1063992", "update04.microsoft-essentials.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:38", "1063991", "akaluij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:36", "1063989", "43.129.7.189:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:36", "1063990", "82.156.241.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:33", "1063985", "donormix.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:33", "1063986", "hardicki.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:33", "1063987", "stfconnect.onthewifi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:33", "1063988", "agsdef.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063978", "observerinfo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063979", "dehikz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063980", "cocanewline.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063981", "rainqor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063982", "axelkim.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063983", "azimurs.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:32", "1063984", "innovativesitecreations.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:31", "1063972", "creditscore.usbankcreditcards.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:31", "1063975", "megumin.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:31", "1063976", "loanhelp.support", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:31", "1063977", "volsecure.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:30", "1063966", "domtern.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:30", "1063968", "drakr.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:30", "1063969", "devcisco.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:30", "1063971", "web-news-blog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:15", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:29", "1063963", "bankafrika.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:29", "1063964", "mssfr.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:29", "1063965", "edgekey.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063955", "webyoutubeshop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063956", "extic.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063957", "reykh.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063959", "propertynewsclub.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063960", "afindisc.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063961", "propertyinfogroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:28", "1063962", "topnewscompany.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:27", "1063950", "baidenfree.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:27", "1063951", "directoryupdate.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:27", "1063952", "azmnetwork.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:27", "1063953", "onevisioncommunications.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:27", "1063954", "campioni-imam.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063943", "serviceapp1.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063944", "softcloud.digital", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063945", "appmind.center", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063946", "ms-data.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063947", "oracleup.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063948", "topinfocompany.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:26", "1063949", "blockchainstartups-crypto.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063934", "expresssmash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063935", "vgroz.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063936", "baidengop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063937", "ofilopex.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063938", "aabancaa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063939", "shermango.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063940", "nongxinyin.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063941", "a6m1n.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:25", "1063942", "emailbox.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063926", "wxtencent.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063927", "emergeno.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063928", "browngreeer.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063929", "processdec.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063931", "sndm-sndm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063932", "sinergil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:24", "1063933", "vinergil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063918", "westtherr.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063919", "quickaccestwo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063920", "usgrim.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063921", "onelivemusicshop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063922", "zomerax.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063923", "fsamon.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063924", "sscimails.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:23", "1063925", "agentrecovery.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063909", "entertainok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063910", "jatafatuna.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063911", "pluyk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063912", "affinm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063913", "gijoxupe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063914", "vangshares.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063915", "fudupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:22", "1063917", "contemporaryto.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063902", "ziono.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:03", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063903", "lolutow.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:03", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063904", "niht12.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:03", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063905", "slfcorporate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:03", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063906", "baidu-cdn-10.