################################################################
# ThreatFox IOCs: recent additions - CSV format                #
# Last updated: 2026-06-09 05:55:54 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter"
"2026-06-09 05:55:54", "1825346", "nkfjdum.pasoor11.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 05:55:01", "1825345", "hxmhpw.pishbinibet.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 05:55:09", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 05:53:16", "1825344", "sfdwdmq.mangobetfarsi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 05:52:07", "1825343", "moisca.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-06-09 05:49:37", "1825342", "carogra.biz", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-06-09 05:42:55", "1825341", "brazpi.shop", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-06-09 05:42:54", "1825337", "godsblueprintforyourmarriage.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-06-09 05:42:54", "1825338", "lmc014command.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-06-09 05:42:54", "1825339", "gohan-suki.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-06-09 05:42:54", "1825340", "eurogulf-group.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-06-09 05:39:03", "1825336", "154.29.73.187:56523", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/25f76ee983f1db74229321e36a62323007d5777c1cfd9350c80b58aef874355c/", "Mirai", "0", "abuse_ch"
"2026-06-09 05:27:50", "1825335", "http://kidos-bank.ru/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "", "100", "False", "https://bazaar.abuse.ch/sample/5f34e1af5ffacee0810fa07121f09769d796e619e868aa20b317dbc9d72578b4/", "Berbew", "0", "abuse_ch"
"2026-06-09 05:27:49", "1825334", "http://kaspersky.ru/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "", "100", "False", "https://bazaar.abuse.ch/sample/5f34e1af5ffacee0810fa07121f09769d796e619e868aa20b317dbc9d72578b4/", "Berbew", "0", "abuse_ch"
"2026-06-09 05:27:48", "1825332", "http://parex-bank.ru/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "", "100", "False", "https://bazaar.abuse.ch/sample/5f34e1af5ffacee0810fa07121f09769d796e619e868aa20b317dbc9d72578b4/", "Berbew", "0", "abuse_ch"
"2026-06-09 05:27:48", "1825333", "http://gaz-prom.ru/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "", "100", "False", "https://bazaar.abuse.ch/sample/5f34e1af5ffacee0810fa07121f09769d796e619e868aa20b317dbc9d72578b4/", "Berbew", "0", "abuse_ch"
"2026-06-09 05:27:47", "1825329", "http://color-bank.ru/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "", "100", "False", "https://bazaar.abuse.ch/sample/5f34e1af5ffacee0810fa07121f09769d796e619e868aa20b317dbc9d72578b4/", "Berbew", "0", "abuse_ch"
"2026-06-09 05:27:47", "1825330", "http://adult-empire.com/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "", "100", "False", "https://bazaar.abuse.ch/sample/5f34e1af5ffacee0810fa07121f09769d796e619e868aa20b317dbc9d72578b4/", "Berbew", "0", "abuse_ch"
"2026-06-09 05:27:47", "1825331", "http://virus-list.com/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "", "100", "False", "https://bazaar.abuse.ch/sample/5f34e1af5ffacee0810fa07121f09769d796e619e868aa20b317dbc9d72578b4/", "Berbew", "0", "abuse_ch"
"2026-06-09 05:27:46", "1825328", "http://kaspersky.ru/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "", "100", "False", "https://bazaar.abuse.ch/sample/5f34e1af5ffacee0810fa07121f09769d796e619e868aa20b317dbc9d72578b4/", "Berbew", "0", "abuse_ch"
"2026-06-09 05:27:45", "1825326", "http://ros-neftbank.ru/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "", "100", "False", "https://bazaar.abuse.ch/sample/5f34e1af5ffacee0810fa07121f09769d796e619e868aa20b317dbc9d72578b4/", "Berbew", "0", "abuse_ch"
"2026-06-09 05:27:45", "1825327", "http://master-x.com/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "", "100", "False", "https://bazaar.abuse.ch/sample/5f34e1af5ffacee0810fa07121f09769d796e619e868aa20b317dbc9d72578b4/", "Berbew", "0", "abuse_ch"
"2026-06-09 05:25:48", "1825325", "ojnkoxdg.pokerbazi.poker", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-09 05:25:14", "1825324", "pokerbazi.poker", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 05:25:19", "100", "False", "None", "9June2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm"
"2026-06-09 05:24:33", "1825323", "83.168.110.191:1336", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/e7c299e0cc1dddaddae30572983c0d1fdf3b1b9f4fba6d8ad3d46299038d2405/", "Mirai", "0", "abuse_ch"
"2026-06-09 05:18:38", "1825322", "hnainyw.ninjafruitcubes.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 05:11:30", "1825244", "alpinecamping.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:30", "1825245", "anascopr.net", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:29", "1825246", "associationaudrey.fr", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:28", "1825247", "attyx.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:28", "1825248", "blossomforth13.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:27", "1825249", "cnefa-dz.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:26", "1825250", "dbdideasturisticas.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:25", "1825251", "donnasalado.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:25", "1825252", "doorsec-dubai.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:24", "1825253", "drelectricia.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:23", "1825254", "elledisistemi.it", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:22", "1825255", "extrasegovia.es", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:22", "1825256", "homeenergyremodeling.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:12", "1825257", "jeffreykamenarchitect.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:12", "1825258", "noscalpelvasectomy.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:11", "1825259", "osteoporoza.si", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:10", "1825260", "raicesconsultoria.cl", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:10", "1825261", "realsproject.org", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:09", "1825262", "santacruzwebdesign.co", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:07", "1825263", "sharonneedles.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:06", "1825264", "soundsnatural.co.za", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:06", "1825265", "swojem.pl", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:05", "1825266", "thellio.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:04", "1825267", "theshipsproject.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:04", "1825268", "upstarthr.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:03", "1825269", "vitolilandscapedesign.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:02", "1825270", "wholefoodplantbasedrd.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "compromised,etherhiding,Polygon,WordPress", "0", "varysz"
"2026-06-09 05:11:01", "1825293", "8.219.158.30:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "None", "45102,c2,censys,cobalt strike", "0", "sojubear"
"2026-06-09 05:11:00", "1825294", "196.75.218.37:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "50", "False", "None", "36903,c2,censys,metasploit", "0", "sojubear"
"2026-06-09 05:11:00", "1825316", "19678a2d474affb5164942a842488275dafc988bab2e5918e38422f152ecc66b", "sha256_hash", "payload", "js.clearfake", "None", "ClearFake", "", "75", "False", "https://www.virustotal.com/gui/file/19678a2d474affb5164942a842488275dafc988bab2e5918e38422f152ecc66b", "ClearFake,ClickFix,loader,rundll32,WebDAV", "0", "Lenny3BO"
"2026-06-09 05:10:59", "1825317", "https://flzocge.penality.bet/083442ba-5bf1-4cc5-8440-04740f3ca9be/", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "75", "False", "https://www.virustotal.com/gui/domain/penality.bet", "ClearFake,ClickFix,rundll32,WebDAV", "0", "Lenny3BO"
"2026-06-09 05:10:58", "1825318", "flzocge.penality.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "75", "False", "https://www.virustotal.com/gui/domain/penality.bet", "ClearFake,ClickFix,rundll32,WebDAV", "0", "Lenny3BO"
"2026-06-09 05:10:57", "1825321", "194.38.138.155:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "94", "False", "None", "c2,erebus-wraith,nation-state-hunter,t1059_003,t1071_001", "0", "Erebu"
"2026-06-09 05:10:54", "1825243", "192.3.176.232:4099", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://x.com/skocherhan/status/2064097690796032054", "None", "0", "skocherhan"
"2026-06-09 05:10:52", "1825237", "webflare.beer", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-09 05:10:51", "1825238", "berlof.shop", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-09 05:10:50", "1825239", "firazit.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-09 05:10:49", "1825240", "macerapindasi.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-09 05:10:48", "1825241", "servupdt.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-09 04:43:00", "1825320", "kodhfeq.one1xbet.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 04:04:10", "1825319", "wsiflnb.persian.sex", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 03:54:49", "1825315", "mnnwpo.jamjahani2026.football", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 03:24:29", "1825314", "jjcuameq.parspoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-09 03:24:14", "1825313", "rgcecjho.parspoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-09 03:21:31", "1825312", "scsadmm.penaltibazi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 03:15:02", "1825311", "aoeseeuk.winpars.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-09 03:14:27", "1825310", "winpars.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 03:14:32", "100", "False", "None", "9June2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm"
"2026-06-09 02:47:05", "1825309", "gialird.pishbini11.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 02:45:24", "1825308", "120.55.246.213:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:00", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-09 02:42:08", "1825307", "pishbini11.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 02:42:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-09 02:04:32", "1825306", "byiuatd.pinnaclebetting.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 02:03:43", "1825305", "pinnaclebetting.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 02:04:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-09 02:00:22", "1825304", "85.209.48.248:8443", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-09 01:57:08", "1825303", "naszmks.pinbahiis.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 01:56:16", "1825302", "pinbahiis.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 01:56:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-09 01:54:39", "1825301", "xgcstm.yasbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 01:45:25", "1825300", "lokino.perfectgameiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 01:30:30", "1825299", "www.yuzuapp.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5e3fd59a5159950b9937ec591ded56b5b76ce9d6c4be220d75f93f53f6547fab/", "nanocore", "0", "abuse_ch"
"2026-06-09 01:24:45", "1825298", "q62sm4y0.parsgoal90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-09 01:23:42", "1825297", "uszq523p.parsgoal90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-09 01:22:57", "1825296", "x8igi8bm.yektbet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-09 01:22:37", "1825295", "plyxcbx.wrfc8.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 00:39:40", "1825292", "pblgwhm.x50wheel.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-09 00:05:52", "1825291", "oknmhjx.xenicalby6.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 23:48:48", "1825290", "nnwhxh.pik.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 23:45:33", "1825289", "149.88.66.234:20050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-08 23:43:56", "1825288", "pik.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 23:44:01", "100", "False", "None", "8June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-08 23:35:13", "1825287", "deglis.perspolisbet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 23:34:24", "1825286", "perspolisbet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 23:34:29", "100", "False", "None", "8June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-08 23:24:45", "1825285", "akvljg.perspolisbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 23:23:56", "1825284", "nlwgc0c9.yekbetiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 23:22:58", "1825283", "frowben.yasbetapp.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 23:22:34", "1825282", "oxyna912.yekbetiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-08 23:14:13", "1825281", "gsoxdy.vezaratshart.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 23:07:58", "1825280", "pvvvvn.perfectgame.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 23:00:30", "1825277", "https://uru.fixsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:25:14", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-08 23:00:30", "1825278", "uru.firesupport.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:25:26", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-08 23:00:30", "1825279", "https://uru.firesupport.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:25:25", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-08 23:00:29", "1825276", "uru.fixsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:25:14", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-08 22:48:34", "1825275", "sewgqnm.winxbet.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 22:33:45", "1825274", "lohgcyy.winsportiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 22:15:36", "1825273", "e40nbbpq.winmastersbetiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 22:14:07", "1825272", "winmastersbetiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 22:14:12", "100", "False", "None", "8June2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm"
"2026-06-08 21:55:47", "1825271", "xeledkz.olabahiskayit.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 21:22:32", "1825242", "xf4v3zjk.parspoker.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 21:17:05", "1825236", "ngieimu.kvbel.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 21:07:43", "1825235", "zfomko.jamjahani.cash", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 21:00:13", "1825234", "182.255.82.121:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "True", "None", "havoc", "1", "_ik_"
"2026-06-08 20:42:40", "1825233", "rbbhubp.kbshavanese.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 20:00:21", "1825232", "74.48.202.123:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "True", "None", "havoc", "1", "_ik_"
"2026-06-08 20:00:20", "1825231", "74.48.202.123:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "True", "None", "havoc", "1", "_ik_"
"2026-06-08 20:00:19", "1825229", "103.51.147.252:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-08 20:00:19", "1825230", "111.119.234.82:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "True", "None", "supershell", "1", "_ik_"
"2026-06-08 20:00:00", "1825228", "ojpqxkm.one1x.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 19:43:41", "1825227", "182.23.2.163:12297", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-08 19:43:23", "1825226", "155.103.70.100:13407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:33", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-08 19:25:18", "1825224", "https://gts.firesupport.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 22:25:17", "75", "False", "None", "gr0u4,Vidar", "0", "abuse_ch"
"2026-06-08 19:25:18", "1825225", "gts.firesupport.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 22:25:17", "75", "False", "None", "gr0u4,Vidar", "0", "abuse_ch"
"2026-06-08 19:25:06", "1825223", "gts.fixsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 22:25:06", "75", "False", "None", "gr0u4,Vidar", "0", "abuse_ch"
"2026-06-08 19:25:05", "1825222", "https://gts.fixsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 22:25:06", "75", "False", "None", "gr0u4,Vidar", "0", "abuse_ch"
"2026-06-08 19:22:08", "1825221", "chzldmh3.parsbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 19:21:26", "1825220", "b8i7k0hi.parsbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-08 19:21:23", "1825219", "pbustxk.penalty.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 19:16:54", "1825217", "https://crystalforgeway.top/role/refresh-layout.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116716051239848581", "SmartApeSG", "0", "monitorsg"
"2026-06-08 19:16:53", "1825214", "https://crystalforgeway.top/role/role-view.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116716051239848581", "SmartApeSG", "0", "monitorsg"
"2026-06-08 19:16:52", "1825215", "crystalforgeway.top", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-06-08 19:06:51", "100", "True", "https://infosec.exchange/@monitorsg/116716051239848581", "SmartApeSG", "0", "monitorsg"
"2026-06-08 19:16:52", "1825216", "https://crystalforgeway.top/role/api-sessionstore", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116716051239848581", "SmartApeSG", "0", "monitorsg"
"2026-06-08 19:12:29", "1825218", "15.235.189.218:56001", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/4d23299c42ea2dfe54d8105b06c9519320c3c085c55f86c0c197e6709b7527b7/", "None", "0", "abuse_ch"
"2026-06-08 19:03:39", "1825213", "64.95.13.15:80", "ip:port", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "75", "False", "https://bazaar.abuse.ch/sample/3ba5e5ee550ae3c50554f30fc6a1feaad9b29073c851cad57fd4d2be2f0cedb6/", "KongTuke", "0", "abuse_ch"
"2026-06-08 19:03:08", "1825212", "hfpfhy7zytroclo.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3ba5e5ee550ae3c50554f30fc6a1feaad9b29073c851cad57fd4d2be2f0cedb6/", "KongTuke", "0", "abuse_ch"
"2026-06-08 19:01:07", "1825211", "20.81.43.36:1011", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/d9c239487fe177001eb83d8b750d78467205f7c20a2aef89ba23751990a1f892/", "PureLogsStealer", "0", "abuse_ch"
"2026-06-08 18:59:58", "1825210", "20.81.43.36:8030", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/e87a0653a3a7c7873fc2df76df0202b059d0ce3f945d887172d9bebf284abe2f/", "PureLogsStealer", "0", "abuse_ch"
"2026-06-08 18:59:12", "1825209", "webdot.ddns.net", "domain", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/e87a0653a3a7c7873fc2df76df0202b059d0ce3f945d887172d9bebf284abe2f/", "PureLogsStealer", "0", "abuse_ch"
"2026-06-08 18:58:48", "1825208", "pbtgvx.pablobet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 18:47:05", "1825207", "twvjaye.penalti.website", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 18:44:10", "1825206", "aencte.oxidbet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 18:39:25", "1825205", "zoasav.onlineshart.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 18:14:02", "1825189", "robodomain.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 18:07:12", "1825204", "zexrhdz.penaltibazi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 18:02:08", "1825203", "!k!.persianshart.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-08 18:02:00", "1825202", "persianshart.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 03:59:52", "100", "False", "None", "8June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-08 17:54:08", "1825192", "sirata.asia", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:08", "1825193", "sitepromclop.click", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:08", "1825194", "smackit.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:08", "1825195", "smesharik.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:08", "1825196", "spartanec.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:08", "1825197", "superpooper.click", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:08", "1825198", "webanalytics-cdn.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:08", "1825199", "whynotebanarot.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:08", "1825200", "yanepidor.mom", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:08", "1825201", "yoshicity.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825179", "myverifhouse.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825180", "myverifyblog.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825181", "nenadopapa.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825182", "peachbro.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825183", "pinokros.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825184", "pohuimne.lol", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825185", "ponikas.cyou", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825186", "pringlesbob.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825187", "productionmaza.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825188", "prokladka.lol", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825190", "sandman.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:07", "1825191", "sandman.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825166", "marmelad.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825167", "megamegalodon.click", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825168", "merindashop.cyou", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825169", "mexicodreams.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825170", "microblogver.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825171", "microchlen.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825172", "microloh.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825173", "milksos.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825174", "mnepohui.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825175", "mob.lanjut.in", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825176", "myblobtop.site", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825177", "mygoodblog.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:06", "1825178", "mygoodblog.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825154", "etomoe.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825155", "etomoidomen.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825156", "ganiballektor.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825157", "gdedengikarlos.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825158", "gdelogi.lol", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825159", "govnol.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825160", "gppcdnns.beer", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825161", "ivangay.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825162", "lenders.digital", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825163", "lizablud.shop", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825164", "mambet.lol", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:05", "1825165", "marinaradom.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825142", "biggestchlen.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825143", "biletors.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825144", "blobtop.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825145", "bobik.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825146", "bulletpop.cyou", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825147", "chinabowl.club", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825148", "chubrik.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825149", "cloudflare-check.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825150", "comicstar.lat", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825151", "corppop.shop", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825152", "cosmostars.shop", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:04", "1825153", "diddyparty.click", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:03", "1825134", "abrikos.xyz", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:03", "1825135", "anakondabob.club", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:03", "1825136", "ap7.supportly.au", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:03", "1825137", "arigatodomen.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:03", "1825138", "babybon.cfd", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:03", "1825139", "bearman.bond", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:03", "1825140", "bigbadwolf.click", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:54:03", "1825141", "biggestchlen.lol", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,etherhiding,Polygon", "0", "varysz"
"2026-06-08 17:24:33", "1825133", "ikbnssq.persian.sex", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 17:23:38", "1825132", "persian.sex", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 17:23:44", "100", "False", "None", "8June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-08 17:22:20", "1825131", "0fqk0ho2.mrbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 17:20:58", "1825130", "v6o8c9xi.mrbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-08 17:18:39", "1825098", "https://spaceco.com/ch", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116715111374957749", "SmartApeSG", "0", "monitorsg"
"2026-06-08 17:18:39", "1825099", "https://emberhorizon.top/role/role-view.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116715111374957749", "SmartApeSG", "0", "monitorsg"
"2026-06-08 17:18:39", "1825100", "emberhorizon.top", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-06-08 17:10:16", "100", "True", "https://infosec.exchange/@monitorsg/116715111374957749", "SmartApeSG", "0", "monitorsg"
"2026-06-08 17:18:38", "1825101", "https://emberhorizon.top/role/api-sessionstore", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-06-08 17:10:15", "100", "True", "https://infosec.exchange/@monitorsg/116715111374957749", "SmartApeSG", "0", "monitorsg"
"2026-06-08 17:18:38", "1825102", "https://emberhorizon.top/role/refresh-layout.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-06-08 17:10:16", "100", "True", "https://infosec.exchange/@monitorsg/116715111374957749", "SmartApeSG", "0", "monitorsg"
"2026-06-08 17:18:38", "1825103", "62.76.229.102:56782", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "90", "True", "https://www.virustotal.com/gui/file/e3300ce9dce0d41690e711b8ee3bb5498ccf25c68d4bafe35416a77a2d88cbd2", "ClearFake,ClickFix,CobaltStrike,HVNC,OutPack,RAT,Stealer,Tor", "0", "denkaj"
"2026-06-08 17:18:37", "1825104", "enterprise1.pages.dev", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "https://www.virustotal.com/gui/file/e3300ce9dce0d41690e711b8ee3bb5498ccf25c68d4bafe35416a77a2d88cbd2", "ClearFake,ClickFix,CobaltStrike,OutPack", "0", "denkaj"
"2026-06-08 17:18:37", "1825105", "endpoint.xsn10.com", "domain", "payload_delivery", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "True", "https://www.virustotal.com/gui/file/e3300ce9dce0d41690e711b8ee3bb5498ccf25c68d4bafe35416a77a2d88cbd2", "ClearFake,ClickFix,LOLBin", "0", "denkaj"
"2026-06-08 17:18:37", "1825106", "api.asn15.com", "domain", "payload_delivery", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "85", "True", "https://www.virustotal.com/gui/file/e3300ce9dce0d41690e711b8ee3bb5498ccf25c68d4bafe35416a77a2d88cbd2", "ClearFake,ClickFix,LOLBin", "0", "denkaj"
"2026-06-08 17:18:36", "1825107", "e3300ce9dce0d41690e711b8ee3bb5498ccf25c68d4bafe35416a77a2d88cbd2", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "https://www.virustotal.com/gui/file/e3300ce9dce0d41690e711b8ee3bb5498ccf25c68d4bafe35416a77a2d88cbd2", "CobaltStrike,HVNC,OutPack,RAT,Stealer", "0", "denkaj"
"2026-06-08 17:18:36", "1825108", "83a85d92277f0c762414e97f26538e4657f28a1cebe3e4f5d5d32e5ecf7b458a", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "https://www.virustotal.com/gui/file/e3300ce9dce0d41690e711b8ee3bb5498ccf25c68d4bafe35416a77a2d88cbd2", "CobaltStrike,HVNC,OutPack,RAT,Stealer", "0", "denkaj"
"2026-06-08 17:18:34", "1825109", "22wsnikmydlkyx4cwmiykxis7kjy4ugmlz453amazqhflwo3wjsz5tad.onion", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "90", "True", "https://www.virustotal.com/gui/file/e3300ce9dce0d41690e711b8ee3bb5498ccf25c68d4bafe35416a77a2d88cbd2", "CobaltStrike,OutPack,RAT,Tor", "0", "denkaj"
"2026-06-08 17:18:26", "1825123", "https://kevinfreels.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/kevinfreels.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 17:14:07", "1825129", "t748i6is.volleyball.vip", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 17:03:23", "1825128", "zebswzz.one1xbet.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 16:50:17", "1825127", "chinabowl.club", "domain", "payload_delivery", "unknown_webinject", "None", "Unknown Webinject", "", "100", "False", "", "ErrTraffic", "0", "Gi7w0rm"
"2026-06-08 16:49:25", "1825126", "lizablud.shop", "domain", "payload_delivery", "unknown_webinject", "None", "Unknown Webinject", "", "100", "False", "", "ErrTraffic", "0", "Gi7w0rm"
"2026-06-08 16:34:08", "1825125", "flnntj.persianabet.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 16:34:05", "1825124", "persianabet.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 16:34:10", "100", "False", "None", "8June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-08 16:26:49", "1825122", "idwpuur.ninjafruitcubes.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 16:25:18", "1825120", "https://sad.firesupport.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 18:25:18", "75", "False", "None", "gr0u4,Vidar", "0", "abuse_ch"
"2026-06-08 16:25:18", "1825121", "sad.firesupport.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 18:25:18", "75", "False", "None", "gr0u4,Vidar", "0", "abuse_ch"
"2026-06-08 16:25:06", "1825118", "https://sad.fixsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 18:25:07", "75", "False", "None", "gr0u4,Vidar", "0", "abuse_ch"
"2026-06-08 16:25:06", "1825119", "sad.fixsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 18:25:07", "75", "False", "None", "gr0u4,Vidar", "0", "abuse_ch"
"2026-06-08 16:24:23", "1825117", "hfgzvf.perfectgameiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 16:24:16", "1825116", "perfectgameiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 01:44:59", "100", "False", "None", "8June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-08 16:23:16", "1825115", "syheuby.mangobetfarsi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 15:45:30", "1825114", "qcqsin.yasbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 15:45:10", "1825113", "vvpfsda.pasoor11.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 15:20:52", "1825112", "e20yl90d.parsgoal90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 15:20:23", "1825111", "iebtnuo1.parsgoal90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-08 15:20:00", "1825110", "zjuflao.pasur21.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 14:50:50", "1825097", "souljaboynft.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/574b156255a61da989d89c6f4c6ccbaf33921c4aba9a92fbcff5de054b437e1c/", "nanocore", "0", "abuse_ch"
"2026-06-08 14:43:30", "1824982", "https://tknmetal.net/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/tknmetal.net", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:43:29", "1824983", "https://victormeloadvogado.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/victormeloadvogado.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:43:28", "1824984", "https://oficialwebsitepromotion.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/oficialwebsitepromotion.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:43:28", "1824985", "https://www.jkbuildersg.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.jkbuildersg.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:43:27", "1824986", "https://www.kevinfreels.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.kevinfreels.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:43:27", "1824987", "https://ireflect.net/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/ireflect.net", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:43:26", "1824988", "https://www.iconlng.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.iconlng.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:42:36", "1825035", "https://www.danielediana.it/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.danielediana.it", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:42:35", "1825036", "https://developmental-twins.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/developmental-twins.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:42:35", "1825037", "https://www.ciberci.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.ciberci.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:42:34", "1825039", "https://www.argirisangelopoulos.gr/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.argirisangelopoulos.gr", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:42:33", "1825038", "https://buktijpmaluku.info/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/buktijpmaluku.info", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:42:33", "1825040", "https://andreawirsum.com/de/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/andreawirsum.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:42:32", "1825047", "00000l.nvms9000.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 14:42:31", "1825041", "https://www.altecva.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.altecva.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:42:30", "1825044", "horizon.nvms9000updates.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 14:42:30", "1825045", "000.nvms9000.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 14:42:29", "1825046", "0000.nvms9000.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 14:42:28", "1825048", "000.hikvision-cctv.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 14:42:28", "1825049", "0000.hikvision-cctv.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 14:42:27", "1825050", "00000.hikvision-cctv.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 14:42:27", "1825051", "0000g7bd7.hikvision-cctv.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 14:42:26", "1825052", "botdealers.st", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 14:42:26", "1825053", "kys.botdealers.st", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 14:42:24", "1825060", "62.171.142.134:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "85", "False", "https://twitter.com/NullBlue67", "module-load,muhstik,redis", "0", "nullblue67"
"2026-06-08 14:42:23", "1825061", "47.253.94.140:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "docker-api,Redtail", "0", "nullblue67"
"2026-06-08 14:42:23", "1825062", "45.238.101.91:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "docker-api,Redtail", "0", "nullblue67"
"2026-06-08 14:42:23", "1825063", "189.51.43.54:80", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "libredtail-http,redtail", "0", "nullblue67"
"2026-06-08 14:42:22", "1825064", "167.126.6.183:80", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "libredtail-http,redtail", "0", "nullblue67"
"2026-06-08 14:42:21", "1825076", "https://wowlowski.icu/api/v1/verify", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-08 14:08:21", "100", "True", "https://infosec.exchange/@monitorsg/116714637080616171", "KongTuke", "0", "monitorsg"
"2026-06-08 14:42:20", "1825073", "https://wowlowski.icu/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-08 14:08:18", "100", "True", "https://infosec.exchange/@monitorsg/116714637080616171", "KongTuke", "0", "monitorsg"
"2026-06-08 14:42:19", "1825074", "wowlowski.icu", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-08 14:08:19", "100", "True", "https://infosec.exchange/@monitorsg/116714637080616171", "KongTuke", "0", "monitorsg"
"2026-06-08 14:42:18", "1825075", "https://wowlowski.icu/api/v1/session", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-08 14:08:20", "100", "True", "https://infosec.exchange/@monitorsg/116714637080616171", "KongTuke", "0", "monitorsg"
"2026-06-08 14:42:17", "1825077", "https://wowlowski.icu/api/v1/status", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-08 14:08:22", "100", "True", "https://infosec.exchange/@monitorsg/116714637080616171", "KongTuke", "0", "monitorsg"
"2026-06-08 14:42:16", "1825078", "https://aura-checkpoint.top/o", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-08 14:08:23", "100", "True", "https://infosec.exchange/@monitorsg/116714637080616171", "KongTuke", "0", "monitorsg"
"2026-06-08 14:42:16", "1825079", "aura-checkpoint.top", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-08 14:08:23", "100", "True", "https://infosec.exchange/@monitorsg/116714637080616171", "KongTuke", "0", "monitorsg"
"2026-06-08 14:42:15", "1825085", "app-front.anmaradigital.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "None", "SocGholish", "0", "monitorsg"
"2026-06-08 14:42:15", "1825094", "https://jkylenewton.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/jkylenewton.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 14:37:08", "1825096", "fporlgd.penality.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 14:35:51", "1825095", "107.175.148.82:3001", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/1c31cb888b12ea6f8ff24ef41df360bcdaaa148a2c0fffc6f53928a5cf6a1d4e/", "remcos", "0", "abuse_ch"
"2026-06-08 14:00:20", "1825093", "154.23.189.122:14782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "True", "None", "quasarrat", "1", "_ik_"
"2026-06-08 14:00:19", "1825092", "130.12.180.36:22", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "True", "None", "asyncrat", "1", "_ik_"
"2026-06-08 13:59:17", "1825091", "vdchddh.penaltibazi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 13:47:13", "1825090", "xhfecr.jamjahani2026.football", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 13:35:40", "1825089", "88aavn.one", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/42096c25d984649b38930437d79ed3bcb3bf8e2e52aea01578fac943b793eafa/", "nanocore", "0", "abuse_ch"
"2026-06-08 13:34:19", "1825088", "jwfckz.onlineshart.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 13:30:46", "1825087", "hexbear.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/129426e16332e5dd7f5fde56cb1c5e73666fcd4f629219effc16102cc7c083ec/", "nanocore", "0", "abuse_ch"
"2026-06-08 13:28:27", "1825086", "oczvda.oxidbet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 13:20:47", "1825084", "jjgnawd.penalti.website", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 13:20:46", "1825083", "te3znaut.parspoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 13:20:37", "1825082", "hknnbq.pablobet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 13:19:51", "1825081", "x3v1t7wb.parspoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-08 13:19:45", "1825080", "g1rxiw6o.parspoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-08 13:05:52", "1825072", "104.239.66.136:2017", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/2a9533cae947e4232cc85dc368109d52c69a3b8e43e8667872671da34052304b/", "xworm", "0", "abuse_ch"
"2026-06-08 12:05:52", "1825070", "007c16460b4b540cdbdb2488eb9be57baed53a31f2544bda86e3d21fb5e019ff", "sha256_hash", "payload", "unknown_rat", "None", "Unknown RAT", "", "50", "False", "", "None", "0", "TomU"
"2026-06-08 12:05:52", "1825071", "ac2248d66cadf6597f428cde47f98c1adbb382da0473cceca632dec08ecf3e06", "sha256_hash", "payload", "unknown_rat", "None", "Unknown RAT", "", "50", "False", "", "None", "0", "TomU"
"2026-06-08 12:04:53", "1825069", "https://vrdccbank.com/Doppee12.exe", "url", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "None", "0", "TomU"
"2026-06-08 12:00:48", "1825068", "h0t75jy5.betgopro.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 12:00:37", "1825067", "193.93.193.93:8822", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "None", "0", "TomU"
"2026-06-08 11:50:28", "1825066", "zrqkapj.one1x.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 11:45:41", "1825065", "106.14.116.17:19443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-08 11:15:49", "1825059", "fhvteyb.kbshavanese.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 11:00:18", "1825058", "117.72.115.168:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-08 11:00:17", "1825057", "117.72.115.168:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-08 11:00:16", "1825056", "117.72.115.168:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-08 11:00:14", "1825055", "45.61.163.145:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-08 10:55:15", "1825054", "cebsrg.jamjahani.football", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 10:32:48", "1825043", "hjwaxur.kvbel.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 10:32:36", "1825042", "gwu729hw.parspoker.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 10:06:09", "1824989", "168.222.97.59:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/c3f65d466953c1c9fff63cf8f450926b25c623a63404552e833f9c399a11907b/", "remcos", "0", "abuse_ch"
"2026-06-08 10:00:20", "1824980", "45.61.163.145:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-08 10:00:20", "1824981", "45.61.163.145:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-08 10:00:19", "1824978", "63.250.47.156:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "True", "None", "havoc", "1", "_ik_"
"2026-06-08 10:00:19", "1824979", "118.107.1.135:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "True", "None", "dcrat", "1", "_ik_"
"2026-06-08 09:55:47", "1824977", "84.38.129.122:443", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/c9e92d24fefd87f1817428ceb56e175ddcf19ecd96d80418824a553588aa6067/", "xworm", "0", "abuse_ch"
"2026-06-08 09:55:43", "1824976", "192.3.45.8:5000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/6525f806b4c8405e1e3d0f275e06b12b2710ea562966fe3b8092913d4d3340eb/", "remcos", "0", "abuse_ch"
"2026-06-08 09:54:49", "1824975", "inmjycz.olabahiskayit.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 09:52:33", "1824967", "135.181.224.79:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "50", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:33", "1824968", "65.21.96.131:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "50", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:33", "1824969", "135.181.224.77:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "50", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:33", "1824970", "135.181.224.75:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "50", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:33", "1824971", "178.105.231.90:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "50", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:33", "1824972", "135.181.224.73:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "50", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:33", "1824973", "135.181.224.76:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "50", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:33", "1824974", "135.181.224.74:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "50", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:09", "1824960", "reg.turbo88op.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:09", "1824961", "lla.firesupport.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 15:25:20", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:09", "1824962", "fhe.firesupport.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:09", "1824963", "pas.firesupport.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:09", "1824964", "lla.fixsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 15:25:09", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:09", "1824965", "fhe.fixsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:52:09", "1824966", "pas.fixsm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:52", "1824957", "https://135.181.224.73/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:52", "1824958", "https://135.181.224.76/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:52", "1824959", "https://135.181.224.74/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:51", "1824951", "https://pas.fixsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:51", "1824952", "https://135.181.224.79/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:51", "1824953", "https://65.21.96.131/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:51", "1824954", "https://135.181.224.77/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:51", "1824955", "https://135.181.224.75/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:51", "1824956", "https://178.105.231.90/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:50", "1824944", "https://telegram.me/d77xtr", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:50", "1824945", "https://reg.turbo88op.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:50", "1824946", "https://lla.firesupport.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 15:25:20", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:50", "1824947", "https://fhe.firesupport.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:50", "1824948", "https://pas.firesupport.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:50", "1824949", "https://lla.fixsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 15:25:09", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:50", "1824950", "https://fhe.fixsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:51:49", "1824943", "https://steamcommunity.com/profiles/76561198694566254", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-08 09:50:41", "1824942", "107.175.179.48:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/e7cab9dd131c09bcc45b18e2607c1f1697c5ed798e7b44f313396a5ac68aadf0/", "remcos", "0", "abuse_ch"
"2026-06-08 09:45:54", "1824935", "hakdsiwqs281ks.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:54", "1824936", "teraview.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:54", "1824937", "photforhotel.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:54", "1824938", "photo-26656.cfd", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:54", "1824939", "dsjkaksfks324das.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:54", "1824940", "photo-26653.cfd", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:54", "1824941", "photo-26652.cfd", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824918", "havasssj291sld.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824919", "photo-27657.cfd", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824920", "jsdakksd283ksl.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824921", "hotelsphotosite.cloud", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824922", "photo-27757.cfd", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824923", "photo-26657.cfd", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824924", "tracerecord.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824925", "book-photopage.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824926", "haddjskak827sja.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824927", "haskakwo291sa.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824928", "photohotelcheck.cloud", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824929", "pic-imageh.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824930", "photo-pagebook.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824931", "hotelphotoadm.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824932", "safehub-images.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824933", "safepic-img.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:53", "1824934", "safegallery.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-08 09:45:49", "1824917", "23.95.103.219:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/a8a141ade35e940a15eaec90cbb1a1ea35ab84725fb76bc82d46c3c88dadda04/", "remcos", "0", "abuse_ch"
"2026-06-08 09:45:37", "1824916", "nanacccoz.hopto.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/d04bc39163620ea10c58bea4ee13e4d6b4216c6294c684031fe229722f43b13f/", "remcos", "0", "abuse_ch"
"2026-06-08 09:45:29", "1824915", "94.183.232.247:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-09 05:46:32", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch"
"2026-06-08 09:45:25", "1824913", "89.125.255.5:43026", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:26", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-06-08 09:45:25", "1824914", "89.125.255.5:9999", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:26", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-06-08 09:45:24", "1824912", "87.237.52.176:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:25", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-06-08 09:44:25", "1824911", "rykwhjt.winsportiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 09:43:40", "1824910", "182.23.2.163:3252", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-08 09:43:22", "1824909", "155.103.70.100:13408", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:33", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-08 09:40:50", "1824907", "62.102.148.212:37393", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/485ff689cef4080138ce4736a53762d77a306ad9f00a172a549445812c267438/", "remcos", "0", "abuse_ch"
"2026-06-08 09:40:50", "1824908", "87.120.107.29:1194", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/59616120b2be5d3c2f79d8379c9f3fb004adaf01a81742ebd2443e28b7d5e665/", "xworm", "0", "abuse_ch"
"2026-06-08 09:40:46", "1824906", "107.175.148.82:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/98cce079164a5c1664f26841559b1d8019d146bfd6e9edc86d19c328f3ed5444/", "remcos", "0", "abuse_ch"
"2026-06-08 09:38:06", "1824811", "tviyhdt.winstone.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 09:32:56", "1824710", "win.tennis", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 09:33:00", "100", "False", "None", "8June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-08 09:30:58", "1824709", "146.70.244.90:37393", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/2a412de246786b5de31cca476e2439a5a100a965739bbb1538c4b3bec367c22f/", "remcos", "0", "abuse_ch"
"2026-06-08 09:25:44", "1824708", "192.3.45.8:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/4d1b8646c493d3fed46745143f84d655331efb35a908297c86efcdc90fe7cecd/", "remcos", "0", "abuse_ch"
"2026-06-08 09:25:42", "1824707", "107.172.13.230:3000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/cf956fe1118b0fcb053afca8bc1dd5915acb00b0f827e170f87886e2b5ec44cf/", "remcos", "0", "abuse_ch"
"2026-06-08 09:20:49", "1824706", "31.56.209.126:1996", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/9a84871cc46be89ec120268a71d7471ebd6daabc141dd392415febca15b8200a/", "xworm", "0", "abuse_ch"
"2026-06-08 09:00:17", "1824705", "154.23.189.157:14782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "True", "None", "quasarrat", "1", "_ik_"
"2026-06-08 09:00:16", "1824703", "8.130.121.65:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "True", "None", "viper", "1", "_ik_"
"2026-06-08 09:00:16", "1824704", "8.130.121.65:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "True", "None", "viper", "1", "_ik_"
"2026-06-08 09:00:15", "1824702", "154.88.97.58:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-08 08:59:31", "1824701", "mpozwop.winxbet.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 08:55:37", "1824700", "216.250.250.247:8086", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/35f6b5905b4995c50de76e54a05e644e9d384ec0101e7160685d57df9e831584/", "xworm", "0", "abuse_ch"
"2026-06-08 08:55:33", "1824699", "https://weekfoc.cyou", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/3f7d51dd1fd7024371b155765420f2220d247a49fdc593b2eae02bc96b2a206c/", "lumma", "0", "abuse_ch"
"2026-06-08 08:54:11", "1824698", "xzelng.jamjahani.cash", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 08:50:33", "1824697", "151.244.232.26:443", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/67851f424ccbe66c1d79bdb2c7dac0bcb2f833d6225014ddbf143974d5d96766/", "xworm", "0", "abuse_ch"
"2026-06-08 08:50:32", "1824696", "104.168.7.208:4231", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/bd34f9019cdc446b263f2a0eee5dcdb9646fd2d6fe37ac90243982705d44b0fd/", "remcos", "0", "abuse_ch"
"2026-06-08 08:45:38", "1824695", "195.177.94.115:2037", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/9518759689491de178398c9ddf5238f8442c6f63b08b468f938c4e6d013738af/", "remcos", "0", "abuse_ch"
"2026-06-08 08:45:37", "1824694", "107.172.13.245:7007", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/9137813c72436292c576c8312df2a2ef14507ff4c4a885fb29362ef57e9b01cf/", "xworm", "0", "abuse_ch"
"2026-06-08 08:45:32", "1824693", "throtboy.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/9518759689491de178398c9ddf5238f8442c6f63b08b468f938c4e6d013738af/", "remcos", "0", "abuse_ch"
"2026-06-08 08:44:45", "1824692", "yynpur.perfectgame.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 08:40:36", "1824691", "93.177.75.2:2467", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/3703d16f10ecd7ded0bb82164cdd5757d2b992cec36a4d7082beae0af3d7fe26/", "remcos", "0", "abuse_ch"
"2026-06-08 08:40:35", "1824690", "62.102.148.174:37393", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/2f5c8a96ff4519ae5d39f3a30cacc2d2d7064e0de52972523adeb441e4bd9389/", "remcos", "0", "abuse_ch"
"2026-06-08 08:35:42", "1824689", "31.56.209.92:443", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/07c3cc76765295534f20b4e5978fd5a158ef227f8c5815d3b59af0bafc9b821e/", "xworm", "0", "abuse_ch"
"2026-06-08 08:35:40", "1824687", "104.168.7.219:8823", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/60e6c277f91ecda36bf0892ad26c6f6ec4aa40f41c99c0b0eea8ab7b16770b1e/", "xworm", "0", "abuse_ch"
"2026-06-08 08:35:40", "1824688", "107.173.63.252:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/644622eae00f07eb21343e138fa870edf8ca5f961f69bb8c49dfcf651764f30f/", "remcos", "0", "abuse_ch"
"2026-06-08 08:35:37", "1824686", "frBvNnnFYR6XR622pBE0NQ==", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/60e6c277f91ecda36bf0892ad26c6f6ec4aa40f41c99c0b0eea8ab7b16770b1e/", "xworm", "0", "abuse_ch"
"2026-06-08 08:34:26", "1824685", "ebwgtb.vezaratshart.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 08:32:21", "1824684", "5dwz6wj9.yekbetiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 08:16:08", "1824683", "anpysts.yasbetapp.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 08:02:09", "1824637", "allcountiesroofingltd.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:09", "1824638", "altecva.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:08", "1824639", "amici-di-pogrande.it", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:08", "1824640", "andreawirsum.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:08", "1824641", "argirisangelopoulos.gr", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:07", "1824642", "balkanrefugeenetwork.org", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:07", "1824643", "bbchurch.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:06", "1824644", "berlin21.info", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:06", "1824645", "buktijpmaluku.info", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:05", "1824646", "camtechpotiskum.edu.ng", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:05", "1824647", "casobrar.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:02", "1824648", "ciberci.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:02", "1824649", "danielediana.it", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:02", "1824650", "developmental-twins.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:01", "1824651", "djlandscapingltd.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:02:00", "1824652", "dropstars.ai", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:59", "1824653", "dustyductsbegone.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:59", "1824654", "erossiconsultoria.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:59", "1824655", "evolutionairfilter.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:58", "1824656", "faculdadedamoda.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:58", "1824658", "gomberg.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:57", "1824657", "generativesolutionsus.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:57", "1824659", "iconlng.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:56", "1824660", "infocus.tn", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:55", "1824661", "ireflect.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:55", "1824662", "jkbuildersg.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:54", "1824663", "joannedeitsch.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:54", "1824665", "kidsandtas.edu.do", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:53", "1824664", "kevinfreels.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:53", "1824666", "legalmarketing.shop", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:51", "1824667", "mediweightloss.com.au", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:51", "1824668", "oficialwebsitepromotion.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:51", "1824669", "ruetraverse.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:50", "1824670", "southasianher.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:50", "1824671", "stampcollectshop.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:50", "1824672", "stroycenter.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:49", "1824673", "thepesthunter.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:49", "1824674", "tknmetal.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:48", "1824675", "trustroofingltd.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:48", "1824676", "vernerestaurant.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:48", "1824677", "viagmmy.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:47", "1824678", "victormeloadvogado.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:01:47", "1824679", "visualimpressao.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 08:00:19", "1824681", "8.130.121.65:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "True", "None", "viper", "1", "_ik_"
"2026-06-08 08:00:19", "1824682", "8.130.121.65:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "True", "None", "viper", "1", "_ik_"
"2026-06-08 07:54:40", "1824680", "vitb.ac.in", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon", "0", "varysz"
"2026-06-08 07:48:24", "1824635", "112.213.113.171:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-06-08 07:48:23", "1824633", "8.152.2.86:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-06-08 07:48:23", "1824634", "45.64.111.18:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-06-08 07:48:13", "1824632", "38.47.226.41:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 02:00:22", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-06-08 07:48:10", "1824631", "45.64.111.21:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-06-08 07:48:09", "1824630", "45.64.111.19:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-06-08 07:48:07", "1824629", "8.163.135.135:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-06-08 07:48:05", "1824628", "45.64.111.20:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-06-08 07:40:03", "1824627", "cqvdiki.xenicalby6.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 07:15:03", "1824626", "https://propertymiles.pk/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:22", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-06-08 07:11:05", "1824625", "pmhaqci.x50wheel.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 07:00:17", "1824624", "120.26.208.96:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-08 07:00:16", "1824623", "120.26.208.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-08 07:00:14", "1824622", "192.162.199.75:2222", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "True", "None", "quasarrat", "1", "_ik_"
"2026-06-08 06:59:32", "1824621", "qll4p9fw.one1xiran.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 06:36:36", "1824570", "jfdewff.link", "domain", "botnet_cc", "win.fickerstealer", "None", "Ficker Stealer", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:36", "1824571", "musonare.top", "domain", "botnet_cc", "win.metastealer", "None", "MetaStealer", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:35", "1824572", "http://212.192.246.217/access.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:35", "1824573", "http://45.9.20.13/partner/loot.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:35", "1824574", "http://37.0.8.39/access.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:34", "1824575", "http://the-flash-man.com/Installer_HwtcxtRp5S8kqr2V9ysBB7Utrt/UltraMediaBurner.exe", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:34", "1824576", "http://hsiens.xyz/addInstall.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:34", "1824577", "http://194.145.227.161/partner.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:33", "1824578", "http://194.145.227.161/dlc/sharing.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:33", "1824579", "http://cleaner-partners.ltd/check.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:32", "1824580", "http://cleaner-partners.ltd/stats/save.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:31", "1824581", "http://mazama.xyz/addInstall.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:31", "1824582", "http://appwebstat.biz/stats/1.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:31", "1824583", "http://appwebstat.biz/connection", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:30", "1824584", "http://onlinehueplet.com/77_1.exe", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:30", "1824585", "http://gc-distribution.biz/pub.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:27", "1824586", "proxybox.io", "domain", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:27", "1824587", "vsttorentz.net", "domain", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:26", "1824588", "proxy.am", "domain", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:25", "1824589", "ejvphud.ua", "domain", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:25", "1824590", "gdpkvkr.com", "domain", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:24", "1824591", "bwiesit.com", "domain", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:24", "1824592", "goeiwef.com", "domain", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:23", "1824593", "kruxjou.ua", "domain", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:21", "1824594", "shadownbr.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:21", "1824595", "ricardotro.duckdns.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:19", "1824596", "rjnfjrtc.pwrp.cc", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:19", "1824597", "rdntotoso.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:19", "1824598", "phishing.two-i.com", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:18", "1824599", "phishing.researchinstitute.io", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:18", "1824600", "kad77.duckdns.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:17", "1824601", "googlednsv1.gleeze.com", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:17", "1824602", "same53-51830.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:16", "1824603", "phishing.classofcovid.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:16", "1824604", "stoneaged.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:15", "1824605", "phishing.clubmilanovolley.com", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:15", "1824606", "phishing.marthasvineyardfitness.com", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:14", "1824607", "fuck-life007.no-ip.biz", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:14", "1824608", "phishing.flyingdiscranchdates.com", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:13", "1824609", "hacker.two-i.com", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:13", "1824610", "phishing.www.cathedrale-images.com", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:12", "1824611", "phishing.xoilacane.live", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:36:12", "1824612", "mangy10.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 06:31:24", "1824620", "zlyupbm.wrfc8.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 01:18:31", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 06:30:51", "1824619", "9t9m7lad.yektbet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 06:28:37", "1824618", "bikldg.volleyball.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 06:15:03", "1824617", "https://resultsxagency.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-06-08 06:05:02", "1824616", "zqzlac.vezaratshart.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 05:54:59", "1824615", "sesksz.venusbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 05:52:27", "1824614", "ylljjmv.wolfenm.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 05:52:15", "1824613", "wolfenm.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 05:52:16", "100", "False", "None", "8June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-08 05:14:16", "1824550", "bzwbfps.winxbet.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 22:43:46", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 05:00:15", "1824549", "154.88.96.57:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-08 05:00:14", "1824548", "154.88.96.49:8884", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-08 04:54:31", "1824547", "gysxrbg.winstone.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 04:54:12", "1824546", "winstone.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 09:34:08", "100", "False", "None", "8June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-08 04:45:27", "1824545", "pqxlboc.winsportiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 22:34:08", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 04:30:14", "1824544", "33liwbcf.parspoker.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 04:10:07", "1824540", "https://45.91.81.190:8443", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://x.com/solostalking/status/2063834202454598012?s=20", "None", "0", "solostalking"
"2026-06-08 04:10:07", "1824541", "https://103.214.174.248:8443", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://x.com/solostalking/status/2063834202454598012?s=20", "None", "0", "solostalking"
"2026-06-08 04:10:07", "1824542", "https://108.61.193.37:8443", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://x.com/solostalking/status/2063834202454598012?s=20", "None", "0", "solostalking"
"2026-06-08 04:07:01", "1824543", "ghbfozy.olabahiskayit.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 03:53:59", "1824539", "iidqou.jamjahani.app", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 03:44:42", "1824538", "dphxsy.perfectgame.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 03:41:56", "1824536", "161.248.87.185:2844", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7258a8eec22b21345dc754e2b90b36e6faec37978ce6a8cd327767df23a5d27f/", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-06-08 03:41:56", "1824537", "27.124.40.162:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7258a8eec22b21345dc754e2b90b36e6faec37978ce6a8cd327767df23a5d27f/", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-06-08 03:41:34", "1824534", "2844.xzz.cam", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/7258a8eec22b21345dc754e2b90b36e6faec37978ce6a8cd327767df23a5d27f/", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-06-08 03:41:34", "1824535", "backdoor.cyou", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/7258a8eec22b21345dc754e2b90b36e6faec37978ce6a8cd327767df23a5d27f/", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-06-08 03:35:57", "1824328", "frostapp.fr", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:56", "1824329", "kuralyok.com.tr", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:55", "1824330", "blank-rfhww.in", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:55", "1824331", "skoch-osjdw.in", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:55", "1824332", "skoch-wif67.in", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:54", "1824333", "blank-c1vj5.in", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:54", "1824334", "g98546cg.beget.tech", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:53", "1824335", "shaurma.fun", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:53", "1824336", "skoch-7bced.in", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:53", "1824337", "o5.gg", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:52", "1824338", "blank-jknks.in", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:51", "1824339", "skoch-eadr7.in", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:50", "1824340", "brn-hacker.duckdns.org", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:50", "1824341", "blank-1spec.in", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:21", "1824342", "a0928733.xsph.ru", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:20", "1824343", "blank-actsa.in", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:20", "1824344", "blank-vm1ir.in", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:20", "1824345", "blank-iq5vj.in", "domain", "botnet_cc", "py.blankgrabber", "None", "BlankGrabber", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:15", "1824347", "segurityopen12.mysynology.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:14", "1824346", "dmitrievan.temp.swtest.ru", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:13", "1824348", "583848.clmonth.nyashteam.top", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:13", "1824349", "954591cm.nyashsens.top", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:12", "1824350", "bl.furries.com.cn", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:12", "1824351", "velve12.duckdns.org", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:11", "1824352", "logisctismes.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:10", "1824353", "marklogs.ddns.me", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:10", "1824354", "camtakeit.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:09", "1824355", "cfo111.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:09", "1824356", "cfo1111.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:09", "1824357", "cfo1111.hopto.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:07", "1824358", "xyzeeeee.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:07", "1824359", "alisteelhousee.ddns.net", "domain", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "2026-06-08 05:46:37", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:06", "1824360", "blackhills.ddns.net", "domain", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "2026-06-08 05:46:37", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:06", "1824361", "extensions14718.sytes.net", "domain", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "2026-06-08 05:46:37", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:05", "1824362", "newmone.ddns.net", "domain", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "2026-06-08 05:46:37", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:05", "1824363", "william1979.ddns.net", "domain", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "2026-06-08 05:46:37", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:03", "1824364", "adhaehaht-42050.portmap.host", "domain", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:02", "1824365", "vrstudio.life", "domain", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:02", "1824366", "gamestudio.life", "domain", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:01", "1824367", "teamszs.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:35:00", "1824368", "downcry.s3.ap-east-1.amazonaws.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:59", "1824370", "404xh.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:58", "1824371", "14cabp433878.vicp.fun", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:58", "1824372", "so-axiom.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:56", "1824373", "gusikkwski.top", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:53", "1824375", "wwnbslklfdsrf.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:52", "1824376", "merengagoi.bond", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:06", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:50", "1824377", "gooddogshop.click", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:05", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:50", "1824378", "infospi.pl", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:47", "1824379", "krempie.xyz", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:05", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:46", "1824380", "productionmaza.bond", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:07", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:46", "1824381", "mymicroblog.lat", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:07", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:45", "1824382", "bigboysclub.cyou", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:03", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:45", "1824383", "antongandon.club", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:03", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:44", "1824384", "productionmaza.cfd", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:07", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:44", "1824385", "mybiggestjoy.bond", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:06", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:44", "1824386", "denegnet.click", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:04", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:43", "1824387", "productionmaza.cyou", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:07", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:43", "1824388", "blatnoitovar.xyz", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:04", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:43", "1824389", "goodgoodmoon.bond", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:05", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:42", "1824390", "bestwebchlen.cyou", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:03", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:42", "1824391", "beacon-mysummitfcu.org", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:41", "1824392", "allplanetssame.cfd", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:03", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:41", "1824393", "microblob.bond", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 17:54:06", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:39", "1824455", "creazionmedia.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,etherhiding,Polygon", "0", "varysz"
"2026-06-08 03:34:38", "1824456", "flavorcreationsnola.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,etherhiding,Polygon", "0", "varysz"
"2026-06-08 03:34:38", "1824457", "psicohipnos.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,etherhiding,Polygon", "0", "varysz"
"2026-06-08 03:34:37", "1824453", "remoteshcontrol.com", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-08 21:20:19", "100", "False", "", "ClearFake,Polygon", "0", "varysz"
"2026-06-08 03:34:35", "1824451", "mikelle.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-08 21:20:19", "100", "False", "", "ClearFake,Polygon", "0", "varysz"
"2026-06-08 03:34:35", "1824452", "remotesh.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-08 21:20:19", "100", "False", "", "ClearFake,Polygon", "0", "varysz"
"2026-06-08 03:34:33", "1824445", "85.209.163.250:3000", "ip:port", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.youtube.com/watch?v=GbYuFCUh_hs", "chrome-extension,roblox,session-hijacking", "1", "fyliez"
"2026-06-08 03:34:32", "1824422", "134.209.87.103:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-09 06:13:48", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight"
"2026-06-08 03:34:31", "1824421", "167.71.5.187:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-09 06:13:08", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight"
"2026-06-08 03:34:28", "1824369", "teams-securecall.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-08 03:34:27", "1824460", "47.119.179.4:6379", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "85", "False", "https://twitter.com/NullBlue67", "module-load,muhstik,redis,ssh-key-plant", "0", "nullblue67"
"2026-06-08 03:34:27", "1824461", "115.231.76.176:60105", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "85", "False", "https://twitter.com/NullBlue67", "muhstik,redis,slaveof-master", "0", "nullblue67"
"2026-06-08 03:34:27", "1824462", "https://121.176.14.102/sh", "url", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "c2,docker-api,redtail", "0", "nullblue67"
"2026-06-08 03:34:26", "1824463", "156.67.105.185:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "docker-api,Redtail", "0", "nullblue67"
"2026-06-08 03:34:26", "1824464", "47.88.104.101:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "docker-api,Redtail", "0", "nullblue67"
"2026-06-08 03:34:25", "1824470", "getalib.org", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "", "100", "False", "", "c2,ClearFake", "0", "varysz"
"2026-06-08 03:34:24", "1824471", "aplusrenovation.ca", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:34:24", "1824472", "autotintas.com.br", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:34:23", "1824473", "awaywithpauline.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:34:23", "1824474", "barqalsahra.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:34:22", "1824475", "danielrefaeli.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:34:22", "1824476", "design360.asia", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:34:22", "1824477", "ebmaa.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:34:21", "1824478", "ecommerceautomators.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:57", "1824479", "edu4arab.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:57", "1824480", "emmauscollegeoftheology.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:56", "1824481", "febapak.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:52", "1824482", "gcconsult.ca", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:51", "1824483", "gergean.com.br", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:51", "1824484", "gsc.design", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:51", "1824485", "hutor68.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:50", "1824486", "internationalshade.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:50", "1824487", "janadventures.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:49", "1824488", "just4dance.de", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:48", "1824489", "kadatimes.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:48", "1824490", "kijkinfo.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:47", "1824492", "marjeyounshoppingcenter.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:45", "1824491", "letsreadquran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:44", "1824493", "melixelectrical.com.au", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:44", "1824494", "meselectrics.com.au", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:37", "1824506", "washingtonvisiontherapy.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "ClearFake,compromised", "0", "varysz"
"2026-06-08 03:33:35", "1824514", "45.88.186.59:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "None", "210558,asyncrat,c2,censys", "0", "sojubear"
"2026-06-08 03:33:35", "1824515", "45.88.186.59:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "None", "210558,asyncrat,c2,censys", "0", "sojubear"
"2026-06-08 03:33:34", "1824516", "45.88.186.59:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "None", "210558,asyncrat,c2,censys", "0", "sojubear"
"2026-06-08 03:33:34", "1824517", "45.88.186.59:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "None", "210558,asyncrat,c2,censys", "0", "sojubear"
"2026-06-08 03:33:33", "1824526", "https://hoteldugolfe.corsica/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/hoteldugolfe.corsica", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 03:33:32", "1824527", "https://www.lorisdanesi.it/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.lorisdanesi.it", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 03:33:32", "1824528", "https://tracklifefit.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/tracklifefit.com.br", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 03:33:31", "1824530", "https://sharepoint.tu-dresden.be/tqqud08zj6yh94pf", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/sharepoint.tu-dresden.be", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 03:33:30", "1824531", "https://aboutbraces.org/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/aboutbraces.org", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 03:33:30", "1824532", "https://flownavalarchitect.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/flownavalarchitect.com", "ClickFix", "0", "CarsonWilliams"
"2026-06-08 03:26:12", "1824533", "bdfzsbr.kvbel.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 02:52:02", "1824529", "uadcmxt.kbshavanese.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 02:29:51", "1824525", "1nmuyb5y.parspoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 02:29:32", "1824524", "hhb3xwzf.parspoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-08 02:11:27", "1824523", "dihsov.jamjahani.cash", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 02:08:54", "1824522", "etpvftw.one1x.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 02:00:21", "1824521", "43.110.54.62:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-08 01:59:20", "1824520", "1hrrc4q6.onexboro.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 01:53:45", "1824519", "eterjrb.one1x.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 01:19:44", "1824518", "omxvqrt.penalty.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 00:41:06", "1824513", "atuxkke.penalti.website", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 00:30:30", "1824512", "bl7gsqjt.parsgoal90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-08 00:29:11", "1824511", "egbofo.jamjahani.cash", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-08 00:29:06", "1824510", "m5zv3oa7.parsgoal90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-08 00:02:39", "1824509", "pdbrpnf.penaltibazi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 23:45:14", "1824508", "209.200.246.194:17568", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:16", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-07 23:20:15", "1824507", "jhejjsa.penality.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 22:41:46", "1824469", "dfjdzmq.penality.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 22:29:50", "1824468", "krqbplar.mrbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 22:28:37", "1824467", "zqvol7d5.mrbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 22:24:21", "1824466", "ygxcnh.jamjahani.football", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 22:14:04", "1824465", "utpesi.pablobet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 22:04:33", "1824459", "dvciwh.oxidbet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 22:02:41", "1824458", "jepbtnj.pasur21.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 21:55:44", "1824454", "uznjkx.onlineshart.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 21:24:21", "1824450", "aylkfoq.pasoor11.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 21:15:32", "1824449", "uafzmeq.mangobetfarsi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 21:00:13", "1824448", "134.175.250.157:18082", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-07 20:58:12", "1824447", "lxnfayp0.onexfa.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 20:41:08", "1824446", "dkfcpnk.ninjafruitcubes.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 20:29:20", "1824444", "k3q6fgf9.parsbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 20:28:15", "1824443", "dhvutaee.parsbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 19:21:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 20:02:49", "1824442", "rritelh.one1xbet.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 20:00:22", "1824441", "101.34.249.170:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-07 20:00:21", "1824440", "45.64.111.22:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-07 20:00:20", "1824438", "45.64.111.22:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:10", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-07 20:00:20", "1824439", "45.64.111.22:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-07 19:54:41", "1824437", "szdfpv.jamjahani2026.football", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 19:45:57", "1824436", "87.107.191.39:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-07 19:45:13", "1824435", "94.183.232.247:443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-09 05:46:32", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch"