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:03", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063907", "jandoz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:03", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:21", "1063908", "casevor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:20", "1063897", "gotroops.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:00", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:20", "1063898", "wtxservice.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:01", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:20", "1063899", "xevayuhace.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:02", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:20", "1063900", "suppcat.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:02", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:20", "1063901", "softloadup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:03", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063889", "asbetysh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063890", "ascagliarinish.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063891", "ascasdsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063892", "aschamp79sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063893", "aschnurmansh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063894", "aseleeeksh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:19", "1063895", "asensvsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063880", "artist2actresssh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063881", "arturprikhodkosh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063882", "arvin78sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063883", "arvind567shahsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063884", "arvindkkumsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063885", "arvosash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063886", "arwalsersh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063887", "aryaarieash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:18", "1063888", "aryalalexsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063870", "dovaxanil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063871", "hehegahu.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063872", "agriculturemachineries.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063873", "arhipenkolenagenesh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063874", "aritmiagenesh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063875", "artes911sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063876", "arthas89sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063877", "arthurstevens62sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:57", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063878", "arthurtaylor13sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:57", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:17", "1063879", "artis214sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063864", "zipo-cons.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063865", "fazehotafa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063866", "zendriol.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063867", "sezezapa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063868", "sorekipe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:16", "1063869", "zezinuwe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063858", "shrekf.art", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063859", "amaniza.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063860", "microcloud.pro", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063861", "anexuss.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063862", "edictsoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:15", "1063863", "out1etshops.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063851", "stepnbayac.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063852", "chickenpoken.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063853", "hockeysmall.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063854", "orthodoxok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063855", "cocesovo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063856", "familyinsurancepartner.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:14", "1063857", "senebuvuyi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:13", "1063848", "fincheck.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:13", "1063849", "svchosst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:13", "1063850", "conhosst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:12", "1063843", "maximumservers.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:01", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:12", "1063844", "conferencedesk.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:12", "1063845", "bluetechsupply.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:12", "1063846", "allgroupservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:12", "1063847", "acitopram.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:19", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:11", "1063838", "businessservicesolution.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:11", "1063839", "gravyblicus.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:11", "1063840", "firmwarekey.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:11", "1063841", "updateraccount.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:11", "1063842", "mvnetworking.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063832", "avasecurityservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063833", "extranetserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063834", "clacem.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063835", "eonline-cdn.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063836", "cagohufe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:10", "1063837", "vezawahoy.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063826", "tetafup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063827", "api-trend-micro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063828", "digital-hardware.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:00", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063829", "aboutdatabasesoftware.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:00", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063830", "high-control.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:01", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:09", "1063831", "soft-base.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:01", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:08", "1063821", "iptvr.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:08", "1063823", "mingw.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:08", "1063824", "transfercloud.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:08", "1063825", "flashcom.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:07", "1063818", "sciencelifedata.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:07", "1063819", "bookingsupport.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:07", "1063820", "ateyakima.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:06", "1063813", "buy1walmart.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:06", "1063816", "drbeat.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:06", "1063817", "aialadin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:05", "1063810", "hhkj222.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:05", "1063811", "yw2204.shop", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:05", "1063812", "nordicqlobal.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:04", "1063806", "favls.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:04", "1063807", "linkkedin.life", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:04", "1063808", "magellanfit.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:48:03", "1063805", "afspd.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:46:51", "1063804", "164.92.70.225:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-30 19:44:07", "1063802", "abritrum-bridges.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch" "2022-12-28 19:56:09", "1063208", "a.wv2022.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:31", "100", "False", "None", "CobaltStrike,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2022-12-28 02:22:09", "1063123", "apacheorg.wiki", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:30", "100", "False", "None", "CLOUDIE-AS-AP Cloudie Limited,CobaltStrike", "0", "drb_ra" "2022-12-24 19:00:50", "1062406", "updatemicrotok.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:30", "100", "False", "None", "AS-SERVERION,CobaltStrike", "0", "drb_ra" "2022-12-19 21:43:42", "1053949", "eserverx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:31", "100", "False", "None", "AEZA-AS,CobaltStrike", "0", "drb_ra" "2022-12-19 11:41:44", "1050306", "cmdatabase.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:22", "100", "False", "None", "ADM Service Ltd.,CobaltStrike", "0", "drb_ra" "2022-12-17 12:12:59", "1050198", "cloudmane.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:31", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra" "2022-12-13 11:43:38", "1036758", "8.212.49.116:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:57", "100", "False", "None", "Alibaba (US) Technology Co. Ltd.,CobaltStrike", "0", "drb_ra" "2022-12-12 01:38:31", "1036111", "qw.conhoosst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:32", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-12-08 20:45:56", "1035723", "expoglobalservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:33", "100", "False", "None", "CobaltStrike,TIER-NET", "0", "drb_ra" "2022-12-07 20:05:59", "1035558", "www.microsofer.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:40", "100", "False", "None", "CobaltStrike,Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2022-12-05 20:03:53", "1031731", "googlecontentuser.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:33", "100", "False", "https://twitter.com/TheDFIRReport/status/1599780643222654976", "CobaltStrike", "0", "abuse_ch" "2022-12-05 19:27:32", "1031726", "test.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:13", "100", "False", "None", "CobaltStrike,YISUCLOUDLTD-HK YISU CLOUD LTD", "0", "drb_ra" "2022-12-05 11:42:38", "1029025", "palalto.live", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:33", "100", "False", "None", "CobaltStrike,Private Layer INC", "0", "drb_ra" "2022-12-04 20:18:27", "1028963", "esoftwareupdates.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:32", "100", "False", "None", "ASGHOSTNET,CobaltStrike", "0", "drb_ra" "2022-12-02 21:28:11", "1028767", "globalplayservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:33", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2022-12-02 20:50:52", "1028737", "rapidfinact.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:33", "100", "False", "None", "CobaltStrike,SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd", "0", "drb_ra" "2022-12-02 20:38:18", "1028720", "globalsteamclub.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:33", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2022-12-01 20:32:20", "1028501", "get-music-online.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:33", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2022-11-27 16:10:54", "1024554", "msndla.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:32", "100", "False", "None", "CobaltStrike,PONYNET", "0", "drb_ra" "2022-11-24 11:54:46", "1023854", "childhealthresources.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:09", "100", "False", "None", "AMAZON-02,CobaltStrike", "0", "drb_ra" "2022-11-24 11:50:52", "1023821", "360safeupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:32", "100", "False", "None", "CobaltStrike,Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2022-11-20 10:32:06", "1021044", "aksaholdings.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:35", "100", "False", "None", "Amazon.com Inc.,CobaltStrike", "0", "drb_ra" "2022-11-15 06:56:25", "1012628", "msisfx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:35", "100", "False", "https://twitter.com/malware_traffic/status/1592262598195646464", "CobaltStrike", "0", "abuse_ch" "2022-11-12 17:46:46", "1009773", "get-smartbuyer.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:35", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-11-10 11:51:33", "1000509", "qw.stakcl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:35", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-11-08 20:20:30", "991420", "sogouupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:32", "100", "False", "None", "CobaltStrike,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2022-11-07 20:10:29", "985010", "dnsupdatecheck.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:34", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2022-11-04 11:23:08", "973832", "ipulsecloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:42", "100", "False", "None", "CobaltStrike,FLYSERVERS-ENDCLIENTS", "0", "drb_ra" "2022-11-03 12:12:17", "964538", "zadiguser.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:44", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964540", "wasazokiwo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:53", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964541", "yuwajeni.