"2026-06-07 19:45:12", "1824434", "93.127.141.93:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2026-06-09 05:46:31", "75", "False", "None", "drb-ra,Hook", "0", "abuse_ch"
"2026-06-07 19:45:00", "1824433", "82.156.224.184:8080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:19", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-06-07 19:44:52", "1824432", "52.90.29.87:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:08", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-06-07 19:44:43", "1824431", "46.246.96.214:8082", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:51", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-06-07 19:44:40", "1824430", "45.38.20.122:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:47", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-06-07 19:44:35", "1824429", "40.83.75.96:4000", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:39", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-06-07 19:43:55", "1824428", "209.99.185.96:20100", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-06-07 19:43:38", "1824427", "182.23.2.163:8211", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:02", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-07 19:43:30", "1824426", "172.189.57.198:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:48", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-06-07 19:35:47", "1824425", "14.128.53.229:38217", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5c12d9b33c2d28dc2323bfa7db99e264fe292dca9ad1ac83f99b2e3762e67cb1/", "valleyrat_s2", "0", "abuse_ch"
"2026-06-07 19:35:39", "1824424", "aeerglaeergl098.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5c12d9b33c2d28dc2323bfa7db99e264fe292dca9ad1ac83f99b2e3762e67cb1/", "valleyrat_s2", "0", "abuse_ch"
"2026-06-07 19:19:56", "1824423", "ljbtuch.kbshavanese.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 18:41:55", "1824420", "eqfjmvb.kvbel.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 18:28:45", "1824419", "rsa2rwi5.parsc.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 18:27:54", "1824418", "qza78s32.parsc.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 18:27:47", "1824417", "parsc.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 18:28:53", "100", "False", "None", "7June2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm"
"2026-06-07 18:02:58", "1824416", "usghiem.olabahiskayit.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 17:55:10", "1824415", "owmekh.yasbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 17:33:09", "1824414", "fellshow.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-08 09:45:53", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-07 17:25:02", "1824413", "nwdzgly.ninjafruitcubes.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 17:11:43", "1824412", "oregrlk.mangobetfarsi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 16:29:05", "1824411", "jrekcyl.pasoor11.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 16:28:42", "1824410", "rd7o3xct.parsgoal90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 16:28:01", "1824409", "!k!.pasoor11.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 05:53:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 16:27:38", "1824408", "u8z97prx.parsgoal90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 15:20:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 16:19:13", "1824407", "cpanel.clinchstar.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/116709690860097580", "SocGholish", "0", "monitorsg"
"2026-06-07 16:19:12", "1824406", "http://94.26.83.133/4940cc4b5ddb4a2bb8f8.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-09 06:09:00", "100", "False", "None", "ataka0506,c2,loader,StealC,stealer", "0", "Bitsight"
"2026-06-07 16:19:11", "1824398", "shssshdscn.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-08 21:20:19", "100", "False", "", "ClearFake,Polygon", "0", "varysz"
"2026-06-07 16:19:10", "1824397", "npanssltejs.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-08 21:20:18", "100", "False", "", "ClearFake,Polygon", "0", "varysz"
"2026-06-07 16:19:09", "1824395", "2no.co", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-08 21:20:17", "100", "False", "", "ClearFake,Polygon", "0", "varysz"
"2026-06-07 16:19:09", "1824396", "lskannsserv.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-08 21:20:18", "100", "False", "", "ClearFake,Polygon", "0", "varysz"
"2026-06-07 16:00:22", "1824405", "43.143.145.187:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-07 15:58:36", "1824404", "xsutsu.jamjahani2026.football", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 15:57:17", "1824403", "po6drihx.onexprobet.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 15:49:39", "1824402", "ddimsjy.pasoorbazi.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 15:49:30", "1824401", "pasoorbazi.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:49:35", "100", "False", "None", "7June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-07 15:44:17", "1824400", "wxjbkv.onlineshart.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 18:34:16", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 15:34:48", "1824399", "whdecl.oxidbet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 15:25:04", "1824394", "mutvwz.ozabet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 15:22:37", "1824320", "b4376y8b.asion.gr", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:36", "100", "False", "", "clearfake,clickfix", "0", "uwucutecatgirl"
"2026-06-07 15:22:36", "1824321", "2jgfxx83.liketudong.biz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:38", "100", "False", "", "clearfake,clickfix", "0", "uwucutecatgirl"
"2026-06-07 15:22:36", "1824322", "30tr04n4gr4m4.cndb-jsdelivr-net.christmas", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:40", "100", "False", "", "clearfake,clickfix", "0", "uwucutecatgirl"
"2026-06-07 15:22:34", "1824323", "udyvsthy.quantum-vault.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:05", "100", "False", "", "clearfake,clickfix", "0", "uwucutecatgirl"
"2026-06-07 15:22:32", "1824319", "runtime-foundry.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:34", "100", "False", "", "clearfake,clickfix", "0", "uwucutecatgirl"
"2026-06-07 15:22:31", "1824318", "kernel-cascade.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "", "clearfake,clickfix", "0", "uwucutecatgirl"
"2026-06-07 15:22:29", "1824317", "thickentributary.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "", "clearfake,clickfix", "0", "uwucutecatgirl"
"2026-06-07 15:22:28", "1824316", "j1jh2b9y.jacksorbetter.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "", "clearfake,clickfix", "0", "uwucutecatgirl"
"2026-06-07 15:22:27", "1824313", "4bc74592e63eddfbf8d60991f1987369fd94983cbe1aea350f31f50bad2e2ccb", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/a4225ad00fbe2123e27d25bca0988586164e2467762d2d1db304300b2d24d04b", "clickfix,mcjit-loader,midie,webdav", "0", "Lenny3BO"
"2026-06-07 15:22:27", "1824315", "container-atlas.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "", "clearfake,clickfix", "0", "uwucutecatgirl"
"2026-06-07 15:22:26", "1824312", "c15b5b6667ea2766cc5e7187818414b2", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/a4225ad00fbe2123e27d25bca0988586164e2467762d2d1db304300b2d24d04b", "clickfix,mcjit-loader,midie,webdav", "0", "Lenny3BO"
"2026-06-07 15:22:25", "1824311", "auyflxp.emshab.bet", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/a4225ad00fbe2123e27d25bca0988586164e2467762d2d1db304300b2d24d04b", "clickfix,mcjit-loader,midie,webdav", "0", "Lenny3BO"
"2026-06-07 15:22:24", "1824296", "http://78.40.117.175:8000/xmrig", "url", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "85", "False", "https://twitter.com/NullBlue67", "cryptojacking,docker-api,monero,xmrig", "0", "nullblue67"
"2026-06-07 15:22:24", "1824310", "https://auyflxp.emshab.bet/67f96131-221b-4322-8c31-cbfd82a14546", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/a4225ad00fbe2123e27d25bca0988586164e2467762d2d1db304300b2d24d04b", "clickfix,mcjit-loader,midie,webdav", "0", "Lenny3BO"
"2026-06-07 15:22:23", "1824295", "152.32.130.136:80", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "CVE-2017-9841,libredtail-http,redtail", "0", "nullblue67"
"2026-06-07 15:22:22", "1824293", "163.7.1.156:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "docker-api,Redtail", "0", "nullblue67"
"2026-06-07 15:22:22", "1824294", "104.234.155.104:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "docker-api,Redtail", "0", "nullblue67"
"2026-06-07 15:22:21", "1824292", "38.207.182.124:2375", "ip:port", "payload_delivery", "elf.xmrig", "None", "XMRIG", "", "85", "False", "https://twitter.com/NullBlue67", "docker-api,monero,xmrig", "0", "nullblue67"
"2026-06-07 15:22:20", "1824279", "167.172.35.253:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-07 17:46:31", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight"
"2026-06-07 15:22:19", "1824278", "206.189.109.161:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-07 18:10:37", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight"
"2026-06-07 15:13:52", "1824327", "seuvsq.pablobet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 18:53:48", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 15:11:02", "1824326", "eqzsjra.pasur21.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 15:10:43", "1824325", "!k!.pasur21.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 15:15:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 15:09:38", "1824324", "quyycf.parsball.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 15:00:13", "1824314", "43.143.145.187:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-07 14:33:07", "1824309", "lvjekhq.penality.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 14:32:11", "1824308", "!k!.penality.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 03:58:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 14:28:11", "1824307", "015bj63k.parspoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 14:27:11", "1824306", "puygyxc6.parspoker90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 03:25:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 14:00:21", "1824303", "54.179.134.249:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-07 14:00:21", "1824304", "204.152.221.185:80", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-07 14:00:21", "1824305", "38.55.194.135:11013", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-07 14:00:20", "1824302", "47.83.145.123:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-07 14:00:19", "1824301", "14.103.181.103:10088", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-07 13:54:08", "1824300", "rwnkdep.penality.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 13:53:41", "1824299", "penality.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 23:20:03", "100", "False", "None", "7June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-07 13:19:39", "1824298", "qlggges.penaltibazi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 13:19:09", "1824297", "!k!.penaltibazi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 03:20:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 13:04:57", "1824291", "nnunvu.jamjahani.football", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 13:00:16", "1824290", "85.121.4.107:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-07 13:00:13", "1824289", "85.121.4.107:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-07 12:39:31", "1824288", "wfmbnyx.penalti.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 12:38:28", "1824287", "!k!.penalti.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 12:38:24", "1824286", "penalti.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 12:39:26", "100", "False", "None", "7June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-07 12:27:36", "1824285", "et8095ov.parspoker.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 21:22:32", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 12:01:14", "1824284", "jgjikxq.penalti.website", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 12:00:03", "1824283", "!k!.penalti.website", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 18:42:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 11:22:13", "1824282", "jvlckru.penalty.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 19:20:44", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 11:06:43", "1824281", "idwfsf.jamjahani.cash", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 10:56:55", "1824280", "et5qogz2.one1xbet.promo", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 10:43:12", "1824277", "nqbecrh.one1x.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 10:28:29", "1824276", "g2z2cnlz.pascal.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 10:27:10", "1824275", "pascal.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 10:27:16", "100", "False", "None", "7June2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm"
"2026-06-07 10:06:57", "1824274", "5bksyseg.betistmobil.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 10:05:17", "1824273", "zfrfayl.one1xbet.app", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 10:03:38", "1824272", "l9tynneu.mybookieiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 10:01:58", "1824271", "ofin6ctx.mybookieiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 10:02:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 10:00:22", "1824270", "165.154.227.66:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-07 10:00:21", "1824269", "165.154.227.66:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-07 09:52:47", "1824263", "http://176.65.139.151/Sakura.sh", "url", "payload_delivery", "elf.mirai", "Katana", "Mirai", "", "90", "False", "https://twitter.com/NullBlue67", "mirai,multi-arch,sakura,ssh", "0", "nullblue67"
"2026-06-07 09:52:46", "1824264", "221.130.29.85:2375", "ip:port", "payload_delivery", "elf.kinsing", "h2miner", "Kinsing", "", "85", "False", "https://twitter.com/NullBlue67", "chroot-escape,docker-api,Kinsing", "0", "nullblue67"
"2026-06-07 09:52:45", "1824265", "107.172.252.155:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "docker-api,Redtail", "0", "nullblue67"
"2026-06-07 09:52:44", "1824266", "47.253.5.130:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "docker-api,Redtail", "0", "nullblue67"
"2026-06-07 09:52:43", "1824267", "118.26.111.107:80", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "CVE-2017-9841,libredtail-http,redtail", "0", "nullblue67"
"2026-06-07 09:52:42", "1824268", "31.77.156.62:80", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "85", "False", "https://twitter.com/NullBlue67", "CVE-2017-9841,libredtail-http,redtail", "0", "nullblue67"
"2026-06-07 09:45:38", "1824262", "89.125.255.5:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:26", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-06-07 09:45:31", "1824260", "80.253.249.67:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-07 09:45:31", "1824261", "80.66.72.174:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-06-07 09:45:24", "1824259", "60.191.87.107:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:46:09", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-06-07 09:44:59", "1824258", "45.13.212.232:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:44", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-06-07 09:44:57", "1824256", "43.136.92.170:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:45:41", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-06-07 09:44:57", "1824257", "43.136.92.170:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:45:41", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-06-07 09:44:50", "1824255", "31.57.184.154:2505", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-06-07 09:44:10", "1824254", "209.99.188.193:4323", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:31", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-06-07 09:43:45", "1824253", "182.23.2.163:17001", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-07 09:43:38", "1824252", "172.81.61.108:2030", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:49", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-06-07 09:43:26", "1824251", "154.94.232.165:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:33", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-06-07 09:43:23", "1824249", "146.70.41.174:3000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:29", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-06-07 09:43:23", "1824250", "147.124.210.158:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-06-07 09:43:17", "1824248", "138.9.118.222:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-07 09:43:16", "1824247", "137.184.163.27:5613", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:21", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-06-07 09:29:35", "1824246", "a96ampff.mrgreenbetiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 09:28:24", "1824245", "ksaj1cgw.mrgreenbetiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 09:29:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 09:26:59", "1824244", "avygupe.one1xbet.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 09:02:09", "1824243", "mqbjnx.jamjahani.app", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 08:50:18", "1824242", "frans-meijers.nl", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/3fc87275954273657917b849d85fed130a8c8392950d64004f8b9fd61b97603d/", "nanocore", "0", "abuse_ch"
"2026-06-07 08:47:45", "1824241", "ilmlvxt.lolsurpriseball.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 08:09:38", "1824240", "bvnvrjx.kvbel.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 08:00:24", "1824238", "194.182.79.61:5038", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "True", "None", "dcrat", "1", "_ik_"
"2026-06-07 08:00:24", "1824239", "1.14.59.224:8888", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "True", "None", "dcrat", "1", "_ik_"
"2026-06-07 08:00:23", "1824237", "69.167.11.229:443", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "True", "None", "dcrat", "1", "_ik_"
"2026-06-07 08:00:22", "1824236", "77.93.157.134:8081", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-07 08:00:21", "1824235", "70.39.203.7:8085", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "True", "None", "vshell", "1", "_ik_"
"2026-06-07 07:40:42", "1824234", "207.56.119.59:777", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5383de5956d052794022598d14df4f8ccaf6c278f6d5b8c13dc2ec0ab6b10fe3/", "valleyrat_s2", "0", "abuse_ch"
"2026-06-07 07:31:09", "1824233", "hdkkxsm.kbshavanese.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 07:30:07", "1824231", "207.56.119.59:888", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-06-07 07:30:07", "1824232", "23.160.168.174:4444", "ip:port", "botnet_cc", "win.raton_rat", "None", "RatonRAT", "", "100", "False", "None", "RatonRAT", "0", "abuse_ch"
"2026-06-07 07:29:27", "1824230", "3mm5jtvt.mrbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 07:28:53", "1824229", "http://inini.kesug.com/maith.php", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "100", "False", "", "None", "0", "abuse_ch"
"2026-06-07 07:27:55", "1824228", "s1s2jfjh.mrbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 17:21:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 07:23:29", "1824083", "94.26.3.180:56002", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:28", "1824084", "94.26.3.180:56003", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:28", "1824085", "172.86.93.229:56003", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:28", "1824086", "209.99.185.216:1013", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:27", "1824087", "103.97.131.179:56002", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:27", "1824088", "94.26.3.52:56003", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:26", "1824089", "192.109.200.22:56001", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:26", "1824090", "193.202.84.1:8080", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:26", "1824091", "193.233.198.38:56002", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:25", "1824092", "45.156.87.169:5631", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:25", "1824093", "144.31.191.160:56002", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:25", "1824094", "116.213.43.144:444", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:24", "1824095", "45.138.16.104:56003", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:24", "1824097", "31.56.209.105:56001", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:23", "1824096", "151.243.250.237:56002", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "2026-06-06 16:20:49", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:22", "1824098", "77.83.39.141:56002", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:22", "1824099", "77.83.39.141:56003", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "", "PureHVNC,PureRAT,ResolverRAT", "0", "whoamix302"
"2026-06-07 07:23:21", "1824171", "120.55.246.213:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:09", "50", "False", "None", "37963,c2,censys,cobalt strike", "0", "sojubear"
"2026-06-07 07:23:19", "1824052", "203.88.125.186:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "", "Sliver", "0", "whoamix302"
"2026-06-07 07:23:18", "1824053", "149.12.67.99:445", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "75", "False", "", "aka,Xtreme RAT", "0", "whoamix302"
"2026-06-07 07:23:18", "1824068", "169.239.130.20:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "None", "DDoS,honeypot,IoT,telnet", "0", "wasuma"
"2026-06-07 07:23:17", "1824070", "95.59.142.69:2375", "ip:port", "payload_delivery", "elf.redtail", "None", "RedTail", "", "90", "False", "https://twitter.com/NullBlue67", "docker-api,libredtail-http,Redtail", "0", "nullblue67"
"2026-06-07 07:23:14", "1824149", "aptabase.jesfeoqrj3.xyz", "domain", "botnet_cc", "apk.androrat", "None", "AndroRAT", "", "100", "False", "", "android,c2,google-play,spyware", "1", "Independent"
"2026-06-07 07:23:14", "1824180", "c8828efba8e167e85a1d7f4a86aa743f1bba9c19e467a4e7e50e7970d51b28a9", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://otx.alienvault.com/pulse/6a23c8bd4940266d4f3ae8dd", "None", "0", "miikie"
"2026-06-07 07:23:14", "1824181", "f2d3905ee38b2b5c0b724d582f14eb1db7621ffb8f3826df686a20784341614c", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://otx.alienvault.com/pulse/6a23c8bd4940266d4f3ae8dd", "None", "0", "miikie"
"2026-06-07 07:23:12", "1824182", "3eebbad99104a48977441a791829a7a442e745ee27b7ab1be7e7418b7ca3e8d9", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://otx.alienvault.com/pulse/6a23c8bd4940266d4f3ae8dd", "None", "0", "miikie"
"2026-06-07 07:23:12", "1824183", "df9e38ea510a595071a3263a83a15753fc1b51c29655eaa9579efc8d1dff6f29", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://otx.alienvault.com/pulse/6a23c8bd4940266d4f3ae8dd", "None", "0", "miikie"
"2026-06-07 07:23:12", "1824184", "bantamoro.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://otx.alienvault.com/pulse/6a23c8bd4940266d4f3ae8dd", "None", "0", "miikie"
"2026-06-07 07:23:11", "1824188", "151.243.113.33:9000", "ip:port", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://otx.alienvault.com/pulse/6a23c8bd4940266d4f3ae8dd", "None", "0", "miikie"
"2026-06-07 07:23:10", "1824185", "dataramara.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://otx.alienvault.com/pulse/6a23c8bd4940266d4f3ae8dd", "None", "0", "miikie"
"2026-06-07 07:23:09", "1824186", "davalnd.top", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://otx.alienvault.com/pulse/6a23c8bd4940266d4f3ae8dd", "None", "0", "miikie"
"2026-06-07 07:23:09", "1824187", "151.243.113.33:443", "ip:port", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://otx.alienvault.com/pulse/6a23c8bd4940266d4f3ae8dd", "None", "0", "miikie"
"2026-06-07 07:23:08", "1824189", "151.243.113.57:443", "ip:port", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://otx.alienvault.com/pulse/6a23c8bd4940266d4f3ae8dd", "None", "0", "miikie"
"2026-06-07 07:23:07", "1824206", "176.65.139.126:2701", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "False", "None", "mirai", "0", "seckle"
"2026-06-07 07:21:04", "1824227", "43.99.110.114:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2026-06-07 07:20:51", "1824226", "119.91.78.3:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666", "0", "abuse_ch"
"2026-06-07 07:20:50", "1824225", "165.154.227.66:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:11", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-06-07 07:06:56", "1824223", "lastnight.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-08 09:45:53", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-07 07:06:56", "1824224", "lightsnow.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-08 09:45:53", "100", "False", "", "None", "1", "michaelschrijver"
"2026-06-07 07:01:34", "1824222", "lbgkfp.jamjahani2026.football", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 06:52:46", "1824221", "boixyye.jogodobicho.games", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 06:50:35", "1824220", "lishman.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/ab7cc466b9ef866753d53adf76f5ac36a5fe54642dcd21ee3f0b7fcdf3ac4f9a/", "nanocore", "0", "abuse_ch"
"2026-06-07 06:45:09", "1824219", "172.111.169.79:9702", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "None", "RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-07 06:45:06", "1824218", "196.251.107.114:24033", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "None", "RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-07 06:45:02", "1824217", "38.60.250.187:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch"
"2026-06-07 06:18:34", "1824216", "yxjmsvr.jamjahani.world", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-07 05:27:57", "1824214", "qtcfxojh.mostbetresmi.site", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 05:05:53", "1824212", "2dz4gggg.betgopro.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 04:56:12", "1824209", "!k!.one1xbet.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 04:43:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 04:18:14", "1824207", "one1xbet.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 09:25:49", "100", "False", "None", "7June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-07 03:28:54", "1824199", "efd7fi03.monti.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 03:00:42", "1824195", "!k!.one1x.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 19:59:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 02:22:14", "1824193", "!k!.olabahiskayit.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 21:55:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 01:28:07", "1824174", "60hx33ds.minescasino.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-07 01:03:28", "1824168", "!k!.ninjafruitcubes.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 05:13:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 00:37:37", "1824164", "!k!.nbabet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 17:13:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-07 00:04:52", "1824163", "mhjzma3p.betebetwin.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 23:27:45", "1824160", "4h79jvxe.metrobahiscark.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 23:00:15", "1824155", "35.225.227.214:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:13", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-06 22:45:25", "1824151", "154.198.49.31:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:08", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-06 21:03:41", "1824141", "hetljl.jamjahani.football", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 19:06:41", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-06 20:00:20", "1824136", "173.249.41.141:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:52", "100", "True", "None", "havoc", "1", "_ik_"
"2026-06-06 20:00:19", "1824135", "13.140.132.118:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:18", "100", "True", "None", "havoc", "1", "_ik_"
"2026-06-06 19:44:54", "1824134", "95.211.182.120:6794", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-06-06 19:44:51", "1824133", "91.221.191.167:4323", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:29", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-06-06 19:44:38", "1824132", "5.230.201.36:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-06-06 19:44:37", "1824131", "5.230.201.242:1994", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:05", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-06 19:44:30", "1824130", "46.151.182.243:55380", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:45:50", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-06 19:43:45", "1824129", "2.26.75.239:1971", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-06 19:43:40", "1824127", "192.159.99.26:6969", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-06-06 19:43:40", "1824128", "192.177.111.89:7788", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-06 19:43:35", "1824126", "185.192.124.218:2177", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:44:05", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-06 19:43:22", "1824125", "158.94.211.253:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:40", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-06 19:43:21", "1824124", "157.254.223.135:2600", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:38", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-06-06 19:43:19", "1824123", "156.225.22.201:1337", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:35", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-06-06 19:26:46", "1824121", "7tzr8pjb.mattheneus-healthcare.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 19:03:48", "1824119", "s3unirpm.bet90land.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 19:03:08", "1824118", "rxxgnn.jamjahani.cash", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 21:06:31", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-06 18:45:12", "1824111", "1314180598-d1gxufiq1h.ap-guangzhou.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-06 17:28:13", "1824106", "is34r2fh.marc90bet.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 15:25:38", "1824072", "923nr8dp.chloroquineser.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 14:03:17", "1824059", "po9isauo.bet90boro.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 13:57:38", "1824054", "!k!.mangobetfarsi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 05:52:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-06 13:25:26", "1824051", "v47m17r8.cerocarey.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 13:19:11", "1824048", "!k!.lolsurpriseball.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 08:47:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-06 12:57:37", "1824044", "dlklyo.jamjahani2026.football", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 03:54:33", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-06 11:45:14", "1824029", "154.12.86.154:55555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-06 11:45:14", "1824030", "154.12.86.154:8889", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:08", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-06 11:45:14", "1824031", "154.12.86.154:9004", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:08", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-06 11:25:45", "1824027", "34bbeito.canlibahis1xbet.click", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 11:23:35", "1824026", "!k!.kvbel.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 21:16:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-06 10:44:16", "1824017", "!k!.kbshavanese.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 20:37:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-06 10:32:44", "1824014", "156.245.235.51:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:05", "100", "False", "None", "CobaltStrike,cs-watermark-1234567890", "0", "abuse_ch"
"2026-06-06 10:32:30", "1824012", "47.101.51.235:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:12", "100", "False", "None", "CobaltStrike,cs-watermark-666666", "0", "abuse_ch"
"2026-06-06 10:32:28", "1824010", "85.121.4.107:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 13:00:15", "100", "False", "None", "CobaltStrike,cs-watermark-6", "0", "abuse_ch"
"2026-06-06 10:32:26", "1824009", "101.201.111.98:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:07", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2026-06-06 10:32:23", "1824008", "167.71.233.187:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:07", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-06-06 09:44:56", "1824001", "91.215.85.121:8849", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:29", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-06 09:27:43", "1823999", "zvxeaqm.jogodobicho.games", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 06:52:27", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-06 09:23:58", "1823998", "6ju7fjjz.bordoo.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 09:03:46", "1823979", "4lm4v3bu.bet404.games", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 09:00:18", "1823978", "113.45.226.61:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:24", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-06 09:00:15", "1823975", "38.14.248.138:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:09", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-06 07:18:34", "1823961", "zxuq0oha.bord90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 06:52:21", "1823946", "gauravitechnologies.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-09 05:52:07", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-06-06 06:52:21", "1823947", "onesevenapps.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-09 05:52:07", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-06-06 06:01:22", "1823742", "http://2flowers-my.xyz/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:34", "100", "False", "", "stealer", "0", "uwucutecatgirl"
"2026-06-06 06:01:22", "1823743", "http://vipcloud-my.xyz/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:34", "100", "False", "", "stealer", "0", "uwucutecatgirl"
"2026-06-06 06:01:21", "1823744", "http://gstatic-node.io/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:34", "100", "False", "", "stealer", "0", "uwucutecatgirl"
"2026-06-06 06:01:21", "1823745", "http://solopodvip-my.xyz/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:34", "100", "False", "", "stealer", "0", "uwucutecatgirl"
"2026-06-06 06:01:21", "1823746", "http://winhttp.dll/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:35", "100", "False", "", "stealer", "0", "uwucutecatgirl"
"2026-06-06 06:01:19", "1823739", "http://82.117.255.80/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:33", "100", "False", "", "stealer", "0", "uwucutecatgirl"
"2026-06-06 06:01:19", "1823740", "http://195.123.226.91/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:33", "100", "False", "", "stealer", "0", "uwucutecatgirl"
"2026-06-06 06:01:19", "1823741", "http://195.123.226.167/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:33", "100", "False", "", "stealer", "0", "uwucutecatgirl"
"2026-06-06 06:00:39", "1823827", "groupewadesecurity.com", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:41", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:39", "1823828", "saludmasculina-mx.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:41", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:39", "1823829", "sihat-alrajul-ar.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:41", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:38", "1823830", "salud-masculina-mex.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:41", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:38", "1823831", "sihat-alrajul-bro.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:41", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:37", "1823832", "sihat-alrajul-bf.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:41", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:37", "1823833", "salud-masculina-mexic.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:41", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:36", "1823834", "sihat-alrajul-poc.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:36", "1823835", "reclaimremedy.vip", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:35", "1823836", "insightinnovation.info", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:35", "1823837", "cipherinsight.info", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:35", "1823838", "sihat-alrajul-go.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:34", "1823839", "sihat-alrajul-iq.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:34", "1823840", "sihat-alrajul-aro.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:33", "1823841", "sihat-alrajul-ira.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:33", "1823843", "sihat-alrajul-pou.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:32", "1823845", "labibsyagakport.com", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:31", "1823842", "sihat-alrajul-qe.buzz", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:31", "1823844", "refundrescue.info", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:30", "1823846", "koloosdas.life", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2026-06-07 15:16:42", "100", "False", "", "None", "0", "uwucutecatgirl"
"2026-06-06 06:00:16", "1822872", "http://196.251.107.104/Psd8eZaW/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-09 06:11:56", "100", "False", "None", "282234,amadey,c2", "0", "Bitsight"
"2026-06-06 06:00:14", "1822880", "temp.logicfrontier.cc", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 14:40:16", "75", "False", "https://www.virustotal.com/gui/file/a4225ad00fbe2123e27d25bca0988586164e2467762d2d1db304300b2d24d04b", "clickfix,llvm-mcjit-loader,webdav-rundll32", "0", "Lenny3BO"
"2026-06-06 05:24:31", "1823853", "https://pas.sm188star.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:24:41", "75", "False", "None", "ar3k0,Vidar", "0", "abuse_ch"
"2026-06-06 05:24:31", "1823854", "pas.sm188star.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:24:41", "75", "False", "None", "ar3k0,Vidar", "0", "abuse_ch"
"2026-06-06 05:17:22", "1823852", "kaxofkea.bizbetslot.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 04:03:19", "1823736", "zbc7yta5.taktiik.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 04:00:24", "1823735", "38.47.226.41:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:13", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-06 03:44:58", "1823730", "101.43.103.154:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-06 03:16:03", "1823727", "e6ce6uwg.bingobet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-06 03:00:15", "1823723", "45.118.133.200:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 07:20:50", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-06 01:17:41", "1823706", "1822jtv8.betwoonuyelik.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 23:15:14", "1823684", "wp0ljlux.betwana.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 23:03:16", "1823682", "6go1tq9f.takbet90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:22", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 21:15:50", "1823664", "mjdkxzn7.betvolleyball.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 21:00:16", "1823661", "149.104.29.125:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:06", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-05 19:45:55", "1823644", "87.107.191.39:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-05 19:45:19", "1823642", "ns2.newchatsits.ir", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-05 19:45:18", "1823641", "ns1.newchatsits.ir", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-05 19:44:53", "1823640", "62.109.19.44:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:10", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-06-05 19:43:56", "1823639", "207.174.2.85:7997", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:44:29", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-05 19:43:38", "1823638", "182.23.2.163:12364", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-05 19:14:24", "1823637", "zttxgpqq.jacksorbetter.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 18:02:45", "1822908", "o2w2806g.tagat120art.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 17:13:54", "1822883", "1v55nk51.irantennis.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 15:14:30", "1822859", "1djqvowq.iaap2019.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 14:00:31", "1822843", "pas.canamrent.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:24:52", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-05 14:00:31", "1822844", "https://pas.canamrent.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:24:52", "100", "True", "None", "vidar", "0", "crep1x"