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:45", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964542", "yavahiyil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:44", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964543", "rabihino.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:02", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964545", "nokevohoh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:04", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964546", "rawocav.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:03", "50", "False", "", "None", "1", "_ik_" "2022-11-03 12:12:17", "964548", "deyikurihe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:03", "50", "False", "", "None", "1", "_ik_" "2022-10-30 19:51:44", "952862", "freshuper.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:36", "100", "False", "None", "CobaltStrike,tzulo inc.", "0", "drb_ra" "2022-10-29 12:32:13", "952596", "reebons.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:36", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra" "2022-10-29 12:23:49", "952587", "gaswert.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:36", "100", "False", "None", "CobaltStrike,GLOBAL INTERNET SOLUTIONS LLC", "0", "drb_ra" "2022-10-29 11:54:42", "952582", "sajij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:36", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra" "2022-10-29 10:14:36", "952555", "asasyz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:36", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra" "2022-10-29 10:12:26", "952552", "agazud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:36", "100", "False", "None", "CobaltStrike,LLC Baxet", "0", "drb_ra" "2022-10-29 09:57:36", "952534", "tuuik.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:36", "100", "False", "None", "CobaltStrike,GLOBAL INTERNET SOLUTIONS LLC", "0", "drb_ra" "2022-10-29 09:56:46", "952528", "alfuhin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:39", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra" "2022-10-27 23:43:27", "950974", "amaladin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:36", "100", "False", "None", "CobaltStrike,HOSTKEY-USA", "0", "drb_ra" "2022-10-26 10:09:11", "949937", "aualadin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:36", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra" "2022-10-23 13:42:10", "916136", "bthserv.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:37", "100", "False", "None", "CobaltStrike,Internet Solutions & Innovations LTD.", "0", "drb_ra" "2022-10-23 13:37:35", "916115", "nuesro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:37", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra" "2022-10-23 13:36:50", "916100", "pasadonline.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:35", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-10-22 19:40:40", "915911", "worldsgates.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:41", "100", "False", "None", "CobaltStrike,LUCIDACLOUD LIMITED", "0", "drb_ra" "2022-10-22 19:39:30", "915908", "protramal.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:42", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra" "2022-10-22 01:11:02", "915846", "spltst.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:37", "100", "False", "None", "CobaltStrike,combahton GmbH", "0", "drb_ra" "2022-10-16 13:10:54", "891477", "cehocihit.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:54", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-PHX", "0", "drb_ra" "2022-10-16 12:38:04", "891461", "cloudmicro.pro", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:52", "100", "False", "None", "CobaltStrike,PLI-AS", "0", "drb_ra" "2022-10-13 21:41:28", "887212", "keycloud.live", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:41", "100", "False", "None", "CobaltStrike,PARTNER-AS", "0", "drb_ra" "2022-10-13 21:13:41", "886703", "activeservers.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:00", "100", "False", "None", "Amati Foundation,CobaltStrike", "0", "drb_ra" "2022-10-13 21:12:51", "886693", "newyearbalance.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:41", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra" "2022-10-13 21:02:36", "886516", "xamayojir.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:45", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-PHX", "0", "drb_ra" "2022-10-13 20:58:25", "886499", "xicefoga.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:05", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-WDC", "0", "drb_ra" "2022-10-13 19:51:56", "884091", "ams-prd-cob.nl", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:47", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-10-13 19:35:22", "883488", "tagujog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:46", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-PHX", "0", "drb_ra" "2022-10-13 19:32:23", "883412", "mysqlserver.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:00", "100", "False", "None", "CobaltStrike,ICME", "0", "drb_ra" "2022-10-13 19:23:44", "883142", "xuluxetas.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:45", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-NYC", "0", "drb_ra" "2022-10-12 17:16:11", "880419", "hadujaza.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:50", "100", "False", "https://www.trendmicro.com/en_us/research/22/j/black-basta-infiltrates-networks-via-qakbot-brute-ratel-and-coba.html", "CobaltStrike", "0", "abuse_ch" "2022-10-05 18:54:33", "871733", "softsupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:42", "100", "False", "https://twitter.com/1ZRR4H/status/1577718910652129280", "CobaltStrike", "0", "abuse_ch" "2022-10-05 18:54:33", "871734", "anushl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:42", "100", "False", "https://twitter.com/1ZRR4H/status/1577718910652129280", "CobaltStrike", "0", "abuse_ch" "2022-09-29 08:45:45", "858399", "anbush.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:46", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch" "2022-09-29 08:45:45", "858402", "get-topservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:44", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch" "2022-09-29 08:45:45", "858403", "msoftupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:43", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch" "2022-09-29 08:45:45", "858404", "pregabas.