"2026-06-05 13:43:51", "1822834", "volleyball.vin", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 17:04:12", "100", "False", "None", "5June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-05 13:14:56", "1822827", "pacsuhw1.pishbini90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 13:09:36", "1822824", "volleyball.poker", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 16:59:41", "100", "False", "None", "5June2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-06-05 13:02:13", "1822822", "owps0tha.staffbulldesign.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 12:16:14", "1822815", "bnhxiy.yasbetapp.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 23:22:43", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-05 11:12:34", "1822792", "gh6fn4zq.i90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 11:03:43", "1822790", "!z!.vezaratshart.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 23:14:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-05 10:15:06", "1822777", "ukmcha.yasbet90.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 01:54:30", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-05 09:46:05", "1822772", "119.45.166.6:9443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-05 09:45:27", "1822771", "64.94.85.14:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:13", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-06-05 09:45:20", "1822770", "5.249.160.112:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:05", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-06-05 09:44:00", "1822769", "195.26.86.134:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:21", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-06-05 09:43:56", "1822768", "193.149.190.156:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:16", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-06-05 09:43:46", "1822767", "182.23.2.163:58222", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-05 09:43:44", "1822765", "182.23.2.163:10401", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-05 09:43:44", "1822766", "182.23.2.163:11742", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-05 09:43:29", "1822764", "158.247.194.144:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:39", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-06-05 09:12:11", "1822761", "edfwndp0.chloroquineser.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 08:15:30", "1822749", "kgebll.xenicalby6.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 00:00:37", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-05 08:13:43", "1822747", "!z!.yektbet.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 06:31:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-05 08:03:45", "1822729", "!z!.yekbetiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 23:22:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-05 08:02:33", "1822728", "kazwbt9n.2026.futbol", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 07:11:41", "1822721", "xcpvjq6r.cerocarey.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 06:34:01", "1822711", "xeanui.x50wheel.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-09 00:39:41", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-06-05 06:11:09", "1822704", "jaamdesign.com", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "", "domain", "0", "uwucutecatgirl"
"2026-06-05 06:11:08", "1822705", "stoplooking1.botlesscucks.st", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "", "domain", "0", "uwucutecatgirl"
"2026-06-05 06:11:07", "1822706", "stoplooking2.botlesscucks.st", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "", "domain", "0", "uwucutecatgirl"
"2026-06-05 06:11:07", "1822707", "dxhook.lol", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "", "domain", "0", "uwucutecatgirl"
"2026-06-05 06:11:05", "1822708", "fer1.duckdns.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "", "domain", "0", "uwucutecatgirl"
"2026-06-05 05:19:21", "1822541", "youareall.botlesscucks.st", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "", "domain,mirai", "0", "uwucutecatgirl"
"2026-06-05 05:19:20", "1822542", "musika.botlesscucks.st", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "", "domain,mirai", "0", "uwucutecatgirl"
"2026-06-05 05:19:20", "1822543", "happytugsmassage.com", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "", "domain,mirai", "0", "uwucutecatgirl"
"2026-06-05 05:19:19", "1822544", "n058152033245.netvigator.com", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "", "domain,mirai", "0", "uwucutecatgirl"
"2026-06-05 05:19:19", "1822545", "stoplooking.botlesscucks.st", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "", "domain,mirai", "0", "uwucutecatgirl"
"2026-06-05 05:11:52", "1822673", "f0rfdtvf.canlibahis1xbet.click", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 03:12:22", "1822650", "4q4880m7.bwin90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 03:02:15", "1822647", "3p1x6btm.1xbet90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 02:36:02", "1822640", "89.124.78.101:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-09 06:12:02", "50", "False", "https://tracker.viriback.com/index.php?q=89.124.78.101", "Amadey,ViriBack", "0", "abuse_ch"
"2026-06-05 01:45:09", "1822624", "95.70.188.185:1337", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-08 20:00:19", "100", "False", "None", "QuasarRAT,RAT", "0", "abuse_ch"
"2026-06-05 01:11:36", "1822620", "gqjz709j.bordoo.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-05 01:00:17", "1822613", "5.230.201.36:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:05", "100", "True", "None", "asyncrat", "1", "_ik_"
"2026-06-04 23:45:28", "1822600", "34.202.161.96:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:18", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-04 23:45:07", "1822599", "updates.fisgloval.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-04 23:10:29", "1822596", "jzl98lpw.betbuilder.promo", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 21:59:36", "1822577", "ne6nzi7r.1shart.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 21:10:49", "1822569", "7aaxg4kb.betbatis.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 19:43:37", "1822528", "182.23.2.163:2046", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-04 19:43:27", "1822526", "163.172.174.237:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:43:43", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-06-04 19:43:27", "1822527", "163.172.174.237:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:43:43", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-06-04 19:37:11", "1822524", "5ay2qa01.electriccrash.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 19:09:42", "1822518", "6vk8lpd5.betball90.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 17:46:49", "1822500", "!z!.emshab.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 14:40:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-06-04 17:45:22", "1822499", "107.150.105.91:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-04 17:24:13", "1822493", "ex7gv4y7.bet90land.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:25", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 15:45:34", "1822451", "124.222.155.113:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:03", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-04 15:45:18", "1822449", "mlcos.baidudns.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-04 15:45:16", "1822448", "api1.haedalcompany.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-04 15:22:22", "1822443", "bofcv8ir.bet90boro.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 14:50:35", "1822415", "120.26.208.96:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:59", "50", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-06-04 14:35:20", "1822406", "3i8e3aty.ef90bet.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 13:22:23", "1822379", "fq5lyk18.bet404.games", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 11:46:46", "1822346", "154.12.86.154:44444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-04 11:23:15", "1822338", "6dg7sjam.bet404farsi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:21", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 09:45:43", "1822302", "91.92.241.80:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:29", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-04 09:45:35", "1822301", "82.23.246.160:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:21", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-04 09:43:56", "1822299", "185.72.9.227:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:44:11", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-04 09:43:50", "1822298", "182.23.2.163:49002", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-04 09:43:40", "1822297", "172.238.15.96:9443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:43:49", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch"
"2026-06-04 09:43:29", "1822296", "156.247.40.190:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:36", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-04 09:43:28", "1822295", "155.103.70.198:13408", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-04 09:43:22", "1822294", "140.235.16.223:7203", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:24", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-04 09:21:17", "1822284", "t7gjz81d.bet360pro.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:25", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 07:21:40", "1822242", "ty7zctpt.bet303casino.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:26", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 06:42:46", "1822223", "107.150.105.91:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:50", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-06-04 06:42:44", "1822222", "204.194.49.142:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:24", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-06-04 05:21:04", "1822145", "gud6pt4u.bet212.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:26", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 03:52:23", "1822128", "04gzr1uh.alternatifdekorasyon.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:27", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 03:19:51", "1822125", "db7orl54.bet120xpro.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:27", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-04 01:17:17", "1822096", "8i927m8y.bcgamefarsi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 23:17:27", "1822066", "7g5swyfn.bazipoop.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:28", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 22:51:08", "1822058", "xrb3ppl3.akharinbama.ir", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:28", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 21:16:44", "1822038", "t0uo8kf9.basketballiran.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:28", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 19:44:00", "1822015", "20.220.29.224:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:26", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-06-03 19:43:56", "1822014", "194.26.192.57:1024", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:44:19", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-03 19:43:43", "1822013", "182.23.2.163:47984", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-03 19:43:36", "1822012", "172.81.61.20:7997", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:49", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-03 19:43:33", "1822011", "168.144.36.228:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:47", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-06-03 19:43:21", "1822010", "147.124.210.158:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-06-03 19:16:05", "1822008", "8vjdfz8n.basketballiran.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:28", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 17:51:29", "1821991", "4ly606b9.aftabsport.ir", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:29", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 17:16:43", "1821987", "bqm57dpz.betgit.casino", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:29", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 16:15:51", "1821980", "121.127.253.248:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-07 13:00:17", "75", "False", "https://bazaar.abuse.ch/sample/77193b76e7142383c2fb8f4c92891fa8eb0dd0f50ed206532ebd0abb93da9bc9/", "quasar", "0", "abuse_ch"
"2026-06-03 15:15:26", "1821939", "2os894vl.betfire90.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:29", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 14:42:03", "1821894", "bejow65678-31238.portmap.host", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-07 15:17:35", "50", "False", "", "c2,dcrat", "0", "juroots"
"2026-06-03 14:31:44", "1821850", "114.134.187.38:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:53", "50", "False", "https://www.shodan.io/host/114.134.187.38#8443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots"
"2026-06-03 13:14:32", "1821839", "5yohaely.betexper.bet", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:29", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 11:46:25", "1821807", "209.200.246.194:11544", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:16", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-03 11:14:39", "1821806", "b33gup3p.betbet.city", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:29", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 11:14:16", "1821805", "ozmhw80r.adabiyat.org", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:29", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 09:45:37", "1821716", "82.23.246.160:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:21", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-03 09:44:13", "1821715", "204.194.50.173:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:27", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-06-03 09:43:49", "1821714", "182.23.2.163:10399", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-03 09:43:30", "1821713", "156.247.40.190:12159", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:36", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-06-03 08:17:46", "1821704", "6aq224cu.luxerabet100.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 08:01:51", "1821685", "124.222.155.113:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:03", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-03 07:57:09", "1821698", "sun8i9tk.luxerabet1000.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 07:57:06", "1821697", "118.89.203.103:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:12", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-06-03 07:56:52", "1821695", "118.89.203.103:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:58", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-06-03 05:56:48", "1821661", "yzqawgz5.7lf.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 05:55:44", "1821566", "106.75.7.239:7777", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "2026-06-07 20:00:22", "75", "False", "", "VShell", "0", "whoamix302"
"2026-06-03 05:55:36", "1821525", "8.163.104.36:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:34", "75", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-06-03 03:56:38", "1821651", "vrlh0wdy.eutoor.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-03 01:54:59", "1821632", "b7tibc5u.luxerabet1000.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 23:54:30", "1821618", "pf6n62u7.luxerabet5.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 21:54:03", "1821600", "23q34ztp.luxerabet1.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 19:54:47", "1821519", "0u9irsk6.luxerabet10.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 19:45:08", "1821517", "45.198.224.19:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:46", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-06-02 19:44:03", "1821516", "195.246.230.99:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:21", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-06-02 19:43:27", "1821514", "155.103.70.198:13407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-02 19:43:27", "1821515", "155.103.71.115:13408", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-02 17:54:02", "1821499", "cspzm3hg.luxerabet1068.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:20", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 15:52:21", "1821472", "r8cgf6ux.luxerabet100.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 14:36:28", "1821463", "kele12.vip", "domain", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2026-06-07 15:20:34", "50", "False", "", "c2,gh0st", "0", "juroots"
"2026-06-02 14:33:34", "1821393", "k7elan-43083.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2026-06-08 05:47:56", "50", "False", "", "c2,njrat", "0", "juroots"
"2026-06-02 14:04:11", "1821220", "45.76.203.112:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:48", "50", "False", "https://www.shodan.io/host/45.76.203.112#7443", "c2,mythic,shodan", "0", "juroots"
"2026-06-02 13:53:10", "1820932", "t6h2yu60.luxerabet1000.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 11:53:23", "1820894", "ps10z3qz.eutoor.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 10:45:52", "1820884", "152.42.132.37:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-07 10:41:31", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight"
"2026-06-02 10:45:52", "1820885", "209.38.33.37:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-06-07 10:41:20", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight"
"2026-06-02 09:52:09", "1820871", "ff4ekbmd.7lf.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 09:46:15", "1820869", "113.44.136.127:8087", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-06-02 09:43:59", "1820868", "192.159.99.21:5080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-06-02 09:43:50", "1820867", "182.23.2.163:9060", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:02", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-02 09:43:26", "1820866", "15.204.255.172:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:30", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-06-02 07:59:06", "1820834", "7d6da0ri.axee.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 05:57:19", "1820810", "sax166rh.funkboi.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 03:57:44", "1820798", "cw5zuej3.baxus.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-02 01:56:58", "1820783", "96mjt1sb.axee.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 23:55:53", "1820765", "gfwbeo2g.7lf.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 21:56:44", "1820748", "4iod03t4.eutoor.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 20:02:57", "1820734", "0nwfyg62.onja1bet.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 19:45:00", "1820725", "45.150.34.117:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:45", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-06-01 19:43:44", "1820724", "182.23.2.163:11166", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-01 19:43:43", "1820723", "178.16.54.48:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:43:55", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-06-01 19:43:42", "1820722", "178.16.52.47:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:43:54", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-06-01 18:03:24", "1820711", "a0sadcof.ogabbet.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 16:02:26", "1820675", "9nwu3map.jetform.football", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:35", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 15:11:46", "1820602", "cnc.reaperc2.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "https://urlhaus.abuse.ch/host/cnc.reaperc2.xyz/", "None", "0", "burger"
"2026-06-01 15:11:43", "1820615", "82.156.224.184:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:19", "100", "True", "None", "havoc", "1", "_ik_"
"2026-06-01 14:02:23", "1820619", "a1bpvfc4.enfejar2.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:35", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 13:53:48", "1820609", "509ukk9c.enf90.vip", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:35", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 11:52:32", "1820591", "6feq96px.eutoor.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:36", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 11:12:04", "1820588", "klga3rph.easyprocode.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:35", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 09:45:05", "1820574", "35.75.218.153:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:45:34", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-06-01 09:44:09", "1820573", "2.58.56.50:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-01 09:43:48", "1820572", "182.23.2.163:11327", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-06-01 09:43:44", "1820571", "176.65.139.144:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-09 05:43:53", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch"
"2026-06-01 09:12:43", "1820555", "p4nkss83.alsulmicpa.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:36", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 07:24:02", "1820529", "mub.atvrent.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 05:41:28", "100", "False", "", "Vidar", "0", "crep1x"
"2026-06-01 07:13:36", "1820518", "99ytipqf.mayochem.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:36", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 06:44:52", "1820506", "165.22.225.218:5443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:24", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-06-01 06:44:48", "1820504", "38.181.42.160:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:19", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-06-01 05:44:49", "1820414", "82.157.52.180:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:37", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-01 05:44:44", "1820364", "176.65.149.124.ptr.pfcloud.network", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "80", "False", "None", "mirai", "0", "seckle"
"2026-06-01 05:44:38", "1820430", "49.233.215.164:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:31", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-01 05:44:37", "1820432", "47.116.211.215:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:26", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-01 05:44:35", "1820444", "47.103.95.85:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:25", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-06-01 05:11:23", "1820488", "gnetier6.hegong-tools.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:36", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 03:10:33", "1820454", "mjvdhq4d.destek1.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:36", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-06-01 01:11:07", "1820438", "k5k1f5zd.cloudzone.tr", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:37", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-31 23:46:09", "1820420", "176.97.124.68:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-31 23:10:43", "1820417", "1aed1cm5.cloudzone.com.tr", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:37", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-31 21:46:22", "1820399", "176.97.124.68:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-31 21:46:19", "1820398", "154.38.114.115:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:09", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-31 21:45:54", "1820397", "ds.metric-take-datadqct.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-31 21:10:18", "1820394", "eg125q1i.dvfb-vn.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:37", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-31 19:44:04", "1820368", "182.23.2.163:1477", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-31 19:44:03", "1820367", "182.23.2.163:1135", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-31 19:09:03", "1820363", "252rti6f.letrungkien.info", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:38", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-31 17:08:19", "1820352", "iiamtrbo.liketudong.biz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:38", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-31 15:08:16", "1820338", "as59n9n3.photoshopvn.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:38", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-31 15:04:22", "1820327", "64.89.160.44:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:13", "100", "True", "None", "dcrat", "1", "_ik_"
"2026-05-31 13:09:45", "1820324", "37d389gt.botvn.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-31 11:46:12", "1820311", "107.151.246.172:7890", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-31 11:07:40", "1820307", "5pfvza4o.cretasoft.gr", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-31 09:45:39", "1820291", "64.176.73.125:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:46:12", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch"
"2026-05-31 09:44:59", "1820290", "31.57.184.154:2503", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-31 09:43:50", "1820289", "182.23.2.163:6088", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-31 09:43:43", "1820288", "172.81.61.226:5202", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:50", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-31 09:43:29", "1820287", "155.103.71.115:13407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-31 09:06:19", "1820284", "czf2txr8.asion.gr", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-31 06:48:29", "1820212", "82.157.52.180:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:37", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear"
"2026-05-31 06:48:28", "1820214", "64.89.160.44:1000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:13", "50", "False", "None", "205759,asyncrat,c2,censys", "0", "sojubear"
"2026-05-31 06:45:48", "1820174", "cafebabe.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 07:08:40", "100", "False", "", "C2,Mirai", "0", "botnetkiller"
"2026-05-31 01:05:54", "1820215", "qiwiqfdb.botvn.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:40", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 23:05:11", "1820199", "b53jdkck.photoshopvn.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 21:04:52", "1820167", "45cbh9h6.liketudong.biz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:23", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 19:45:52", "1820144", "84.32.41.227:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-30 19:45:28", "1820143", "47.236.24.112:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:53", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-30 19:43:32", "1820141", "157.20.182.17:1997", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-30 19:04:55", "1820138", "fxxqmo5b.letrungkien.info", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 17:02:39", "1820118", "ouqk5pur.dvfb-vn.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 15:03:46", "1820095", "x2jjzvnd.dichvuff.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 13:02:08", "1820079", "e0vt7hv0.saostar.biz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 11:47:27", "1820072", "223.26.59.226:32354", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-30 11:02:05", "1820069", "81729sv5.stgsolar.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 09:45:35", "1820044", "46.225.66.210:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:51", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-30 09:45:23", "1820043", "38.54.63.135:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:38", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-30 09:43:57", "1820042", "182.23.2.163:6407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-30 09:43:35", "1820041", "157.20.182.18:1973", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-30 09:43:34", "1820040", "155.103.71.146:776", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:35", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-30 09:43:14", "1820039", "114.132.190.121:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:15", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-30 09:02:50", "1820036", "pbm280yc.sieulike.biz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 07:26:41", "1820016", "gzxrgq4a.saostar.biz", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 07:04:38", "1819982", "40.85.252.198:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:39", "100", "True", "None", "havoc", "1", "_ik_"
"2026-05-30 06:48:19", "1819999", "113.31.106.210:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 07:20:49", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-30 05:23:16", "1819990", "sybxhd9s.stgsolar.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 05:18:59", "1819988", "t5kfgfm1.stgsolar.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 04:02:17", "1819975", "2dzxuao7.parossag.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:41", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 02:01:15", "1819959", "cr9i8up3.stgsolar.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-08 10:18:24", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-30 00:01:17", "1819944", "i0gxewzq.webuyurcar.com.au", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:41", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-29 23:46:36", "1819942", "209.200.246.82:5663", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:16", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-29 22:00:50", "1819930", "htcaqoat.universaltyresautos.com.au", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:41", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-29 20:02:03", "1819913", "635k6cma.uniquetilingsa.com.au", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:41", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-29 19:45:46", "1819907", "49.233.81.84:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:54", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-29 19:45:33", "1819906", "43.140.219.30:7112", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:45:41", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-29 19:45:22", "1819905", "31.56.209.79:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:30", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-29 19:45:20", "1819904", "27.102.137.139:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-29 19:45:19", "1819903", "23.235.185.44:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:45:26", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-29 19:44:29", "1819902", "209.99.184.51:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:30", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-29 19:44:12", "1819901", "192.162.199.25:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:14", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-29 19:44:04", "1819900", "185.212.129.4:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:08", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-29 19:43:57", "1819899", "182.23.2.163:4452", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-29 19:43:49", "1819898", "172.86.109.7:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:43:50", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch"
"2026-05-29 19:43:42", "1819895", "162.248.224.236:7492", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:42", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-29 19:43:42", "1819896", "162.248.225.165:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:42", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-29 19:43:42", "1819897", "162.248.225.165:8603", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:42", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-29 19:43:41", "1819894", "162.248.224.236:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:42", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-29 19:43:36", "1819893", "157.20.182.17:1444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-29 19:43:30", "1819892", "146.59.182.123:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:28", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-29 19:43:21", "1819891", "134.199.170.120:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:20", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-29 19:43:18", "1819890", "13.213.58.233:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:18", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-29 19:43:14", "1819889", "111.229.154.250:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:14", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-29 19:43:06", "1819888", "103.213.251.10:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-09 05:43:07", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2026-05-29 19:43:02", "1819887", "1.14.172.47:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:03", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-29 17:59:59", "1819880", "vekdf8au.srlashnbrow.com.au", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:41", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-29 16:00:01", "1819869", "s61j30vp.snugglebloom.com.au", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:32", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-29 15:46:36", "1819866", "124.220.235.4:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:02", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-29 15:30:50", "1819842", "mub.depansm188.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:24:20", "100", "True", "None", "vidar", "0", "crep1x"
"2026-05-29 15:30:50", "1819843", "https://mub.depansm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:24:20", "100", "True", "None", "vidar", "0", "crep1x"
"2026-05-29 13:52:01", "1819817", "avjquzsd.seresniki.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:32", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-29 11:51:48", "1819790", "dsc8ybog.schleer.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:32", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-29 11:46:49", "1819788", "209.200.246.82:7533", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:16", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-29 11:46:38", "1819787", "124.71.141.30:5003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-29 11:46:33", "1819786", "118.89.79.131:6528", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-29 11:46:24", "1819785", "103.242.12.143:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-29 09:51:02", "1819765", "nblvwres.stgsolar.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:28", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-29 09:46:58", "1819763", "119.29.117.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-29 09:44:20", "1819761", "194.236.215.200:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:44:19", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-29 09:44:16", "1819759", "192.30.243.28:36812", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-29 09:44:16", "1819760", "192.30.243.28:8638", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-29 09:44:12", "1819758", "190.255.90.152:6010", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:44:13", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-29 09:44:06", "1819757", "185.212.129.6:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:08", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-29 09:44:05", "1819756", "185.212.129.146:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:07", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-29 09:43:59", "1819755", "182.23.2.163:2345", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-29 09:43:50", "1819754", "172.82.64.235:444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:50", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-29 09:43:47", "1819753", "168.144.36.228:9000", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:43:47", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch"
"2026-05-29 09:43:39", "1819752", "158.94.208.29:207", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:39", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-29 09:43:38", "1819751", "157.254.223.135:2700", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:38", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-29 09:43:37", "1819750", "157.20.182.17:1339", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-29 09:43:08", "1819749", "103.77.246.174:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-09 05:43:09", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch"
"2026-05-29 09:43:07", "1819748", "103.213.251.10:8444", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-09 05:43:07", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2026-05-29 07:50:39", "1819725", "dvzzer4n.parossag.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:56", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-29 06:45:14", "1819713", "198.44.177.179:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:14", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-29 06:44:51", "1819710", "45.116.78.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:23", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-29 06:26:29", "1819695", "15.235.9.17:8000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:30", "100", "True", "None", "asyncrat", "1", "_ik_"
"2026-05-29 05:51:14", "1819704", "xqorxfh1.seresniki.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-29 03:49:38", "1819684", "nwtca6gs.schleer.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-29 01:49:58", "1819662", "2c5gt5bd.seresniki.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 23:48:13", "1819637", "gec56eyc.pczrt.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 21:48:39", "1819617", "hxoaa2b8.parossag.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:57", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 19:48:23", "1819598", "2b2eg8hr.otthonfelujitasprogram2024.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:57", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 19:45:38", "1819596", "1364170351-gsw88cee73.ap-guangzhou.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-28 19:45:25", "1819595", "82.197.69.156:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:20", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-28 19:44:47", "1819594", "35.158.219.35:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:33", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-28 19:44:44", "1819593", "31.57.184.154:7005", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-28 19:43:54", "1819592", "192.237.187.145:5757", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:15", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch"
"2026-05-28 19:43:44", "1819589", "182.23.2.163:5013", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-28 19:43:44", "1819590", "182.23.2.163:58008", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-28 19:43:44", "1819591", "182.23.2.163:7615", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:02", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-28 19:43:43", "1819588", "182.23.2.163:13846", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-28 19:43:28", "1819587", "157.20.182.18:1444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-28 19:43:13", "1819586", "13.209.95.4:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:18", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-28 17:39:09", "1819566", "5mk6bgje.stgsolar.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 15:37:31", "1819527", "lpo88ruu.seresniki.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 14:04:49", "1819503", "jiesaida.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-06-07 15:20:35", "100", "False", "https://bazaar.abuse.ch/sample/b37efcbc178c9f8d2c4059e55311279a435ff5cd9b00840ec17ef0f7110b106c/", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-05-28 13:37:36", "1819498", "kb2lqx8d.schleer.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:30", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 11:37:19", "1819432", "p5f6dr8y.padelconstruct.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 09:46:10", "1819407", "91.230.94.235:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:29", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-28 09:46:09", "1819406", "91.215.85.212:45423", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:29", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-28 09:46:05", "1819405", "85.209.90.132:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:24", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-28 09:46:00", "1819404", "83.171.227.230:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:22", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-28 09:45:58", "1819403", "81.71.20.107:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-28 09:45:23", "1819402", "43.133.165.151:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:40", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-28 09:45:10", "1819401", "27.102.138.15:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:28", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-28 09:44:20", "1819398", "206.119.171.212:4333", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:28", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-28 09:44:19", "1819396", "202.95.8.97:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:27", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-28 09:44:19", "1819397", "202.95.8.98:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:27", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-28 09:44:10", "1819394", "193.5.65.169:4348", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:18", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-28 09:44:10", "1819395", "193.5.65.169:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:18", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-28 09:43:45", "1819393", "172.86.76.218:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:43:50", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch"
"2026-05-28 09:43:44", "1819392", "172.236.142.17:6933", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:48", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-28 09:43:40", "1819391", "165.154.205.4:53341", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:45", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-28 09:43:33", "1819390", "155.103.71.135:56789", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:35", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-28 09:43:27", "1819389", "146.103.106.59:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:27", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-28 09:43:23", "1819388", "139.59.84.11:2053", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:23", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-28 09:43:13", "1819387", "113.31.106.85:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:15", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-28 09:43:05", "1819386", "103.183.75.134:20443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:06", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-28 07:35:21", "1819360", "2vmkhs7s.riherino.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 06:56:15", "1819351", "120.48.66.205:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:00", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2026-05-28 06:50:19", "1819348", "g6zaqd6k.schleer.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 05:33:17", "1819239", "138.124.61.65:8088", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:21", "100", "True", "None", "asyncrat", "1", "_ik_"
"2026-05-28 04:50:27", "1819316", "2718gc20.seresniki.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:31", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 02:48:56", "1819295", "7orku7ut.taxrundo.sk", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-28 00:49:47", "1819278", "y4hvadqo.taxrundo.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 22:47:58", "1819258", "4dfx0u7r.stgsolar.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 20:49:16", "1819238", "s9fsvyxk.seresniki.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 19:45:55", "1819225", "91.200.84.198:8515", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:28", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-27 19:45:18", "1819224", "45.32.236.190:2096", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:46", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-27 19:45:12", "1819222", "43.106.14.139:8085", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:40", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-27 19:45:12", "1819223", "43.133.149.36:18443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:40", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-27 19:43:47", "1819220", "18.162.155.202:3350", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:43:56", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-05-27 19:43:30", "1819219", "157.20.182.17:1973", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-27 19:43:09", "1819218", "104.243.248.63:1807", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-27 19:43:08", "1819217", "104.225.149.151:54321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:10", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-27 18:47:04", "1819210", "h89kbhtt.schleer.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:39", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 16:47:09", "1819156", "rwxe9b0g.riherino.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:33", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 15:46:43", "1819146", "8.134.70.73:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-27 15:46:36", "1819145", "47.122.47.221:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-27 14:47:11", "1819136", "vhngezbf.pleasuredome.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:01", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 13:46:11", "1819106", "106.52.99.247:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-27 13:46:00", "1819104", "ns1.deepsekapi.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-27 12:46:56", "1819093", "kc7s4uri.padelconstruct.hu", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:38", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 11:48:59", "1819067", "47.118.25.45:8451", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-27 11:40:41", "1819066", "0i2th72t.system-horizon.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 09:45:57", "1819047", "94.23.185.83:9606", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:46:32", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch"
"2026-05-27 09:45:51", "1819046", "89.40.31.128:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:27", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-27 09:45:45", "1819045", "82.156.224.203:12618", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:20", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-27 09:45:01", "1819044", "35.75.179.211:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:45:34", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-05-27 09:44:09", "1819043", "2.26.75.242:7312", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-27 09:43:38", "1819042", "164.90.206.5:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:44", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-27 09:43:32", "1819041", "157.254.223.135:2500", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:38", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-27 09:41:29", "1819039", "gplca9pf.script-bridge.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:38", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 07:38:07", "1819012", "3822lbt1.stack-sphere.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 07:09:22", "1818956", "8.163.49.50:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:34", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear"
"2026-05-27 07:09:05", "1818897", "http://158.94.210.59/25e3868686d747678e3b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-09 05:49:08", "100", "False", "None", "888,c2,loader,StealC,stealer", "0", "Bitsight"
"2026-05-27 06:54:26", "1819006", "124.70.184.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:04", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-05-27 05:39:20", "1818994", "peqe8mvw.byte-foundry.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 03:37:44", "1818975", "h3mraocc.telemetry-harbor.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-27 01:38:00", "1818961", "155b3nro.proxy-cascade.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:34", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-26 23:37:02", "1818947", "z9sb13jt.cloud-beacon.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-26 22:46:30", "1818936", "60.205.109.25:51234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-26 22:46:05", "1818935", "139.196.223.82:2443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:05", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-26 22:46:04", "1818934", "134.122.134.243:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:05", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-26 21:37:29", "1818918", "347hoy7r.signal-frontier.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-26 19:45:26", "1818881", "50.114.179.165:8043", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:06", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-26 19:45:20", "1818880", "5.101.82.8:48214", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-26 19:44:11", "1818879", "207.180.250.181:20600", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-26 19:43:55", "1818878", "190.2.150.52:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:12", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-26 19:43:47", "1818873", "182.23.2.163:207", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-26 19:43:47", "1818874", "182.23.2.163:2487", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-26 19:43:47", "1818875", "182.23.2.163:2822", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-26 19:43:47", "1818876", "182.23.2.163:5600", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-26 19:43:28", "1818872", "155.102.136.60:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:43:33", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-05-26 19:43:15", "1818871", "124.198.132.98:5080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:18", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-26 19:43:14", "1818870", "124.198.132.98:2434", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-26 19:37:15", "1818869", "h7cyp6bl.kernel-compass.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:05", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-26 18:21:29", "1818856", "mammeap.shop", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-09 05:49:37", "100", "False", "https://bazaar.abuse.ch/sample/8c90ba5ae6137f8f2c0389dfd4d496b2d953224242e3fbcc42d02a48d9834cfc/", "c2,RemusStealer", "0", "burger"
"2026-05-26 17:35:22", "1818850", "j543wvuu.packet-orbit.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:05", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-26 15:36:38", "1818815", "a7px1y1v.container-pulse.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:05", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-26 14:46:42", "1818804", "47.122.47.221:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-26 14:08:57", "1818786", "5.252.153.0:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:31", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-26 13:33:29", "1818781", "oa4njxsv.byte-frontier.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:05", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-26 11:34:11", "1818754", "9awu4igb.cloud-lattice.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:05", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-26 11:00:13", "1818735", "bcfaxrtc.logic-compass.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:05", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-26 10:46:53", "1818731", "68.64.178.130:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-26 10:46:44", "1818730", "45.227.253.121:35120", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-26 10:46:38", "1818729", "36.138.84.183:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:18", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-26 10:01:24", "1818710", "43.204.108.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:22", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-26 10:01:23", "1818711", "43.204.108.246:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:22", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-26 09:45:51", "1818704", "91.92.243.189:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:46:30", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-05-26 09:45:36", "1818703", "64.89.161.156:9999", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:13", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-26 09:45:31", "1818702", "50.114.179.143:1209", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:06", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-26 09:45:21", "1818701", "46.8.226.70:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:45:52", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-26 09:44:59", "1818700", "34.106.231.199:6932", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:33", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-26 09:44:54", "1818699", "23.27.168.162:2850", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:45:27", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-26 09:44:15", "1818698", "209.99.187.22:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:31", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-26 09:44:12", "1818697", "202.189.6.77:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:27", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-26 09:44:02", "1818696", "193.24.123.160:45631", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:17", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-26 09:43:57", "1818695", "191.93.116.106:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:44:13", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-26 09:43:28", "1818694", "153.75.232.207:4000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:32", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-26 09:43:14", "1818692", "124.198.132.98:2414", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-26 09:43:14", "1818693", "124.198.132.98:2424", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-25 22:46:18", "1818480", "47.108.25.113:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-25 22:46:15", "1818479", "43.156.42.49:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-25 19:45:39", "1818441", "91.92.242.64:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-25 19:45:21", "1818440", "54.196.247.235:8082", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:46:08", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-25 19:45:14", "1818439", "5.101.83.143:7312", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-25 19:45:13", "1818438", "5.101.82.98:42859", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-25 19:45:00", "1818436", "45.56.162.61:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:45:47", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-25 19:45:00", "1818437", "45.56.162.61:6031", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:45:47", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-25 19:44:58", "1818435", "45.154.98.254:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:45", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-25 19:44:52", "1818434", "37.77.150.174:4333", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:45:36", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-05-25 19:44:51", "1818433", "37.77.150.174:4332", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:45:36", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-05-25 19:44:46", "1818432", "27.102.137.139:1243", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-25 19:44:05", "1818431", "202.95.8.92:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:27", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-25 19:43:50", "1818430", "188.137.239.44:54298", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-25 19:43:44", "1818429", "185.122.166.184:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:03", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-25 19:43:42", "1818428", "178.16.54.208:61099", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-25 19:43:28", "1818427", "157.20.182.18:1992", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-25 19:43:27", "1818425", "155.103.71.232:15406", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:35", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-25 19:43:27", "1818426", "157.20.182.17:1998", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-25 19:43:18", "1818424", "138.9.41.208:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-25 14:01:58", "1818337", "krolikrojer.lat", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-08 17:54:05", "100", "False", "", "clickfix", "0", "whoamix302"
"2026-05-25 14:01:56", "1818347", "47.238.154.144:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:29", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-25 14:00:07", "1818346", "45.153.127.224:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 06:12:03", "50", "False", "https://tracker.viriback.com/index.php?q=45.153.127.224", "Chaos,ViriBack", "0", "abuse_ch"
"2026-05-25 09:46:05", "1818298", "83.142.209.64:35630", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:21", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-25 09:44:13", "1818297", "195.114.193.56:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:20", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-25 09:43:37", "1818294", "157.20.182.17:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:36", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-25 09:43:37", "1818295", "157.20.182.18:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-25 09:43:15", "1818293", "109.110.188.156:443", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:43:14", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-25 08:45:17", "1818256", "47.239.20.75:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:29", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-25 08:45:13", "1818266", "8.210.103.84:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:35", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-25 07:36:01", "1818155", "1.92.95.105:8889", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:46", "50", "False", "None", "55990,c2,censys,cobalt strike", "0", "sojubear"
"2026-05-25 06:57:09", "1818253", "134.175.78.181:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:05", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-05-24 19:46:20", "1818110", "82.156.224.203:11641", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:20", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-24 19:45:36", "1818108", "44.241.110.100:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:45:43", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-05-24 19:45:36", "1818109", "44.241.110.100:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:45:43", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-05-24 19:45:21", "1818107", "31.171.131.118:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-24 19:43:57", "1818106", "178.16.55.119:99", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:55", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-24 19:43:56", "1818105", "178.16.55.108:207", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:55", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-24 19:43:36", "1818104", "157.20.182.18:9992", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-24 19:43:35", "1818103", "157.20.182.17:9992", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-24 14:46:49", "1818053", "45.154.12.150:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-24 14:46:17", "1818052", "103.210.236.87:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-24 14:46:12", "1818050", "wsus.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-24 14:46:12", "1818051", "wsus2.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-24 14:43:03", "1818049", "102.220.160.47:80", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-09 05:43:04", "75", "False", "None", "drb-ra,Mirai", "0", "abuse_ch"
"2026-05-24 14:10:22", "1818033", "156.239.238.117:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:09", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-24 14:00:04", "1818031", "172.245.126.141:8443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-09 06:12:03", "50", "False", "https://tracker.viriback.com/index.php?q=172.245.126.141", "Deimos,ViriBack", "0", "abuse_ch"
"2026-05-24 13:48:02", "1818027", "45.145.42.80:5000", "ip:port", "botnet_cc", "elf.darknexus", "None", "Dark Nexus", "2026-06-09 06:12:03", "50", "False", "https://tracker.viriback.com/index.php?q=45.145.42.80", "Nexus,ViriBack", "0", "abuse_ch"
"2026-05-24 12:25:33", "1818007", "menomou.shop", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-09 05:52:07", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-05-24 11:08:34", "1817883", "43.138.192.16:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:20", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-24 11:05:07", "1817856", "106.13.188.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:49", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-24 11:04:35", "1817772", "sdhscndnssl.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-24 11:04:35", "1817773", "sdnssmdf-js.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-24 11:04:34", "1817774", "smtnscerver.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-24 11:04:32", "1817785", "39.100.88.189:9001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:19", "50", "False", "None", "37963,c2,censys,cobalt strike", "0", "sojubear"
"2026-05-24 11:03:40", "1817715", "101.43.30.6:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:48", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-24 07:46:12", "1817854", "patriciakleijn.nl", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-07 15:17:35", "75", "False", "https://bazaar.abuse.ch/sample/7618127c48a459913418d5446d3d2922b8f6d9f132fad338829d7e1bd07ff08d/", "asyncrat", "0", "abuse_ch"
"2026-05-24 06:15:44", "1817838", "js-shop.my", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-07 15:17:35", "75", "False", "https://bazaar.abuse.ch/sample/5ea4eb1e45aec855d52a9a2aa014d285b14260a16422f53fa70dea6e091122cc/", "asyncrat", "0", "abuse_ch"
"2026-05-24 06:15:42", "1817837", "e-maxibikes.nl", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-07 15:17:35", "75", "False", "https://bazaar.abuse.ch/sample/5ea4eb1e45aec855d52a9a2aa014d285b14260a16422f53fa70dea6e091122cc/", "asyncrat", "0", "abuse_ch"
"2026-05-23 22:00:09", "1817758", "https://cyy.turbo88ml.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:23:58", "100", "True", "None", "vidar", "0", "crep1x"
"2026-05-23 22:00:08", "1817757", "cyy.turbo88ml.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:23:59", "100", "True", "None", "vidar", "0", "crep1x"
"2026-05-23 19:45:50", "1817710", "44.255.242.255:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:45:43", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-05-23 19:44:12", "1817709", "191.101.131.244:40056", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:44:13", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-23 19:44:11", "1817708", "191.101.131.244:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:44:13", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-23 19:43:58", "1817707", "18.118.196.244:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:56", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-23 19:43:47", "1817706", "168.222.97.106:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:47", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-23 19:43:39", "1817705", "157.254.223.135:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:38", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-23 19:43:35", "1817704", "151.236.20.3:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:31", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-23 15:09:57", "1817667", "gxfsxs.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-06-07 15:20:35", "100", "False", "https://bazaar.abuse.ch/sample/beb3a9d9fa738ac7ebac7dc8f5357c9a6673cfae1bc50fd73497d350afd5ed1c/", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-05-23 15:08:22", "1817665", "zythdolm.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-06-07 15:20:35", "100", "False", "https://bazaar.abuse.ch/sample/139329dc9992e132f9c8d887ad685660161cefcfb0a18867d616a7d217a0605e/", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-05-23 14:56:56", "1817663", "101.126.10.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:46", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-05-23 14:56:45", "1817397", "kalpa-logistics.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-23 14:56:43", "1817400", "namathejaljawdah.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-23 14:56:41", "1817402", "pinnaclebrit.co.uk", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-23 14:56:41", "1817403", "pizzadoughrollers.ca", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-23 14:56:39", "1817406", "seingetronic.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-23 14:56:38", "1817660", "68.64.178.130:7443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:32", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-23 14:56:37", "1817409", "sunscapehills.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-23 14:56:34", "1817413", "fabiopischedda.it", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WorkPress", "0", "varysz"
"2026-05-23 14:56:33", "1817454", "rpc-cloud.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:32", "1817455", "rpc-framework-check.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:32", "1817456", "rpc-framework-check.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:31", "1817457", "rpc-polygon.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:30", "1817458", "sdn-cloudflare-js-css.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:30", "1817459", "sdn-cloudflare-js-css.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:30", "1817460", "siteamnsserv.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:29", "1817461", "smnsdns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:29", "1817462", "store-image.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:28", "1817463", "store-image.shop", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:28", "1817464", "styles-get-img.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:28", "1817465", "testerlau.lat", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:56:27", "1817466", "testhostrouter.onthewifi.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-07 15:28:17", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:45", "1817467", "testsoryy.hopto.org", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:45", "1817468", "vaer-cdn-3.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:44", "1817469", "vblbs.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:44", "1817470", "vdsinatest.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:44", "1817471", "visual-ns-portal.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:43", "1817472", "winupdate.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:43", "1817473", "winupdateconf.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:42", "1817474", "workcdnmass.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:42", "1817476", "lsnsdns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:40", "1817477", "lstyle-sdn.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:40", "1817478", "lvlensourgat.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:39", "1817479", "minecraft65server.3utilities.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-07 15:28:16", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:39", "1817480", "minecraftserverapigame.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:39", "1817481", "nascdn-js.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:38", "1817482", "nascdn-js.life", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:38", "1817483", "networksolutionson.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:37", "1817484", "nstv-css-styles-19.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:37", "1817485", "ntsnsdns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:36", "1817486", "poygon-notifications.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:36", "1817487", "poygon-notifications.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:35", "1817488", "istile-c-cloud.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:35", "1817489", "js-server.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:35", "1817490", "l3cdnns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:34", "1817491", "lasthauszver.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:34", "1817492", "image-hoster11.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:33", "1817493", "img-cdn-cloud.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:33", "1817494", "img-cdn-cloud.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:33", "1817495", "ferlik.shop", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:19", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:32", "1817496", "fontawesome-cdn.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:32", "1817497", "fontawesome-js-ico.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:31", "1817498", "fonts-fontawesome.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:31", "1817499", "fonts25-save.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:30", "1817500", "ghdnsserverns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:28", "1817502", "cdn-js-conhost.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:28", "1817504", "cdn-server-styles.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:27", "1817503", "cdn-js-conhost.icu", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:27", "1817506", "cdn-server.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:26", "1817505", "cdn-server-styles.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:25", "1817507", "cdn-server.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:15", "1817591", "68.64.180.15:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:33", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-23 14:54:13", "1817501", "cdn-clodflare-fotns.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 14:54:05", "1817612", "http://176.65.139.43/lessram.pl", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-08 11:36:20", "85", "False", "None", "backdoor,Bashlite,perl,PerlBot,Shellbot", "0", "nullblue67"
"2026-05-23 14:54:05", "1817626", "213.136.74.96:8090", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 06:12:03", "100", "False", "None", "AS51167,chaos,Contabo GmbH", "0", "antiphishorg"
"2026-05-23 14:54:01", "1817632", "203.83.10.114:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:08", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-23 14:53:56", "1817651", "http://170.130.55.223/8a5722931e174543a98d.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-09 00:50:23", "100", "False", "None", "c2,loader,StealC,stealer,tick", "0", "Bitsight"
"2026-05-23 14:47:31", "1817655", "119.29.117.194:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-23 09:46:49", "1817625", "91.232.103.163:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-23 09:46:22", "1817624", "50.114.179.143:6066", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:06", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-23 09:45:41", "1817623", "23.81.118.124:8080", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-23 09:44:28", "1817622", "2.26.75.240:1377", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-23 09:44:15", "1817621", "190.255.82.151:5500", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:12", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-23 09:43:04", "1817620", "103.13.210.49:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:05", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-23 08:58:45", "1817508", "cdnjsdelivr.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:45", "1817509", "chekbrow.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:44", "1817510", "cloud-safe.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:44", "1817511", "cloud-safe.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:44", "1817512", "clpcentr.world", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:43", "1817513", "clpuanmeserver.shop", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:41", "1817516", "dev-js-cdn.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:40", "1817518", "dreff-nsdns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:40", "1817519", "bacloudserver.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:40", "1817520", "bbdsnssserver.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:39", "1817521", "bcncdncl-ns.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:39", "1817522", "bedcdnset.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:38", "1817523", "best-claudns-js.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:38", "1817524", "bigsmart.beer", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:36", "1817525", "bootstrap-css-framework.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:36", "1817526", "bssapi.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:35", "1817527", "captcha-cds.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:35", "1817528", "captcha-cds.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:18", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:35", "1817529", "2fa-cp.cfd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:17", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:34", "1817530", "2fa-cp.click", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-08 21:20:17", "100", "False", "", "ClickFix,ErrTraffic,Vidar", "0", "varysz"
"2026-05-23 08:58:34", "1817537", "1.117.77.166:3310", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:45", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear"
"2026-05-23 08:58:28", "1817573", "47.103.78.72:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:25", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-22 19:45:35", "1817427", "88.119.167.142:8000", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:25", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-22 19:45:34", "1817426", "87.251.76.213:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:25", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-22 19:45:12", "1817425", "5.101.82.98:41843", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-22 19:45:07", "1817424", "46.29.234.94:1298", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-22 19:45:06", "1817423", "46.29.234.94:12639", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:51", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-22 19:44:58", "1817421", "45.154.98.84:100", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:45", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-22 19:44:58", "1817422", "45.154.98.84:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:46", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-22 19:44:03", "1817420", "2.59.162.106:6698", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-22 19:44:02", "1817419", "2.59.162.106:36125", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-22 19:44:01", "1817417", "2.59.162.106:12639", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-22 19:44:01", "1817418", "2.59.162.106:1298", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-22 19:43:53", "1817416", "192.109.200.183:5566", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-22 14:45:15", "1817341", "184.82.96.72:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:03", "100", "True", "None", "havoc", "1", "_ik_"
"2026-05-22 12:48:35", "1817261", "spamgym.asia", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "22May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-22 11:36:04", "1817205", "35.220.177.232:4343", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:18", "75", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-05-22 11:36:04", "1817206", "46.20.109.225:8999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:24", "75", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-05-22 10:46:24", "1817248", "180.131.145.97:9995", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:13", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-22 09:45:23", "1817239", "88.119.167.143:8000", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:25", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-22 09:45:08", "1817238", "54.187.35.128:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:08", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-22 09:44:54", "1817237", "46.224.144.82:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:50", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-22 09:44:53", "1817236", "45.90.120.36:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:49", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-22 09:44:40", "1817235", "31.57.184.154:7006", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-22 09:44:39", "1817233", "31.171.131.118:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-22 09:44:39", "1817234", "31.171.131.118:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-22 09:43:52", "1817232", "193.93.194.31:50194", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:18", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-22 09:43:49", "1817231", "192.169.7.17:27443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:15", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-22 09:43:37", "1817230", "176.119.25.78:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:53", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-22 09:43:35", "1817229", "172.86.123.119:8679", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:50", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-22 09:43:17", "1817228", "138.9.254.121:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-22 09:43:08", "1817226", "104.37.174.36:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-22 09:43:08", "1817227", "104.37.174.36:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-22 08:46:27", "1817216", "23.106.135.33:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-22 08:46:27", "1817217", "23.106.135.33:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-22 08:46:18", "1817215", "154.201.68.191:14125", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:08", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-22 08:46:10", "1817214", "118.31.114.149:4430", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-22 08:46:02", "1817213", "106.14.30.169:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-22 08:45:57", "1817212", "xulnai.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-22 08:45:51", "1817211", "fq3gm5xphax8c.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:37", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-22 08:45:48", "1817210", "a3tf75e7k596x.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-22 08:11:42", "1817131", "59.110.81.93:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:32", "50", "False", "None", "37963,c2,censys,cobalt strike", "0", "sojubear"
"2026-05-22 08:11:41", "1817132", "129.204.14.131:44444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:04", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear"
"2026-05-22 08:11:24", "1817192", "45.154.98.84:1000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:45", "100", "True", "None", "asyncrat", "1", "_ik_"
"2026-05-22 08:11:11", "1817057", "62.171.190.148:8081", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:11", "100", "True", "None", "havoc", "1", "_ik_"
"2026-05-22 07:55:22", "1817187", "47.236.110.1:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:27", "100", "False", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch"
"2026-05-21 22:46:51", "1817116", "49.232.4.144:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-21 22:46:36", "1817115", "206.188.197.241:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-21 22:46:34", "1817114", "193.142.146.30:6555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-21 22:46:02", "1817113", "linuxkerneldbs.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-21 19:45:24", "1817056", "46.224.70.245:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:51", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-21 19:45:14", "1817055", "42.121.150.29:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:45:40", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-05-21 19:45:07", "1817054", "34.61.52.162:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:33", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-21 19:44:01", "1817053", "193.29.13.23:5758", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-21 19:43:33", "1817052", "158.94.209.7:5022", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:39", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-21 19:43:30", "1817051", "157.230.125.65:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:38", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-21 12:02:43", "1816952", "brownhc.cyou", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "2026-06-08 05:41:28", "100", "False", "", "CountLoader", "0", "abuse_ch"