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:43", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch" "2022-09-22 11:26:18", "851096", "34.92.131.12:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:48", "100", "False", "None", "CobaltStrike,Google LLC", "0", "drb_ra" "2022-09-20 16:58:14", "850706", "87.246.7.38:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:50", "75", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch" "2022-09-20 16:57:02", "850701", "cloudmicro.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:46", "100", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch" "2022-09-20 16:57:02", "850702", "fregiyu.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:48", "100", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch" "2022-09-20 16:57:02", "850704", "microcloud.live", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:46", "100", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch" "2022-09-17 21:24:41", "850260", "154.22.117.31:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:49", "100", "False", "None", "CobaltStrike,Cogent Communications", "0", "drb_ra" "2022-09-14 22:07:14", "849761", "198.98.53.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:48", "100", "False", "None", "CobaltStrike,PONYNET", "0", "drb_ra" "2022-09-05 19:10:52", "847988", "globallookclub.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:11", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:50", "847986", "realfunsolutions.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:13", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:48", "847972", "www.service1app.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:10", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:48", "847975", "youronlinesports.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:10", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:48", "847976", "yourinfosolutions.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:10", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:48", "847978", "login.onemusic24.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:12", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:48", "847981", "zx.jacollans.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:11", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847942", "satorkar.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:02", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847943", "er.theinfoinc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:05", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847957", "realmacnow.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:07", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847958", "onemusicllc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:07", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847959", "ateliernow.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:07", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:47", "847960", "er.dropklant.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:07", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:46", "847929", "sprinthunter.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:52", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:46", "847930", "newstamagavk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:52", "100", "False", "", "None", "0", "_ik_" "2022-09-05 19:10:46", "847934", "www.onestepstar.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:00", "100", "False", "", "None", "0", "_ik_" "2022-08-31 18:29:19", "847028", "barabezo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:53", "100", "False", "https://bazaar.abuse.ch/sample/08ec3f13e8637a08dd763af6ccb46ff8516bc46efaacb1e5f052ada634a90c0e/", "CobaltStrike", "0", "abuse_ch" "2022-08-31 16:32:01", "847018", "alojun.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:51", "100", "False", "", "None", "0", "_ik_" "2022-08-31 16:32:01", "847019", "asdder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:51", "100", "False", "", "None", "0", "_ik_" "2022-08-31 16:32:01", "847020", "www.zominoz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:53", "100", "False", "", "None", "0", "_ik_" "2022-08-30 06:22:11", "846258", "jevomukif.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:02", "100", "False", "https://raw.githubusercontent.com/pan-unit42/tweets/master/2022-08-29-IOCs-for-Monster-Libra-TA551-IcedID-with-Cobalt-Stike.txt", "CobaltStrike", "0", "abuse_ch" "2022-08-20 06:53:07", "844214", "msdnupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:01", "100", "False", "", "CobaltStrike", "0", "abuse_ch" "2022-08-20 06:53:07", "844215", "msdupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:03", "100", "False", "", "CobaltStrike", "0", "abuse_ch" "2022-08-18 12:15:06", "843958", "caxoxc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:04", "100", "False", "", "CobaltStrike", "0", "abuse_ch" "2022-08-16 11:38:21", "843546", "47.108.180.121:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:56", "100", "False", "None", "CobaltStrike,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2022-08-11 06:03:19", "842464", "jahojahi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:53", "100", "False", "https://raw.githubusercontent.com/pan-unit42/tweets/master/2022-08-10-IOCs-for-IcedID-and-Cobalt-Strike.txt", "CobaltStrike", "0", "abuse_ch" "2022-08-08 10:46:43", "842023", "175.178.36.137:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-17 18:00:20", "100", "False", "None", "CobaltStrike,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2022-08-06 07:00:06", "841613", "zambeziz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:05", "100", "False", "", "CobaltSrike", "0", "abuse_ch" "2022-07-27 08:49:04", "839793", "zuyonijobo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:06", "100", "False", "https://isc.sans.edu/diary/28884", "Cobalt Strike", "0", "abuse_ch" "2022-07-06 05:36:04", "802793", "digerm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:08", "100", "False", "", "None", "0", "abuse_ch" "2022-07-05 05:12:06", "796822", "chitozx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:08", "100", "False", "", "None", "0", "abuse_ch" "2022-07-02 13:06:49", "750750", "42.192.21.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:01:48", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2022-06-28 08:57:21", "730561", "18.117.254.165:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:22", "100", "False", "None", "Amazon.com Inc.,CobaltStrike", "0", "drb_ra" "2022-06-26 10:56:33", "729038", "blinkinuf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:09", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-26 10:56:32", "729037", "malrok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:09", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 17:11:58", "720823", "trumpiko.