"2026-05-21 09:44:20", "1816915", "207.154.243.85:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:29", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-21 09:44:09", "1816914", "195.63.137.242:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:21", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-21 07:19:52", "1816875", "156.225.22.84:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:09", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-21 07:19:39", "1816874", "121.199.27.49:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:00", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-21 07:19:35", "1816872", "107.173.38.158:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:51", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-21 06:16:15", "1816845", "zzlkkghnmh.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-06-07 15:20:35", "100", "False", "https://bazaar.abuse.ch/sample/d1498ce1ecf8c3ea50dce4b99dd829353ac407cd5fbafe7c1ae02e09ead104b7/", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-05-21 06:15:34", "1816844", "1112.688608.xyz", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-06-07 15:20:35", "100", "False", "https://bazaar.abuse.ch/sample/3683d673395b2ef445ea80d604af15a7d05c5d21cdcbbb02fc933298ba9b9862/", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-05-21 05:01:18", "1816747", "154.201.68.191:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:24", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-21 05:01:07", "1816801", "45.154.98.84:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:46", "50", "False", "None", "210558,asyncrat,c2,censys", "0", "sojubear"
"2026-05-20 19:45:15", "1816739", "91.92.243.63:35000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:30", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-20 19:44:41", "1816738", "41.216.189.163:43210", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:39", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-20 19:44:32", "1816737", "221.207.101.175:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:45:26", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-05-20 19:43:56", "1816736", "209.126.80.129:8844", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:30", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-20 19:43:30", "1816735", "167.17.47.118:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:45", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-20 19:43:20", "1816734", "144.172.93.140:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:26", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-20 19:43:18", "1816733", "140.235.17.40:9958", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-20 19:43:09", "1816732", "107.189.25.70:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:13", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-20 11:50:00", "1816614", "genusaqe.biz", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-09 05:49:37", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-05-20 09:45:20", "1816587", "85.17.244.120:2093", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-20 09:45:05", "1816585", "51.15.8.6:9998", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:07", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-20 09:44:03", "1816584", "213.209.159.91:2602", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:33", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-20 09:43:56", "1816583", "202.1.31.83:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:26", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-20 09:43:40", "1816582", "18.178.185.250:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:43:57", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-05-20 09:43:39", "1816581", "178.212.13.29:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:56", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-20 09:43:32", "1816580", "171.22.79.135:3821", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:48", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-20 07:37:44", "1816553", "103.149.93.107:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:48", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-20 07:37:43", "1816552", "121.43.243.13:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:01", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2026-05-20 07:37:42", "1816551", "45.152.65.240:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:23", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-05-20 06:50:57", "1816540", "irrigation-control-framework.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-20 04:11:57", "1816509", "vintage-telemetry-receiver.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-20 03:20:54", "1816495", "gothic-vault-engineering.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-20 02:55:09", "1816489", "submerged-continental-shelf.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-20 02:04:12", "1816484", "carbon-dating-calibration.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-19 20:46:09", "1816445", "43.142.137.169:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:21", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-19 19:45:18", "1816431", "91.202.233.214:44123", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:28", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-19 19:45:12", "1816430", "83.136.211.194:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:21", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-19 19:44:52", "1816428", "49.232.128.239:6099", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:54", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-19 19:44:52", "1816429", "5.101.81.163:47524", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-19 19:44:36", "1816427", "31.57.184.154:2502", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-19 19:43:48", "1816426", "192.159.99.50:7443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:44:14", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-05-19 19:43:33", "1816425", "172.111.233.80:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:48", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-19 19:43:20", "1816422", "144.172.94.91:1122", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-19 19:43:20", "1816423", "144.172.94.91:2255", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-19 19:43:20", "1816424", "144.172.94.91:3333", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-19 16:10:03", "1816383", "agilebee-federate-growth-net.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-19 15:44:28", "1816376", "modesix-iontel-scalapie-system.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-19 15:19:43", "1816370", "modelcut-auto-frame-nodipfs.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "19May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-19 14:45:37", "1816365", "100.110.56.1:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:46", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-19 12:45:39", "1816331", "floraresourcecontroller.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "19May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-19 12:20:19", "1816326", "meadowoperationshub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "19May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-19 11:03:13", "1816316", "botanicalautomationframework.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-19 09:43:39", "1816297", "178.16.54.248:55380", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:55", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-19 09:43:37", "1816296", "176.120.22.127:443", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "2026-06-09 05:43:53", "75", "False", "None", "drb-ra,PoshC2", "0", "abuse_ch"
"2026-05-19 09:43:31", "1816295", "167.86.114.91:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:46", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-19 09:43:19", "1816294", "142.93.165.129:3334", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:25", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-19 09:43:08", "1816293", "104.243.248.63:1805", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-19 08:55:34", "1816288", "carbon-fiber-monocoque.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "19May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-19 07:13:38", "1816264", "stealth-bomber-radar-cross.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-19 06:48:08", "1816256", "stratographic-core-drill.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-19 06:46:32", "1816252", "45.152.65.240:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:23", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-05-19 06:46:14", "1816248", "111.230.36.144:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:52", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-19 05:16:16", "1816173", "43.143.145.187:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:21", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear"
"2026-05-19 05:16:15", "1816172", "47.82.234.12:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:29", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear"
"2026-05-19 05:16:06", "1816164", "119.91.26.245:6666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:59", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear"
"2026-05-19 05:15:34", "1816110", "43.144.19.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:21", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-19 05:06:03", "1816219", "the-sopranos-family-tree.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-19 04:15:09", "1816214", "amber-fossil-mosquito.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-19 03:24:05", "1816212", "xenomorph-hive-intelligence.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-19 02:58:39", "1816208", "holistic-detective-agency.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-18 23:57:07", "1816152", "wildflorainfrastructurehub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-18 23:36:40", "1816149", "petalautomationplatform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-18 22:47:56", "1816142", "23.236.64.238:8778", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-18 22:47:21", "1816141", "1.117.61.9:12306", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-18 22:35:03", "1816135", "distributedbotanicalnetwork.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:25", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-18 21:33:37", "1816127", "greenhousedeploymenthub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-18 19:45:01", "1816106", "89.125.255.29:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:26", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-18 19:44:59", "1816104", "84.21.189.225:50194", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:22", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-18 19:44:59", "1816105", "84.21.189.225:58268", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-18 19:44:52", "1816103", "65.87.7.130:61361", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:14", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-18 19:44:41", "1816102", "5.101.81.2:51842", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-18 19:44:34", "1816101", "44.211.251.197:8082", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:45:42", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-18 19:44:31", "1816100", "38.147.189.199:9001", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:45:36", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch"
"2026-05-18 19:43:47", "1816099", "2.26.75.250:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-18 19:43:39", "1816098", "188.137.181.111:53863", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:11", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-18 19:43:21", "1816097", "154.29.72.21:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-18 19:43:13", "1816096", "138.124.90.26:51337", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:21", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-18 19:43:11", "1816095", "130.49.214.92:53522", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:19", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-18 19:43:02", "1816094", "101.99.95.16:2850", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:04", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-18 18:31:12", "1816085", "wildfloraprocessinghub.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-18 18:10:42", "1816084", "petalresourceframework.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-18 17:50:03", "1816078", "greenhousecontrolplatform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-18 16:48:40", "1816050", "gardenautomationframework.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-18 14:45:47", "1816032", "118.31.114.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-18 14:45:23", "1816031", "petaldistributioncenter.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-18 13:43:02", "1816012", "mongofly-container-gard-mesh.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-18 13:22:20", "1815999", "docsfan-flora-ability-system.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-18 12:00:18", "1815975", "pcapshay-bute-gard-source.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-18 11:28:17", "1815941", "120.53.15.64:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:00", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-18 11:28:05", "1815876", "175.178.36.137:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:12", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-18 11:23:14", "1815963", "ttcxdljiue.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-06-07 15:20:35", "100", "False", "", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-05-18 10:46:24", "1815946", "62.234.22.228:51234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-18 09:45:32", "1815934", "93.82.27.251:8000", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:46:31", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-05-18 09:45:24", "1815932", "83.136.211.4:56001", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:21", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-18 09:45:24", "1815933", "83.136.211.4:56002", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:21", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-18 09:44:56", "1815930", "46.8.226.70:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:45:51", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-18 09:44:56", "1815931", "46.8.226.70:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:45:52", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-18 09:44:44", "1815928", "34.230.7.122:8082", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:45:33", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-18 09:44:44", "1815929", "35.161.127.198:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:45:34", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-05-18 09:43:30", "1815927", "163.181.46.56:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:43:43", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-05-18 07:33:49", "1815818", "47.236.91.172:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:28", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-18 07:33:49", "1815819", "35.202.235.112:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:34", "100", "True", "None", "asyncrat", "1", "_ik_"
"2026-05-18 07:33:37", "1815773", "194.163.154.86:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:18", "100", "True", "None", "havoc", "1", "_ik_"
"2026-05-18 07:33:34", "1815757", "124.220.36.247:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:02", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-18 07:33:28", "1815737", "81.68.216.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:36", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-18 07:33:27", "1815736", "81.68.216.220:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:36", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-18 07:33:25", "1815729", "89.125.138.217:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-06-07 09:21:53", "100", "False", "None", "Aisuru,c2", "0", "Bitsight"
"2026-05-18 07:26:30", "1815832", "172.86.76.154:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:12", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-18 07:05:22", "1815822", "k9h20m23.observability-matrix.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-18 05:50:14", "1815806", "holographic-projection-grid.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:02", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-18 04:48:52", "1815798", "magnetic-levitation-train.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-18 04:28:10", "1815797", "cybernetic-prosthetic-lab.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-18 04:08:03", "1815796", "subfossil-oak-chronology.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:03", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-18 02:46:07", "1815785", "audio-attenuator-schematic.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-18 02:25:07", "1815784", "sicilian-defense-theory.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:02", "100", "False", "None", "18May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-18 01:03:39", "1815777", "0q9bvoqh.telemetry-vault.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:02", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-17 22:45:31", "1815762", "119.29.112.239:8005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-17 22:31:11", "1815761", "floraobservabilitysystem.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:02", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-17 20:48:57", "1815742", "wildfloraworkflowsystem.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:02", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-17 19:43:19", "1815731", "144.172.65.245:5656", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:26", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-17 16:43:09", "1815673", "siteyet-script-horizon-go.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:01", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-17 15:53:07", "1815551", "207.56.229.234:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:16", "80", "False", "None", "cobalt-strike,erebus-wraith,unattributed", "0", "Erebu"
"2026-05-17 15:52:22", "1815616", "angelphonerepair.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 15:52:21", "1815617", "artmadasenegal.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 15:52:20", "1815618", "beltboutique.co.uk", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 15:52:20", "1815619", "boostpadel.se", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 15:52:19", "1815620", "deriveratreeservice.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 15:52:18", "1815621", "divinni.com.br", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 15:52:14", "1815623", "euroequipment.co.th", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 15:52:13", "1815624", "foodturerebels.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 15:52:11", "1815627", "istriamaestranza.cl", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 15:52:09", "1815630", "semperfimovers.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 15:52:08", "1815631", "thegingamebroadway.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 15:52:08", "1815632", "womenincancer.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:40", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-17 09:52:59", "1815583", "got-flexl-distrib-engine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:26", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-17 09:43:36", "1815580", "178.16.53.46:7331", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:54", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-17 09:43:23", "1815579", "154.29.72.21:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-17 09:43:19", "1815578", "144.172.100.157:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:26", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-17 08:54:34", "1815572", "petal-distribution-engine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-17 07:32:31", "1815543", "botanicalresourceplatform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:25", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-17 06:52:36", "1815461", "81.71.20.155:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:36", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-17 06:51:46", "1815522", "ba5ufc2h.logic-sphere.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:01", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-17 05:46:40", "1815501", "206.119.173.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:15", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-17 05:46:19", "1815500", "101.126.150.253:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:46", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-05-17 05:09:52", "1815497", "cosmicmicrowavebackground.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:00", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-17 03:48:05", "1815482", "predator-hunting-chronicles.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:00", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-17 03:45:47", "1815481", "47.236.91.172:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-17 03:27:03", "1815480", "chronicle-archive-keeper.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:26", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-17 01:45:05", "1815460", "neoncyberpunkcity.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:00", "100", "False", "None", "17May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-16 23:41:15", "1815442", "flora-processing-framework.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:00", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-16 21:38:25", "1815424", "wildflorainfrastructure.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:00", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-16 21:18:00", "1815417", "petal-routing-platform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-16 19:46:20", "1815398", "91.92.243.63:39850", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:30", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-16 19:45:35", "1815397", "45.155.69.153:43345", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:46", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-16 19:44:19", "1815396", "206.81.21.156:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:28", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-16 19:43:23", "1815395", "139.99.131.177:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-16 19:43:08", "1815394", "104.236.230.184:443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:10", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-16 19:43:06", "1815392", "103.219.153.200:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:08", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-16 19:43:06", "1815393", "103.219.153.200:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:08", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-16 19:43:05", "1815391", "103.219.153.200:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:07", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-16 19:43:03", "1815390", "1.15.221.207:4379", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:03", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-16 18:46:11", "1815369", "38.14.248.199:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:18", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-16 18:13:15", "1815364", "flora-monitoring-core.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-16 15:34:26", "1815320", "asynchronouswatering-system.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:00", "100", "False", "None", "16May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-16 14:23:10", "1815302", "meadowprocessingcenter.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-16 09:46:35", "1815260", "38.14.248.199:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:18", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-16 09:44:54", "1815259", "31.57.184.82:7829", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-16 09:43:55", "1815258", "193.169.194.51:6325", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-16 09:43:50", "1815257", "188.126.90.5:9999", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:44:11", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-16 09:43:20", "1815256", "139.99.131.177:44444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-16 07:46:54", "1815237", "get-on-processing-engine.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-16 06:32:54", "1815226", "distrib-ost-penal-network.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-16 05:00:21", "1815217", "urban-botany-station.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-16 01:36:00", "1815189", "natureoasisdesign.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 23:58:40", "1815169", "edge-bloom-platform.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 21:28:30", "1815148", "wildflower-routing-path.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 19:44:50", "1815137", "95.231.168.143:4483", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:46:33", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch"
"2026-05-15 19:44:38", "1815135", "65.21.21.227:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-15 19:44:38", "1815136", "65.21.21.227:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-15 19:44:21", "1815134", "4.235.114.15:1024", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:45:38", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-15 19:44:19", "1815133", "34.69.130.10:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:45:33", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-15 19:44:18", "1815132", "31.57.187.91:1337", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-15 19:44:14", "1815131", "217.30.169.67:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:25", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-15 19:43:41", "1815130", "2.26.160.75:4984", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-15 19:43:29", "1815129", "178.236.252.244:3333", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:56", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-15 19:43:22", "1815128", "163.245.216.78:8080", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:44", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-15 19:43:12", "1815127", "137.184.102.191:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:21", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-15 19:43:07", "1815126", "107.175.148.68:8080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:12", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-15 19:43:04", "1815125", "103.147.228.13:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-15 19:24:40", "1815121", "wildflower-path-mapping.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "15May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-15 17:50:07", "1815099", "dedicatetake-outpure.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "15May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-15 16:00:12", "1815073", "pgo.fatherchrismas.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:23:37", "100", "True", "None", "vidar", "0", "crep1x"
"2026-05-15 16:00:12", "1815074", "https://pgo.fatherchrismas.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:23:37", "100", "True", "None", "vidar", "0", "crep1x"
"2026-05-15 14:34:52", "1814938", "henrydegenhart.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-09 05:42:55", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-05-15 13:48:12", "1814914", "207.56.229.234:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:16", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-05-15 13:47:47", "1814909", "39.108.114.1:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:20", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-05-15 13:47:47", "1814910", "123.57.208.37:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:01", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-15 13:47:09", "1812324", "47.99.93.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:30", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-15 13:35:39", "1812358", "31.207.39.174:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 06:12:03", "100", "False", "None", "AS210403,chaos,Groupe LWS SARL", "0", "antiphishorg"
"2026-05-15 13:35:37", "1812345", "158.220.127.55:8888", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 06:12:03", "100", "False", "None", "AS51167,chaos,Contabo GmbH", "0", "antiphishorg"
"2026-05-15 13:35:09", "1812247", "latiendadelafelicidad.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-09 05:42:55", "100", "False", "https://bazaar.abuse.ch/sample/19a8626a6418122d6c91d09845dc75142b7adcf39288ed5aca09fb9640df4f80/", "c2,RemusStealer", "0", "burger"
"2026-05-15 12:47:45", "1814896", "eh-masled.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 11:30:49", "1814885", "vsif6dio.animalspintroll-xerography.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-15 10:04:16", "1814539", "correction-pancake-seissy.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 09:45:23", "1814531", "91.124.19.173:6913", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-15 09:45:20", "1814529", "85.11.167.110:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:23", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-15 09:45:20", "1814530", "85.11.167.110:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:23", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-15 09:44:54", "1814528", "5.101.81.2:63676", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:55", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-15 09:44:35", "1814527", "216.250.249.225:2195", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-15 09:43:22", "1814525", "15.236.43.82:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:31", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-15 09:43:07", "1814523", "104.243.248.63:1808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-15 09:43:04", "1814522", "103.168.67.140:3031", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-15 09:01:53", "1813449", "serverlesscontrolplane.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 05:55:23", "1812495", "distributed-event-processing-lab.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 05:34:46", "1812494", "telemetry-stream-core.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 04:54:00", "1812486", "edge-network-hub.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 04:45:27", "1812479", "49h06cy9.pashtuns-study-rose-hip.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-15 04:12:52", "1812476", "microservicecluster.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 03:52:09", "1812373", "neural-routing-fabric.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 03:31:48", "1812371", "packet-relay-engine.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 02:45:08", "1812355", "sgs68ivh.binary-dock.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-15 02:29:46", "1812349", "puffingsiterreorganize.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-15 02:09:38", "1812348", "smuggler-beluga-notion.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:25", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-05-15 00:46:26", "1812337", "5nan0z8w.sniffingviableoffice.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-15 00:06:51", "1812334", "runtime-control-plane.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 23:05:17", "1812327", "kadush-sideburnsushan.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 22:45:41", "1812322", "1.117.61.9:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:45", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-14 22:45:33", "1812320", "ct.feliz.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-14 19:59:43", "1812285", "packet-routing-lab.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 19:47:27", "1812283", "95.141.133.7:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:32", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch"
"2026-05-14 19:47:23", "1812282", "91.215.85.121:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:28", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-14 19:43:34", "1812281", "138.9.219.221:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-14 19:43:12", "1812280", "104.243.248.63:1806", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-14 18:28:05", "1812258", "enterprise-security-log.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-05-14 17:57:04", "1812245", "system-analytics-pro-guide.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-05-14 16:43:11", "1812231", "ws09ax4h.limous-nitout.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:26", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-14 16:27:07", "1812230", "smartworkflowmanagement.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-05-14 16:03:35", "1812229", "pro-cyber-defense.courses", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:25", "100", "False", "None", "ClearFake", "1", "ttakvam"
"2026-05-14 15:25:06", "1812225", "layer-obs-usget-tron.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 15:09:23", "1812220", "revvedupnet.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-09 05:42:55", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-05-14 15:09:23", "1812221", "brullercorp.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-09 05:42:55", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-05-14 15:09:23", "1812222", "iasolopreneur.com", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-09 05:42:55", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-05-14 14:43:55", "1812215", "ywh94lky.champag-mannered.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-14 14:40:22", "1812213", "card-oracle-mac-laptop.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 14:17:39", "1812208", "handout-voivo-desk-ship-link.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 13:55:12", "1812197", "master-voivo-system-shop-slink.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 12:52:31", "1812157", "stack-core-node-date-hash.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 12:36:52", "1811874", "8.218.224.15:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:35", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-14 12:35:59", "1811932", "80.78.30.62:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:19", "100", "True", "None", "havoc", "1", "_ik_"
"2026-05-14 12:33:41", "1812137", "207.56.226.75:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:15", "100", "True", "None", "cobaltstrike", "1", "_ik_"
"2026-05-14 12:33:30", "1811674", "47.102.184.26:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:24", "50", "False", "None", "37963,c2,censys,cobalt strike", "0", "sojubear"
"2026-05-14 12:32:24", "1811552", "afroempiredance.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-14 12:32:21", "1811554", "chameleoninserts.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-14 12:32:18", "1811558", "martialnovalis.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-14 12:32:16", "1811559", "prostazin.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-14 12:32:15", "1811560", "seppiacultura.org", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-14 12:32:14", "1811561", "shadetree.financial", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-14 12:30:56", "1811507", "158.94.209.243:3333", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:39", "100", "True", "None", "dcrat", "1", "_ik_"
"2026-05-14 12:14:39", "1812148", "147.78.2.110:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:06", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-14 12:07:54", "1812143", "global-infra-logic-get-hash.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 11:46:11", "1812141", "113.31.115.231:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-14 09:51:34", "1812126", "84.46.251.62:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:23", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-14 09:45:53", "1812125", "192.159.99.34:6606", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:14", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-14 09:30:40", "1812123", "edge-processing-network.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 06:58:18", "1812098", "desk-sensor-tabel-tunnel-key.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 04:20:56", "1812074", "meta-data-shredding-cleanup-utility.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-14 02:50:33", "1812040", "analytical-traffic-audit-record-file.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-13 23:50:26", "1812020", "conjur-kremlinshort.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-13 23:49:07", "1812019", "64bc33vp.chequecholeric.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:26", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-13 21:38:30", "1812002", "packetdistributionmesh.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-13 20:53:08", "1811988", "telemetry-observability-core.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-13 20:08:48", "1811983", "decentralizedmessagingframework.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-13 19:45:36", "1811952", "93.127.160.86:6552", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:31", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-13 19:45:31", "1811950", "85.120.252.124:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:23", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-13 19:45:31", "1811951", "85.17.192.68:2121", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:24", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-13 19:45:29", "1811949", "83.217.215.55:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:22", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-13 19:45:08", "1811948", "5.101.83.144:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-13 19:45:06", "1811947", "5.101.82.216:50044", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-13 19:45:05", "1811946", "5.101.81.81:6913", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-13 19:44:54", "1811945", "43.230.162.44:14321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:42", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-13 19:44:46", "1811944", "31.13.190.2:6552", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:29", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-13 19:43:55", "1811943", "2.26.96.209:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:23", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-13 19:43:53", "1811942", "194.33.48.221:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:20", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-13 19:43:17", "1811941", "139.99.131.177:6000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-13 19:43:03", "1811939", "103.197.191.159:443", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:43:07", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-13 19:43:03", "1811940", "103.197.191.159:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:43:07", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-13 19:23:13", "1811937", "microkernel-routing-engine.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-13 17:13:54", "1811894", "decentralizedworkflowengine.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-13 10:53:40", "1811776", "obese-uzousweb-play.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-13 10:45:56", "1811775", "43.139.170.200:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:21", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-13 09:45:26", "1811766", "91.134.139.176:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:28", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-13 09:45:12", "1811764", "62.169.31.177:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2026-06-09 05:46:10", "75", "False", "None", "drb-ra,Hook", "0", "abuse_ch"
"2026-05-13 09:44:52", "1811763", "45.92.1.175:5220", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-13 09:43:56", "1811762", "203.202.232.22:3131", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-13 09:43:50", "1811761", "194.33.48.221:8081", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:19", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-13 09:43:20", "1811760", "147.124.216.58:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:29", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-13 09:43:02", "1811759", "101.109.237.93:7443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:43:04", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch"
"2026-05-13 09:42:44", "1811758", "accoun-table-unleash-soft.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-05-12 22:45:18", "1811650", "168.222.97.93:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-12 22:45:18", "1811651", "168.222.97.93:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-12 22:45:17", "1811649", "161.248.87.10:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-12 22:30:26", "1811647", "dnmjbsbqsb.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-06-07 15:20:35", "75", "False", "https://bazaar.abuse.ch/sample/b19633c79f345c08f5cfb2d04cad60391608dbc23e4b29adf312ee3eb6e9bd0c/", "valleyrat_s2", "0", "abuse_ch"
"2026-05-12 19:45:05", "1811573", "94.198.51.234:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:32", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-12 19:44:29", "1811572", "37.72.172.58:7077", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:35", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-12 19:43:45", "1811571", "2.27.17.179:6644", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-12 15:12:03", "1811473", "www.apartuk.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "2026-06-09 06:12:04", "50", "False", "https://tracker.viriback.com/index.php?q=www.apartuk.info", "ViriBack,XLoader", "0", "abuse_ch"
"2026-05-12 15:12:02", "1811472", "www.axilo.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "2026-06-09 06:12:04", "50", "False", "https://tracker.viriback.com/index.php?q=www.axilo.top", "ViriBack,XLoader", "0", "abuse_ch"
"2026-05-12 14:58:08", "1810747", "picsofficial.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-12 14:56:23", "1810836", "tabelafipe.site", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-07 21:59:50", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-12 14:51:34", "1811065", "recargapopular.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 15:20:35", "49", "False", "https://www.cryptika.com/trending-hugging-face-repo-with-200k-downloads-executes-malware-on-windows-machines/", "None", "0", "johannes"