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:10", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 17:11:58", "720824", "freygor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:09", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 17:11:58", "720826", "sinjoan.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:13", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 17:11:58", "720827", "afluix.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:13", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:20", "720273", "www.edge-chrome.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:32", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:20", "720276", "www.hellomrsone.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:48", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:19", "720260", "we.topsmartservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:15", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:19", "720263", "wpsserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:17", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:18", "720248", "thedaily-news.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:14", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:17", "720239", "sevenhungredbucks.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:11", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:17", "720241", "snccoupr-int.cf", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:11", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:17", "720247", "telembank.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:32", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:16", "720230", "ppew.au", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:29", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:16", "720231", "pretunz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:14", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:16", "720236", "rss.top-business-blog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:15", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:16", "720237", "scarfaceserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:13", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:15", "720226", "outlet-studio.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:12", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:14", "720208", "js.msedgeupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:58", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720198", "harborfreight.delivery", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:46", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720201", "hityok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:15", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720203", "jiguz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:13", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720204", "jijuanjo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:11", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720206", "jqueryupdatenow.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:13", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:13", "720207", "jqueryupneed.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:14", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:12", "720188", "fifacud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:12", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:12", "720189", "filaspo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:15", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:12", "720193", "gasienda.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:16", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:11", "720185", "dreamkoks.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:11", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:54:10", "720176", "democrazzy.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:00", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:31", "720156", "cloud.sovarermscloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:16", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:28", "720136", "backupcreds.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:17", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:28", "720140", "biohazzzard.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:15", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:28", "720141", "bksfinance.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:34", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:28", "720143", "boronab.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:13", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:27", "720132", "araizx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:10", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-23 10:53:27", "720133", "arminext.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:15", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-06-22 18:35:13", "719898", "aginij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:11", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-05-19 18:01:58", "606362", "criobob.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:17", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1" "2022-05-19 18:01:58", "606363", "prozakx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:16", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1" "2022-05-19 18:01:58", "606364", "terroklo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:16", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1" "2022-05-19 18:01:57", "606360", "microdozz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:16", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1" "2022-05-10 18:53:07", "549372", "us189-hpgsgae5dva9fzch.z01.azurefd.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:28", "75", "False", "None", "cobaltstrike,threatview.io", "0", "Malwar3Ninja" "2022-05-08 16:20:03", "548951", "artidomain.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:20", "100", "False", "https://twitter.com/ian_kenefick/status/1523288477559062529", "Cobalt Strike", "0", "abuse_ch" "2022-04-30 19:45:18", "544836", "116.62.185.223:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:21", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" "2022-04-29 19:30:18", "540702", "165.227.180.6:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:26", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-04-25 12:31:07", "532916", "120.26.240.21:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:31", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" "2022-04-23 16:42:50", "530098", "193.29.13.216:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:32", "100", "False", "None", "***************************************,CobaltStrike", "0", "drb_ra" "2022-04-21 16:54:57", "523516", "45.8.158.