"2026-05-12 14:51:33", "1811066", "welovechinatown.info", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 15:20:35", "49", "False", "https://www.cryptika.com/trending-hugging-face-repo-with-200k-downloads-executes-malware-on-windows-machines/", "None", "0", "johannes"
"2026-05-12 14:50:32", "1811234", "190.255.90.152:6000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:12", "50", "False", "None", "3816,asyncrat,c2,censys", "0", "sojubear"
"2026-05-12 14:48:59", "1811440", "http://cdntestconnect.com/ed54b97a570943999715.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-09 06:13:55", "100", "False", "None", "c2,first,loader,StealC,stealer", "0", "Bitsight"
"2026-05-12 11:45:40", "1811413", "118.31.62.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:58", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-12 11:45:38", "1811412", "117.72.168.103:50011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-12 11:45:31", "1811410", "101.132.156.12:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:46", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-12 11:45:31", "1811411", "101.35.102.87:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-12 09:45:18", "1811401", "91.92.243.38:35630", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:30", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-12 09:45:17", "1811400", "91.215.85.121:6466", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:28", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-12 09:45:14", "1811399", "85.158.57.247:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:24", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-12 09:45:04", "1811398", "67.180.188.88:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:15", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-12 09:45:00", "1811397", "62.84.114.70:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-12 09:44:59", "1811396", "62.171.190.148:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:10", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-12 09:44:43", "1811394", "45.142.107.41:1030", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:45:44", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-12 09:44:43", "1811395", "45.142.107.41:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:45:44", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-12 09:44:37", "1811392", "31.57.184.48:7456", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-12 09:44:37", "1811393", "31.57.201.105:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:32", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-12 09:43:50", "1811389", "207.148.2.115:60060", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:44:29", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-12 09:43:50", "1811390", "207.148.2.115:60061", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:44:29", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-12 09:43:47", "1811388", "2.26.96.209:8080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:23", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-12 09:43:21", "1811387", "155.103.71.115:14549", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:35", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-12 09:43:17", "1811386", "146.185.233.71:41254", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-12 09:43:06", "1811385", "104.243.248.63:1803", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:10", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-12 09:43:03", "1811384", "103.143.207.71:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:06", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-11 23:00:12", "1811187", "mpd.pegasus-77.biz.id", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:23:16", "100", "True", "None", "vidar", "0", "crep1x"
"2026-05-11 23:00:12", "1811188", "https://mpd.pegasus-77.biz.id/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:23:16", "100", "True", "None", "vidar", "0", "crep1x"
"2026-05-11 22:45:16", "1811186", "117.50.184.221:10080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-11 22:45:14", "1811185", "112.124.71.123:55555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-11 19:45:07", "1811129", "64.199.252.59:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:46:12", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-11 19:45:01", "1811128", "51.77.54.76:6769", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:07", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-11 19:44:51", "1811127", "46.253.143.52:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:51", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-11 19:44:49", "1811126", "45.77.89.29:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:48", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-11 19:43:58", "1811125", "213.139.77.243:55555", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:44:32", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-05-11 19:43:39", "1811124", "185.212.128.72:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:06", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-11 19:43:38", "1811123", "185.190.142.66:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:05", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-11 19:43:23", "1811122", "155.103.71.115:14548", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:35", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-11 19:43:16", "1811120", "139.180.153.57:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:23", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-11 19:43:16", "1811121", "139.99.131.177:8000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:24", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-11 19:43:10", "1811119", "13.60.193.80:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-11 19:43:08", "1811118", "109.73.193.242:10140", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:14", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-11 19:43:04", "1811117", "103.247.11.53:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:08", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-11 12:17:47", "1811020", "glokchapigui.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:06:56", "100", "False", "None", "11May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm"
"2026-05-11 11:45:53", "1811018", "38.55.124.41:16571", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-11 11:45:45", "1811017", "172.245.28.187:4440", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-11 11:45:33", "1811016", "117.72.198.62:9987", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-11 09:45:20", "1810966", "91.92.243.63:35631", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:30", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-11 09:45:20", "1810967", "91.92.243.63:35635", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:30", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-11 09:45:15", "1810965", "89.42.134.220:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:27", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-11 09:44:59", "1810964", "78.47.143.18:8053", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-11 09:44:44", "1810963", "5.101.81.81:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-11 09:44:38", "1810962", "45.153.34.51:58001", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:45", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-11 09:44:36", "1810961", "44.215.161.149:4005", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:43", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-11 09:44:35", "1810960", "43.133.149.36:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:40", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-11 09:44:29", "1810959", "31.57.184.154:7007", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-11 09:43:46", "1810958", "20.114.142.61:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:25", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-11 09:43:42", "1810957", "194.163.175.135:8679", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-11 09:43:41", "1810956", "193.169.194.19:8264", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:16", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-11 09:43:35", "1810955", "185.242.245.27:44875", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:09", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-11 09:43:34", "1810954", "185.212.128.76:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:06", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-11 09:43:26", "1810952", "172.239.57.52:1234", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:49", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-11 09:43:26", "1810953", "172.245.97.237:2030", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:49", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-11 09:43:24", "1810951", "168.222.97.106:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:47", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-11 09:43:20", "1810950", "158.94.210.70:22532", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:39", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-11 09:43:15", "1810949", "144.91.78.57:9008", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-11 09:43:11", "1810948", "137.184.38.192:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:21", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-11 09:43:09", "1810947", "130.12.182.209:1525", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:19", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-10 23:45:17", "1810462", "150.158.109.61:9090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-10 23:45:07", "1810461", "112.213.106.53:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-10 19:44:55", "1810418", "64.23.231.32:9001", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:13", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-10 19:44:52", "1810417", "5.78.110.145:7989", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:46:06", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-10 19:44:43", "1810416", "46.109.239.103:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:50", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-10 19:44:38", "1810415", "44.206.172.239:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:42", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-10 19:44:31", "1810414", "31.57.184.154:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-10 19:44:30", "1810413", "24.134.4.221:4714", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:45:27", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch"
"2026-05-10 19:43:51", "1810412", "209.99.188.44:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:31", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-10 19:43:45", "1810410", "195.123.240.236:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:20", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-10 19:43:45", "1810411", "195.123.240.236:8274", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:21", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-10 19:43:39", "1810408", "189.34.188.6:5406", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:12", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch"
"2026-05-10 19:43:39", "1810409", "189.34.188.6:5407", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:12", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch"
"2026-05-10 19:43:32", "1810407", "178.16.55.171:444", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:43:55", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-05-10 19:43:31", "1810406", "178.105.40.204:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:54", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-10 19:43:15", "1810405", "138.9.237.106:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-10 19:43:11", "1810404", "130.49.214.74:50194", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:19", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-10 18:57:10", "1809864", "1net.ro", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:57:08", "1809866", "allstartsealing.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:57:07", "1809868", "aplikasigerhanatoto1.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:57:03", "1809872", "belindabuck.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:57:01", "1809874", "biopelletuab.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:57:00", "1809875", "boilermill.com.br", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:59", "1809876", "buktijpilmu.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:56", "1809879", "cofeusa.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:55", "1809880", "columbusisles.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:54", "1809881", "compraway.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:50", "1809884", "diversidadecatolica.com.br", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:47", "1809887", "eltransistorgranada.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:46", "1809889", "foresightedtech.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:44", "1809891", "goldenlifemanor.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:42", "1809893", "gustavogorriaran.com.uy", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:41", "1809894", "heachang.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:40", "1809896", "hudaaldosari.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:39", "1809897", "hzarchitects.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:39", "1809898", "ianvance.co.uk", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:38", "1809899", "ideaverdegolf.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:37", "1809900", "infodehrifcam.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:37", "1809901", "inspiredassistance.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:35", "1809903", "jessicaassociates.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:33", "1809906", "kkg-wehofen.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:33", "1809907", "ktgafurov.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:24", "1809908", "laforetfestas.com.br", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:22", "1809910", "lifemagazine.nl", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:20", "1809911", "lkexcellence.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:17", "1809913", "loveworldvirtualchurch.org.uk", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:14", "1809917", "miariym.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:11", "1809919", "mnpermlighting.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:09", "1809921", "nmv-contruction.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:03", "1809924", "pastquestion.com.ng", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:03", "1809925", "patrafoam.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:02", "1809926", "philadelphiarestorationservices.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:56:00", "1809928", "prediksitaysen88.cloud", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:58", "1809930", "qblicense.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:57", "1809931", "quotient-capital.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:55", "1809933", "safa71.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:52", "1809935", "sapienharvest.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:51", "1809937", "shivshankarexp.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:50", "1809938", "simicenter.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:48", "1809940", "staybadparamotor.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:47", "1809941", "tcwaremmien.be", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:47", "1809942", "totaaldiscounter.nl", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:46", "1809943", "tramproject.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:44", "1809946", "winesportbet.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:55:42", "1809948", "yourgreendreams.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:40", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-05-10 18:42:12", "1809980", "129.211.2.123:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:04", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear"
"2026-05-10 18:42:09", "1809984", "1.92.101.103:8099", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:45", "50", "False", "None", "55990,c2,censys,cobalt strike", "0", "sojubear"
"2026-05-10 10:45:37", "1810194", "142.171.172.100:17443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-10 10:45:13", "1810193", "api.apifox.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-10 10:20:28", "1810182", "perspectives-family.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2026-06-07 15:17:36", "75", "False", "https://bazaar.abuse.ch/sample/206d7631a04e49e9536eb6249293651c76c8911dfc08cd33dff8df887344e7c2/", "nanocore", "0", "abuse_ch"
"2026-05-10 09:44:56", "1810170", "57.158.27.132:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:09", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-10 09:44:39", "1810169", "43.133.149.36:18080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:40", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-10 09:43:50", "1810168", "207.56.2.25:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:29", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-10 09:43:47", "1810167", "198.23.185.234:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:22", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-10 09:43:45", "1810166", "194.26.192.229:50", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:19", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-10 09:43:41", "1810165", "192.159.99.183:8080", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:14", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-10 09:43:33", "1810164", "179.43.134.189:9968", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-10 09:43:31", "1810163", "175.27.164.136:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:53", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-10 09:43:27", "1810162", "172.245.152.57:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:49", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-09 20:44:40", "1809787", "39nasm720z98q.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-09 19:44:46", "1809758", "82.25.35.113:2177", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:46:21", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-09 19:44:38", "1809756", "5.180.46.180:2030", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:46:05", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-09 19:43:46", "1809754", "213.130.25.141:44333", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:32", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch"
"2026-05-09 19:43:41", "1809753", "198.167.212.165:73", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-08 18:43:56", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-09 19:43:40", "1809751", "194.26.192.229:100", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-08 18:43:54", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-09 19:43:40", "1809752", "194.26.192.229:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-08 18:43:54", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-09 19:43:24", "1809750", "168.144.89.48:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:47", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-09 19:43:23", "1809749", "167.99.151.149:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:46", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-09 19:43:13", "1809747", "138.9.223.13:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:22", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-09 19:43:13", "1809748", "138.9.41.254:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:23", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 23:44:52", "1809219", "139.196.50.117:9930", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:05", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-08 23:44:44", "1809218", "106.53.82.117:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-08 19:45:15", "1809059", "202.95.18.30:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-08 19:44:47", "1809058", "ns1.cacheflow.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-08 19:44:41", "1809056", "93.127.160.86:6553", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:45:44", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:44:41", "1809057", "93.127.160.86:6554", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:45:44", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:44:40", "1809054", "91.92.241.142:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-07 18:45:44", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-08 19:44:40", "1809055", "91.92.241.142:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-07 18:45:44", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-08 19:44:39", "1809053", "89.208.113.158:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:27", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-08 19:44:36", "1809051", "83.142.209.146:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-08 08:45:36", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-08 19:44:36", "1809052", "83.142.209.60:8795", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:21", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-08 19:44:34", "1809050", "80.211.196.157:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:18", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-08 19:44:33", "1809048", "75.119.154.8:2700", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-08 08:45:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-08 19:44:33", "1809049", "75.119.154.8:3500", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-08 08:45:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-08 19:44:32", "1809046", "64.90.19.46:5432", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:13", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-08 19:44:32", "1809047", "66.163.112.213:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:14", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-08 19:44:30", "1809045", "61.7.18.194:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:45:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:44:27", "1809044", "5.101.86.70:9843", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:02", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:44:25", "1809043", "5.101.86.105:4509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:44:13", "1809042", "31.57.216.56:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:32", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:44:11", "1809041", "23.227.203.172:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:45:26", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-08 19:43:41", "1809039", "209.38.100.109:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:30", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-08 19:43:41", "1809040", "209.54.101.159:1414", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:44:11", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:36", "1809038", "193.42.24.165:4848", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:18", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-08 19:43:35", "1809037", "193.169.194.24:2509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:31", "1809036", "185.220.205.80:3535", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:08", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:29", "1809034", "185.212.128.15:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:05", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-08 19:43:29", "1809035", "185.212.128.24:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:05", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-08 19:43:28", "1809033", "180.97.214.70:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:43:57", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-05-08 19:43:26", "1809032", "177.67.105.14:8091", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:53", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-08 19:43:25", "1809031", "172.94.3.201:5816", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:43:41", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:19", "1809029", "160.25.82.142:80", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:41", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:19", "1809030", "160.30.231.100:553", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-08 08:43:32", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-08 19:43:17", "1809028", "154.7.228.167:2443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:33", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-08 19:43:15", "1809026", "146.185.233.76:7227", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:15", "1809027", "146.185.239.61:9702", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:13", "1809024", "138.9.231.141:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 18:43:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:13", "1809025", "138.9.234.119:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:43:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:12", "1809020", "138.9.0.156:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:43:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:12", "1809021", "138.9.114.126:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:43:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:12", "1809022", "138.9.116.98:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:43:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:12", "1809023", "138.9.216.8:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:43:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 19:43:09", "1809019", "129.212.254.59:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 18:43:14", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-08 19:43:06", "1809018", "107.174.234.194:7755", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:43:10", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 10:44:30", "1808743", "47.94.168.149:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-08 10:44:29", "1808742", "47.83.254.175:1102", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-08 10:43:48", "1808741", "1364170351-kld29tgkc1.ap-guangzhou.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-08 08:43:59", "1808671", "89.203.129.126:9997", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-07 18:45:42", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2026-05-08 08:43:57", "1808667", "81.17.101.139:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-07 08:45:24", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-08 08:43:57", "1808668", "82.38.148.254:5902", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 08:45:25", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:57", "1808669", "82.38.148.254:5903", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 08:45:25", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:57", "1808670", "83.143.58.253:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 08:45:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:56", "1808666", "69.197.150.245:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 08:45:21", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:55", "1808665", "62.169.25.116:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:10", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-08 08:43:54", "1808664", "5.252.179.132:1616", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:06", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:53", "1808661", "5.101.86.95:4034", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:53", "1808662", "5.101.86.99:7192", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:05", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:53", "1808663", "5.252.153.0:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:05", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-08 08:43:52", "1808660", "5.101.86.70:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:51", "1808659", "5.101.86.41:3305", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:50", "1808658", "5.101.86.103:8834", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:49", "1808655", "5.101.83.117:8374", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:49", "1808656", "5.101.86.103:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:49", "1808657", "5.101.86.103:6913", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:48", "1808654", "5.101.82.226:3581", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:47", "1808653", "5.101.81.23:4315", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:46", "1808652", "45.79.163.107:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:48", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-08 08:43:45", "1808649", "45.23.73.4:5645", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 18:45:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:45", "1808650", "45.56.91.55:2005", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:47", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch"
"2026-05-08 08:43:42", "1808648", "31.57.216.62:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:33", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:41", "1808647", "23.249.29.138:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:45:27", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-08 08:43:21", "1808643", "209.38.110.161:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:30", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-08 08:43:21", "1808644", "209.99.186.98:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 18:44:09", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:21", "1808645", "209.99.190.172:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-07 18:44:09", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-08 08:43:21", "1808646", "209.99.190.53:666", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-07 18:44:09", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-08 08:43:19", "1808641", "195.250.25.214:4000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:21", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-08 08:43:19", "1808642", "198.46.173.6:2208", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 08:43:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:18", "1808640", "194.37.80.126:7543", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:20", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-08 08:43:15", "1808639", "185.212.129.114:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:06", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-08 08:43:14", "1808638", "179.0.178.240:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 18:43:43", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:13", "1808637", "178.104.186.90:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:53", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-08 08:43:12", "1808635", "170.168.103.124:5342", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:48", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:12", "1808636", "172.245.209.227:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 08:43:37", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:11", "1808634", "167.114.129.165:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 18:43:35", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-08 08:43:08", "1808633", "146.185.239.55:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:28", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:07", "1808629", "138.9.118.8:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 18:43:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:07", "1808630", "138.9.216.212:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 18:43:17", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:07", "1808631", "138.9.226.206:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 18:43:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:07", "1808632", "138.9.41.75:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 18:43:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:05", "1808627", "108.61.193.141:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 18:43:11", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-08 08:43:05", "1808628", "113.31.118.180:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:15", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-08 08:43:04", "1808623", "104.243.248.63:1802", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:10", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-08 08:43:04", "1808624", "106.55.186.190:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:11", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-08 08:43:04", "1808625", "107.161.50.202:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-08 08:43:04", "1808626", "107.172.235.68:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-08 08:43:03", "1808621", "103.83.87.7:2492", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:09", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 08:43:03", "1808622", "103.83.87.81:4141", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:09", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-08 07:49:28", "1808600", "45.202.249.88:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:24", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-08 07:49:24", "1808598", "45.202.249.88:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:24", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-07 20:45:06", "1808288", "49.7.54.204:8901", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-07 20:44:34", "1808287", "106.14.116.17:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-07 20:44:32", "1808286", "101.33.225.32:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-07 18:44:06", "1808259", "5.101.86.106:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-07 18:44:05", "1808258", "5.101.83.114:7312", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-07 18:43:51", "1808257", "217.145.72.202:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 18:44:45", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-07 18:43:25", "1808256", "186.169.76.228:5010", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:11", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-07 18:43:18", "1808255", "168.144.36.228:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:43:47", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch"
"2026-05-07 18:43:14", "1808254", "155.103.71.115:14648", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 08:43:26", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-07 18:43:11", "1808253", "146.185.233.41:5382", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-07 18:43:09", "1808252", "138.197.21.32:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:22", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-07 10:44:18", "1808142", "83.147.38.94:2030", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:46:22", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-07 10:44:15", "1808141", "66.85.27.30:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 18:45:32", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-07 10:44:07", "1808140", "5.101.81.81:9323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-07 07:36:02", "1808073", "cccflknorgnsd.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-06-07 15:20:35", "100", "False", "https://bazaar.abuse.ch/sample/c537ef13a8db150c25e246dda1807e3b36396d4f41a54e3b12d87b57610ff10d/", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-05-06 20:53:25", "1807882", "http://178.16.55.25/bcbb13c7c8984290857b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-09 06:14:36", "100", "False", "None", "c2,FFF0506,loader,StealC,stealer", "0", "Bitsight"
"2026-05-06 20:53:22", "1807868", "27.102.137.139:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:28", "75", "False", "", "Remcos,RemcosRAT,Remvio,Socmer", "0", "whoamix302"
"2026-05-06 20:45:39", "1807906", "45.207.192.190:30078", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 20:45:29", "1807905", "207.56.226.75:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 20:45:09", "1807904", "117.72.168.103:16337", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 20:44:56", "1807903", "static.slbc7890.shop", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 18:44:01", "1807846", "5.101.86.102:2501", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-06 18:44:01", "1807847", "5.101.86.107:4934", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-06 18:43:14", "1807842", "154.18.238.18:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:32", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-06 16:44:54", "1807793", "68.64.178.130:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 16:44:44", "1807792", "39.101.78.48:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 16:44:32", "1807791", "124.223.90.150:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:04", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 16:44:24", "1807789", "103.53.81.232:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 12:45:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 16:44:24", "1807790", "103.53.81.232:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 12:45:53", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 16:44:22", "1807788", "1.15.100.187:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:45", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 16:44:21", "1807787", "www.pronhub.shop", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 16:44:20", "1807786", "update.javashell.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 12:45:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 16:44:13", "1807783", "1325813086-kvn4jlpgeu.ap-shanghai.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 16:44:13", "1807784", "1364170351-ivarm6apjz.ap-guangzhou.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 16:44:13", "1807785", "4176rbz8vepn6.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-06 08:44:09", "1807540", "5.101.86.41:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-06 08:44:09", "1807541", "5.101.86.41:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-06 08:44:08", "1807539", "5.101.86.104:1334", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-06 08:43:54", "1807538", "31.57.184.154:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-06 06:01:23", "1807364", "77.93.152.138:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:16", "50", "False", "None", "401479,asyncrat,c2,censys", "0", "sojubear"
"2026-05-05 20:44:19", "1807261", "www.cement-chemistry.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-05 18:49:30", "1807206", "5.101.86.98:4126", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-05 18:49:12", "1807204", "5.101.82.228:9362", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-05 18:49:12", "1807205", "5.101.82.229:3039", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-05 17:17:43", "1807073", "http://5.252.177.67/bb7f17919d0a4d0aaf22.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-09 05:18:18", "100", "False", "None", "c2,loader,StealC,stealer,win20", "0", "Bitsight"
"2026-05-05 13:58:25", "1807037", "http://213.165.47.49/480bee37986b4097bc20.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-09 05:31:45", "100", "False", "None", "c2,loader,StealC,stealer,test", "0", "Bitsight"
"2026-05-05 13:58:14", "1807059", "http://89.46.38.100/c0b30d15260a4d8888dc.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-09 06:06:42", "100", "False", "None", "c2,loader,M1,StealC,stealer", "0", "Bitsight"
"2026-05-05 12:59:27", "1806983", "http://196.251.107.130/16b022998f754137b60a.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-09 06:14:05", "100", "False", "None", "c2,loader,RUN,StealC,stealer", "0", "Bitsight"
"2026-05-05 12:59:20", "1806998", "http://213.165.47.174/0cddd9346bd3479aab11.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-09 05:59:31", "100", "False", "None", "c2,loader,steal,StealC,stealer", "0", "Bitsight"
"2026-05-05 12:59:16", "1807013", "http://193.111.117.51/94a5dbd165044e85b88e.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-09 06:14:38", "100", "False", "None", "c2,loader,neverhigh,StealC,stealer", "0", "Bitsight"
"2026-05-05 10:47:42", "1806953", "5.101.82.99:6031", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:57", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-05 10:47:27", "1806951", "46.151.182.33:9545", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-05 08:44:56", "1806901", "172.245.156.179:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-05 08:44:35", "1806900", "webshareclouds.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 10:45:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-05 08:44:34", "1806899", "perfectgo.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 10:45:47", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-05 06:12:25", "1806698", "woodfez.biz", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-08 05:41:28", "100", "False", "", "RemusStealer", "0", "abuse_ch"
"2026-05-05 00:05:43", "1806444", "104.168.5.25:5000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:10", "75", "False", "https://bazaar.abuse.ch/sample/ee0e4e3198fd8942c1241f276857745823901fbbdd73b6827517998e17f91e09/", "remcos", "0", "abuse_ch"