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:21", "100", "False", "None", "ASBAXETN,CobaltStrike", "0", "drb_ra" "2022-04-19 13:44:33", "521565", "115.29.171.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:30", "100", "False", "None", "CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" "2022-04-18 18:01:52", "521083", "84.32.188.190:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:20", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-04-15 22:57:51", "520317", "137.184.42.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:28", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-04-14 16:59:25", "519914", "84.32.188.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:22", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra" "2022-04-14 10:30:57", "519792", "furfen.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:19", "100", "False", "None", "BumbleBee,Cobalt Strike", "0", "abuse_ch" "2022-04-13 16:57:52", "519116", "175.41.21.29:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:25", "100", "False", "None", "CobaltStrike,XLC-AS-AP XLC GLOBAL", "0", "drb_ra" "2022-04-12 16:50:58", "518853", "175.41.16.98:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:31", "100", "False", "None", "CobaltStrike,XLC-AS-AP XLC GLOBAL", "0", "drb_ra" "2022-04-10 17:05:31", "518404", "138.68.110.227:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:26", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-04-06 22:59:35", "516676", "13.55.118.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:22", "100", "False", "None", "AMAZON-02,CobaltStrike", "0", "drb_ra" "2022-04-05 22:55:20", "493695", "185.186.143.111:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:21", "100", "False", "None", "ASKONTEL,CobaltStrike", "0", "drb_ra" "2022-04-05 16:53:16", "492845", "194.37.97.153:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:48", "100", "False", "None", "CobaltStrike,M247 Ltd", "0", "drb_ra" "2022-03-30 09:51:36", "466600", "blopik.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:34", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-29 08:36:59", "461231", "borizhog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:34", "100", "False", "None", "None", "0", "stoerchl" "2022-03-24 22:55:12", "448027", "37.72.172.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:23", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra" "2022-03-24 10:56:07", "446029", "1.14.76.111:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:27", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2022-03-23 20:44:05", "443786", "139.60.160.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:24", "100", "False", "None", "CobaltStrike,HOSTKEY-USA", "0", "drb_ra" "2022-03-23 16:44:21", "443190", "apeduze.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:19", "100", "False", "None", "None", "0", "stoerchl" "2022-03-22 10:51:28", "438442", "drimzis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:39", "100", "False", "None", "None", "0", "stoerchl" "2022-03-22 10:51:28", "438443", "blinkij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:33", "100", "False", "None", "None", "0", "stoerchl" "2022-03-17 22:47:07", "398650", "152.136.178.142:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:32", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2022-03-17 12:19:46", "396104", "dunclikf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:41", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-10 15:29:52", "393426", "sifgu.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:33", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:52", "393427", "gfsert.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:34", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:52", "393429", "shizij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:41", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:52", "393430", "zxerm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:41", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:52", "393431", "korunder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:41", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:51", "393424", "chesft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:39", "100", "False", "None", "None", "0", "stoerchl" "2022-03-10 15:29:51", "393425", "uktyl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:33", "100", "False", "None", "None", "0", "stoerchl" "2022-03-09 17:18:35", "393312", "defenr.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:39", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-09 17:18:35", "393313", "fedij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:40", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-09 17:18:35", "393314", "kejimn.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:40", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-09 17:18:34", "393311", "brikeb.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:39", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-08 17:09:32", "393046", "kapuleti.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:40", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-06 16:43:33", "392705", "45.12.1.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:29", "100", "False", "None", "CobaltStrike,YURTEH-AS", "0", "drb_ra" "2022-03-05 16:45:53", "392630", "45.12.1.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:21", "100", "False", "None", "CobaltStrike,YURTEH-AS", "0", "drb_ra" "2022-03-05 16:43:28", "392595", "45.12.1.26:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:21", "100", "False", "None", "CLOUDNETWORKS-AS,CobaltStrike", "0", "drb_ra" "2022-03-01 07:06:28", "391528", "defegh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:40", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-01 07:06:28", "391530", "klycnmik.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:40", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-03-01 07:06:28", "391531", "ngrety.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:41", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch" "2022-02-27 06:03:58", "391111", "lifegothistory.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:42", "100", "False", "https://twitter.com/1ZRR4H/status/1497771037718724612", "Cobalt Strike", "0", "abuse_ch" "2022-02-22 16:44:41", "390123", "192.241.133.130:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:37", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-22 16:42:29", "390104", "159.65.246.188:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:37", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:58:18", "389873", "68.183.200.63:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:36", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:57:13", "389866", "138.68.227.71:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:36", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:56:32", "389865", "165.227.219.211:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:36", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:55:44", "389864", "165.232.154.73:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:37", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:54:53", "389861", "143.198.110.248:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:35", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:54:15", "389860", "178.128.171.206:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:38", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:53:10", "389853", "165.227.23.218:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:35", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:52:19", "389850", "161.35.137.163:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:37", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-21 16:51:26", "389847", "64.227.0.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:37", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-20 16:42:59", "389656", "45.55.36.143:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:36", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra" "2022-02-09 22:36:37", "384626", "168.61.180.98:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:49", "100", "False", "None", "CobaltStrike,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra" "2022-02-01 10:45:03", "373668", "bornometa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:44", "100", "False", "https://twitter.com/1ZRR4H/status/1488311508652204037", "Cobalt Strike", "0", "abuse_ch" "2022-02-01 10:45:03", "373671", "jenevabaiden.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:50", "100", "False", "https://twitter.com/1ZRR4H/status/1488311508652204037", "Cobalt Strike", "0", "abuse_ch" "2022-02-01 10:45:03", "373673", "sbronm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:44", "100", "False", "https://twitter.com/1ZRR4H/status/1488311508652204037", "Cobalt Strike", "0", "abuse_ch" "2022-01-29 22:33:30", "362296", "101.34.182.130:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:31", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2022-01-25 22:30:16", "332687", "192.227.155.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:24", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike", "0", "drb_ra" "2022-01-25 22:29:00", "332653", "146.70.29.233:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:24", "100", "False", "None", "CobaltStrike,M247", "0", "drb_ra" "2022-01-22 22:25:42", "313943", "107.172.219.129:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:25", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike", "0", "drb_ra" "2022-01-18 22:32:52", "299262", "193.201.9.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:49", "100", "False", "None", "CobaltStrike,SELECTEL", "0", "drb_ra" "2022-01-18 13:51:16", "298501", "citrixseruritys.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:47", "100", "False", "https://twitter.com/MichalKoczwara/status/1483137082465865729", "Cobalt Strike", "0", "abuse_ch" "2022-01-18 13:51:16", "298505", "milanvar.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:50", "100", "False", "https://twitter.com/MichalKoczwara/status/1483137082465865729", "Cobalt Strike", "0", "abuse_ch" "2022-01-15 22:26:20", "295525", "23.227.198.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:48", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra" "2022-01-15 10:32:22", "295436", "217.79.243.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:48", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra" "2022-01-14 22:28:25", "295353", "149.255.35.131:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:49", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra" "2022-01-13 22:28:33", "294999", "81.68.225.136:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:23", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2022-01-10 16:24:49", "292303", "39.98.48.153:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:00:18", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" "2022-01-07 10:30:52", "291740", "39.104.25.164:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:28", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" "2021-12-16 10:42:30", "276593", "77.83.36.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:30", "100", "False", "None", "CobaltStrike,ISI-ASN", "0", "drb_ra" "2021-12-13 10:06:28", "275144", "101.32.204.81:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:30", "100", "False", "None", "CobaltStrike,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2021-11-22 16:01:01", "252110", "62.113.255.12:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:26", "100", "False", "None", "CobaltStrike,TTM", "0", "drb_ra" "2021-11-04 17:48:48", "242948", "107.173.89.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:28", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike", "0", "drb_ra" "2021-10-31 17:43:37", "240983", "104.128.92.144:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:49", "100", "False", "None", "CobaltStrike,IT7NET", "0", "drb_ra" "2021-10-27 09:58:20", "238207", "fivepointschiro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:44", "100", "False", "https://twitter.com/mojoesec/status/1453040284686770185", "CobaltStrike", "0", "abuse_ch" "2021-10-22 12:07:15", "236436", "111.230.196.200:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:27", "100", "False", "None", "CobaltStrike", "0", "drb_ra" "2021-10-13 17:43:22", "233476", "23.224.152.139:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:24", "100", "False", "None", "CNSERVERS,CobaltStrike", "0", "drb_ra" "2021-10-11 23:27:10", "232821", "139.198.183.44:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:26", "100", "False", "None", "CobaltStrike,YUNIFY-NET Yunify Technologies Inc.", "0", "drb_ra" "2021-10-09 23:36:53", "232263", "121.37.255.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:31", "100", "False", "None", "CobaltStrike,HWCSNET Huawei Cloud Service data center", "0", "drb_ra" "2021-09-18 17:39:24", "223357", "47.95.207.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-18 13:02:29", "100", "False", "None", "CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra" # Number of entries: 3182