"2026-05-04 20:45:07", "1806229", "8.130.80.145:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-04 20:44:43", "1806228", "154.219.115.123:61443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:08", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-04 20:44:36", "1806227", "119.29.198.193:8555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-04 18:44:06", "1806112", "5.101.86.101:1398", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:58", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-04 15:20:00", "1806025", "xm06vmby.repu1sivebrazen.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-06-07 15:07:40", "100", "False", "None", "clearfake", "1", "ttakvam"
"2026-05-04 12:45:16", "1805878", "77.74.201.243:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-04 12:44:30", "1805876", "t.shakesnap.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:45:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-04 12:44:30", "1805877", "t2.shakesnap.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:45:54", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-04 10:44:16", "1805817", "93.127.134.156:3389", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-07 18:45:46", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-04 10:43:21", "1805813", "178.16.54.192:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:43:43", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-04 08:44:52", "1805768", "31.7.62.178:14443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-04 08:44:13", "1805766", "82.165.79.60:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:20", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-04 08:44:12", "1805765", "82.165.79.60:1337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:20", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-04 08:44:06", "1805762", "5.101.86.73:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:03", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-04 08:44:06", "1805763", "5.101.86.73:8371", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-04 08:44:05", "1805761", "5.101.86.4:3841", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-04 08:43:16", "1805757", "163.181.45.55:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:43:43", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-05-03 12:44:50", "1805272", "80.78.22.41:783", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-03 12:44:46", "1805271", "49.232.90.5:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-03 12:44:37", "1805269", "38.165.21.163:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-03 12:44:29", "1805268", "151.245.90.45:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-03 12:44:08", "1805267", "ap.johamp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-03 08:43:54", "1805202", "46.151.182.148:25608", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-03 08:43:14", "1805198", "159.69.90.48:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:40", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-02 20:44:32", "1804969", "34.124.142.136:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:18", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-02 20:44:32", "1804970", "34.124.142.136:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:18", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-02 20:44:31", "1804968", "203.160.54.22:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:46:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-02 20:44:30", "1804967", "195.123.220.237:2053", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-02 20:44:06", "1804965", "h67as5d5x.m6p3wca1.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:45:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-02 18:43:44", "1804928", "38.147.173.24:8562", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:36", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-02 18:43:13", "1804922", "157.230.26.61:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 18:43:29", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-02 18:43:07", "1804919", "134.122.99.247:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:20", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-02 14:44:30", "1804853", "47.101.172.178:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 12:46:21", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-02 08:43:53", "1804732", "8.160.216.91:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:46:17", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-05-02 08:43:40", "1804728", "31.57.184.161:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-02 08:43:40", "1804729", "31.57.184.161:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-02 08:43:39", "1804727", "31.57.184.161:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-02 08:43:06", "1804719", "124.95.172.200:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:43:18", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-05-02 07:06:20", "1804652", "38.55.177.51:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:46:23", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-05-02 06:55:05", "1804643", "firewai.biz", "domain", "botnet_cc", "win.remus", "None", "Remus", "2026-06-08 05:41:28", "100", "False", "https://bazaar.abuse.ch/sample/5eb440933efc934628399697e2bca83ac41cefbb7c653dae1b91113596c4755e/", "RemusStealer", "0", "abuse_ch"
"2026-05-02 06:32:32", "1804626", "ygbrowsbeauty.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:40", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:32", "1804627", "zamboneti.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:40", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:31", "1804614", "watergroupsystems.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:31", "1804618", "wedevall.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:31", "1804623", "xauusddigger.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:40", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:30", "1804603", "uwdierenarts.nl", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:30", "1804604", "vecte-algerie.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:30", "1804607", "vinabeautyspa.nyc", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:30", "1804608", "vintage-kitchen.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:30", "1804611", "vskudvarhely.ro", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:29", "1804593", "tropicalct.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:29", "1804595", "trustytravelnemt.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:29", "1804600", "uniqueprime.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:29", "1804601", "unit2london.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:28", "1804582", "tkcbusinessconsulting.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:28", "1804585", "topbuyernyc.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:28", "1804586", "topjobsnigerian.com.ng", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:28", "1804590", "transportsaintfelicien.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:39", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:27", "1804570", "thegoldenliving.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:27", "1804572", "thepizzzahouse.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:27", "1804573", "therecipesphere.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:27", "1804575", "thevermeergroup.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:27", "1804576", "threepublic.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:27", "1804578", "tinkerwiz.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:26", "1804560", "taxisenogrove.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:26", "1804561", "tcshadowbrook.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:26", "1804563", "techygenius.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:26", "1804564", "telemarineusa.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:26", "1804569", "thefragranceexchange.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:25", "1804551", "sunyan.me", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:25", "1804554", "tajikistan-adventure.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:25", "1804555", "takesomebytes.de", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:25", "1804557", "taloustuki.fi", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:24", "1804545", "standortforum.de", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:24", "1804546", "starpropertiesmanagement.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:24", "1804547", "stmichaelslegione.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:38", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:23", "1804530", "shop.laundryservice.ae", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:23", "1804534", "sketchinsight.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:23", "1804536", "smartexp.sa", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:22", "1804520", "sdcmantenimiento.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:22", "1804524", "semotalk.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:22", "1804526", "sergemoulypeintre.fr", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:21", "1804506", "rivoningoeducentre.org", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:21", "1804507", "rizqcatering.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:21", "1804508", "roofinguponthamesltd.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:21", "1804509", "roofrenewfl.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:21", "1804510", "rookiereporter.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:21", "1804511", "rosianagordoninteriordesigner.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:20", "1804495", "ragdollscatering.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:20", "1804497", "redukproperty.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:20", "1804498", "reiseheld.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:20", "1804500", "residence-schmitt.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:20", "1804501", "resifip.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:20", "1804503", "restaurantegos.ro", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:19", "1804484", "princemajahafoundation.org", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:19", "1804485", "priscille-djamfa.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:19", "1804488", "progressivegrowthcounselling.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:19", "1804492", "qatar.givingtuesday.me", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:18", "1804472", "pmcitrus.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:18", "1804473", "poljooprema.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:18", "1804474", "polkadotdp.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:18", "1804475", "pompes-funebres-defruit.fr", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:18", "1804476", "portalmykerja.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:18", "1804478", "pothain-moulages.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:18", "1804479", "prcfencing.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:18", "1804482", "pretribun.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:17", "1804468", "phnomtamaozoologicalpark.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:17", "1804470", "pio-ulski.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:16", "1804451", "offertic.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:16", "1804452", "olinone.ca", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:16", "1804453", "omnicoresolutions.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:16", "1804455", "onlydiscovery.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:16", "1804456", "onyx-infinity.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:15", "1804441", "ngdevltd.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:15", "1804442", "nickkyonline.store", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:15", "1804446", "notarytogo.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:15", "1804447", "nycefmonline.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:15", "1804448", "ocmh.health", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:14", "1804427", "murdockfuneralhome.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:14", "1804428", "myperformance.agency", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:14", "1804431", "naps-courtage.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:14", "1804432", "naqlacompany.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:14", "1804434", "nataliegonchar.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:14", "1804436", "nefis.be", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:14", "1804437", "nejoommuwaileh.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:14", "1804438", "nettoyage-proclean-paris.fr", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:13", "1804416", "mind.ba", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:13", "1804417", "mobilepricesbot.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:13", "1804418", "mochi99.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:13", "1804419", "montanaranchrental.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:13", "1804420", "montepescoli.it", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:13", "1804422", "motiflux.music", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:13", "1804424", "mp-k9security.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:12", "1804414", "mietservice-minibagger.de", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:11", "1804394", "magicmama.nl", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:11", "1804397", "malagasuite.es", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:11", "1804402", "mccanndublin.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:11", "1804403", "mduman.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:10", "1804383", "laclemanccz.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:10", "1804384", "lacompaniahostal.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:10", "1804386", "latinomusic.cl", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:10", "1804387", "lightcenterlove.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:37", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:10", "1804388", "livecup.se", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:10", "1804389", "livelaughlovedo.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:09", "1804375", "kcherbs.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:09", "1804376", "kettopluszegy.hu", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:09", "1804379", "kudeta.fm", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:08", "1804360", "jcadventures.xyz", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:08", "1804362", "jes-edu.in", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:08", "1804364", "jjhomeimprovements.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:08", "1804365", "johncohencoaching.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:08", "1804368", "jurriaanpersyn.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:08", "1804370", "kaesercustomhomes.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:35", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:07", "1804350", "iniciativa21.cz", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:07", "1804353", "invitefruition.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:07", "1804354", "ira-consultants.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:07", "1804355", "itipk.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:07", "1804357", "jamhurikenyaleadershipawards.org", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:06", "1804338", "hrp.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:06", "1804343", "icreatemystory.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:06", "1804346", "ilisdesigns.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:06", "1804347", "ilmuapk.app", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:05", "1804330", "hawkeyetreats.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:05", "1804332", "healgram.gr", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:05", "1804333", "hghomeremodelingcorp.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:34", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:04", "1804315", "gerrardsroofingandgutteringltd.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:04", "1804317", "gkb-transit.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:04", "1804321", "growinghandshaircare.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:04", "1804323", "gstspecialty.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:04", "1804324", "guardianpublicadjusters.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:03", "1804307", "fourpoint.hu", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:03", "1804308", "francotaboada.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:03", "1804309", "freedomdetective.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:03", "1804310", "fsyyouth.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:03", "1804312", "gameheavenstudio.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:01", "1804298", "facomputers.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:01", "1804299", "feelyourphoenix-coaching.de", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:01", "1804300", "filtrosdieselonline.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:01", "1804301", "fiscallfranqueadora.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:01", "1804304", "foaga.org", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:01", "1804305", "forcevision.hu", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:00", "1804287", "estetika-okna.ru", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:00", "1804289", "etelkosar.hu", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:00", "1804291", "eupillpoint.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:00", "1804292", "euronautica.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:32:00", "1804294", "evangelhodiario.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:33", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:59", "1804278", "ebuydepot.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:59", "1804279", "educationloansolution.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:59", "1804281", "entwined.co.ke", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:59", "1804283", "eshkol-ltd.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:59", "1804286", "essenzacentroestetico.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:58", "1804265", "dobnews.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:58", "1804271", "drvishalpatel.in", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:58", "1804275", "eaglevpfund.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:57", "1804259", "deltorres.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:57", "1804260", "detoxnewportbeach.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:57", "1804261", "detroitmalestripper.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:57", "1804262", "diversidadesexual.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:56", "1804244", "collectivefab.agency", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:56", "1804247", "constructorageners.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:56", "1804248", "cosce.sn", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:56", "1804249", "costa-blanca-apartment.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:56", "1804250", "councilapprovaldesign.com.au", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:55", "1804233", "clarksoutpost.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:55", "1804235", "clearlinewebdesign.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:55", "1804236", "clearskyfarms.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:55", "1804238", "clubphototunis.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:55", "1804241", "cocube.co", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:54", "1804222", "centrocomerciallaestrella.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:54", "1804223", "centrra.ru", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:54", "1804227", "cheaphardware.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:54", "1804229", "churchillsthonglor.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:54", "1804230", "cicpolymers.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:54", "1804231", "cimac.com.ph", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:54", "1804232", "cinekap.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:53", "1804211", "brighttrackllc.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:53", "1804212", "buktijpmaluku.pro", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:53", "1804213", "c-s-p.info", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:53", "1804215", "cannabis-dna.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:53", "1804221", "cdumpo.ru", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:31", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:52", "1804201", "blackheath-car-services.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:52", "1804203", "blago-qr.ru", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:52", "1804208", "bon-debarras-paris.fr", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:52", "1804210", "bradisongroup.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:51", "1804192", "beesandhoneymusic.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:51", "1804196", "bhl.ba", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:50", "1804180", "ataleunfolds.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:50", "1804185", "babytoyecia.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:50", "1804187", "baking-tales.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:50", "1804188", "balanova.co.uk", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:49", "1804170", "anduconsulting.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:49", "1804172", "aoetal.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:49", "1804173", "applinear.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 21:52:36", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:49", "1804174", "aprendatorah.com.br", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:30", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:48", "1804160", "aemuntanya.net", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:48", "1804163", "agapehomecarepa.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:48", "1804166", "aircliniq.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:47", "1804153", "academiecmm.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:47", "1804154", "acmatic.in", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:47", "1804156", "admissions2026.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 06:31:47", "1804158", "adriahousedubrovnik.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar", "0", "varysz"
"2026-05-02 05:24:17", "1803956", "https://arsimonopa.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:00:08", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight"
"2026-05-02 05:24:15", "1803960", "https://lemonimonakio.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:08:11", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight"
"2026-05-02 05:24:07", "1804005", "47.239.222.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:29", "100", "False", "", "AS45102,Cobalt Strike,cobeacon", "1", "xcyber901"
"2026-05-01 18:44:00", "1803898", "91.92.242.228:8008", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 08:45:43", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:44:00", "1803899", "93.71.143.3:9002", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:46:31", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-05-01 18:43:58", "1803896", "89.114.115.200:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:46:26", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-01 18:43:53", "1803894", "59.152.212.164:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-09 05:46:09", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2026-05-01 18:43:52", "1803892", "5.101.86.65:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:52", "1803893", "5.101.86.65:8643", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:51", "1803889", "5.101.86.15:6798", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:51", "1803890", "5.101.86.15:9267", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:51", "1803891", "5.101.86.34:5749", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:50", "1803887", "5.101.82.190:5691", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:56", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:50", "1803888", "5.101.86.15:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:59", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:48", "1803884", "45.9.168.220:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:49", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:45", "1803881", "45.10.164.177:45123", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:43", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-01 18:43:44", "1803880", "39.101.82.73:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:45:38", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-05-01 18:43:41", "1803874", "31.57.184.154:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:30", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 18:43:41", "1803875", "31.57.184.187:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:32", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:24", "1803866", "195.88.191.41:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:21", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-01 18:43:24", "1803867", "195.88.191.41:7666", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:21", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-05-01 18:43:22", "1803863", "192.227.232.124:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:15", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-01 18:43:19", "1803858", "185.212.128.80:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:06", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 18:43:19", "1803859", "185.212.128.85:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:06", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 18:43:16", "1803856", "173.211.106.231:21320", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:51", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 18:43:14", "1803853", "169.40.135.17:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:47", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:09", "1803849", "146.185.233.71:35412", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:07", "1803848", "134.122.162.29:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 18:43:15", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-01 18:43:05", "1803845", "109.227.59.160:4433", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:43:14", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-01 18:43:05", "1803846", "114.132.29.20:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 18:43:04", "1803842", "104.168.5.25:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:09", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 18:43:04", "1803843", "107.175.113.106:55", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:43:12", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch"
"2026-05-01 18:43:03", "1803841", "103.79.79.105:9001", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-07 18:43:07", "75", "False", "None", "drb-ra,PupyRAT,RAT", "0", "abuse_ch"
"2026-05-01 18:43:02", "1803840", "103.110.65.166:52223", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:05", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-01 14:44:50", "1803693", "8.222.192.153:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-01 14:44:47", "1803692", "64.83.42.94:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-01 14:44:44", "1803689", "47.236.91.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-01 14:44:20", "1803687", "118.25.178.35:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:57", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-01 14:44:09", "1803685", "secure-server.sbs", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-05-01 14:30:24", "1803670", "frr.ambil-disini.web.id", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:22:55", "100", "True", "None", "vidar", "0", "crep1x"
"2026-05-01 14:30:24", "1803671", "https://frr.ambil-disini.web.id/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:22:55", "100", "True", "None", "vidar", "0", "crep1x"
"2026-05-01 08:43:49", "1803514", "72.56.246.58:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:46:15", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-01 08:43:48", "1803512", "62.60.226.63:6856", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:11", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:48", "1803513", "64.89.163.114:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:13", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 08:43:46", "1803506", "5.101.86.57:1984", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:46", "1803507", "5.101.86.60:6798", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:01", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:46", "1803508", "5.101.86.76:1338", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:46", "1803509", "5.101.86.76:9323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:46", "1803510", "5.101.86.76:9521", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:46", "1803511", "5.101.86.78:9323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:04", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:45", "1803502", "5.101.81.81:4315", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:55", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:45", "1803503", "5.101.86.34:6913", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:45", "1803504", "5.101.86.4:2428", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:45", "1803505", "5.101.86.4:6448", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:00", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:44", "1803499", "46.151.182.71:22", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:44", "1803500", "47.103.106.26:2333", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:52", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 08:43:44", "1803501", "47.83.254.175:6321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:53", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 08:43:43", "1803498", "46.151.182.33:4747", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:50", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:40", "1803493", "4.236.165.30:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:38", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 08:43:38", "1803491", "31.58.58.168:51272", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:33", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:37", "1803490", "3.19.238.211:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:45:28", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-01 08:43:23", "1803486", "20.2.83.254:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:25", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 08:43:21", "1803483", "194.116.236.110:6161", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:18", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:20", "1803478", "190.2.150.52:853", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:12", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:20", "1803479", "192.159.99.131:1458", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 18:43:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:17", "1803476", "178.16.53.63:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 08:43:41", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:16", "1803473", "178.128.252.142:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:54", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-01 08:43:16", "1803475", "178.16.53.183:111", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:54", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:14", "1803470", "169.40.135.35:6158", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:47", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:13", "1803466", "163.5.102.110:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:44", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:13", "1803467", "163.5.102.110:2407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:44", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:13", "1803468", "163.5.102.99:6325", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:44", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:12", "1803464", "158.94.209.210:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:43:39", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-05-01 08:43:12", "1803465", "158.94.209.227:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:43:39", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-05-01 08:43:11", "1803460", "155.103.70.100:50030", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:11", "1803461", "155.103.70.100:50033", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:11", "1803462", "155.103.70.68:2323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:34", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:10", "1803457", "151.243.109.10:9323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:31", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:10", "1803458", "151.243.109.213:6325", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:31", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-05-01 08:43:09", "1803456", "146.190.133.216:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:28", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2026-05-01 08:43:08", "1803455", "143.202.105.137:9001", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:43:25", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-01 08:43:07", "1803452", "136.0.41.76:8443", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:20", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 08:43:05", "1803448", "111.229.144.163:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:14", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 08:43:03", "1803442", "103.140.238.45:8887", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:05", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-01 08:43:03", "1803443", "103.140.238.45:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:05", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-05-01 07:08:50", "1803389", "165.154.24.229:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:11", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2026-05-01 07:08:49", "1803387", "203.160.54.22:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:46:19", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-01 07:08:46", "1803385", "106.75.31.247:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:50", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-01 07:08:46", "1803386", "146.19.125.9:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 10:46:06", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-05-01 02:43:32", "1803286", "94.176.3.228:48765", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:31", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:32", "1803290", "98.81.111.167:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:33", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:32", "1803291", "98.97.125.70:8883", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:46:33", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:31", "1803279", "91.202.233.153:43555", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:28", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:31", "1803280", "91.215.85.151:47653", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:29", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:31", "1803284", "94.154.35.160:6466", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-07 18:45:46", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:31", "1803285", "94.154.35.73:1111", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-07 08:45:34", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:30", "1803275", "85.121.5.202:5689", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:23", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:30", "1803276", "85.155.186.2:3821", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:24", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:29", "1803269", "83.97.20.133:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-09 05:46:22", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:29", "1803271", "83.98.39.53:8443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-07 18:45:39", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:29", "1803272", "83.98.39.54:8443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-07 18:45:39", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:28", "1803262", "79.135.160.20:9999", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:28", "1803264", "80.96.113.212:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:19", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:27", "1803257", "66.163.115.78:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:27", "1803259", "68.64.178.130:9900", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:15", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:27", "1803260", "72.56.246.58:443", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:46:15", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:27", "1803261", "72.56.246.58:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:46:16", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:26", "1803251", "52.198.162.251:16000", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:07", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-01 02:43:26", "1803254", "62.81.188.1:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:46:11", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:26", "1803255", "66.163.115.78:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:26", "1803256", "66.163.115.78:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:14", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:25", "1803245", "45.95.232.195:54655", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:49", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:25", "1803246", "46.101.77.223:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:45:49", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:25", "1803249", "5.42.221.153:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:46:06", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:24", "1803239", "45.155.69.175:42455", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:46", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:24", "1803240", "45.56.91.55:2003", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:47", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:24", "1803244", "45.81.243.52:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:49", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:23", "1803235", "45.125.67.171:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:43", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:23", "1803236", "45.144.137.216:38271", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:45", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:23", "1803238", "45.155.69.106:42211", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:46", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:22", "1803230", "38.76.217.23:9443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:38", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:22", "1803231", "43.134.133.177:8445", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-09 05:45:41", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:22", "1803232", "43.142.77.170:443", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:45:41", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:22", "1803233", "43.142.77.170:80", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:45:41", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:22", "1803234", "43.160.225.40:39001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:42", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:21", "1803224", "31.57.184.48:6523", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:32", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:21", "1803225", "37.72.140.15:5555", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:35", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:21", "1803228", "38.54.119.24:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:37", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:21", "1803229", "38.60.134.130:62858", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:45:38", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:20", "1803218", "222.255.100.119:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:45:26", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:20", "1803219", "23.227.203.6:42235", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:26", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:20", "1803222", "31.57.184.154:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:31", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:19", "1803211", "216.107.208.250:10444", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-09 05:44:34", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:19", "1803214", "217.60.38.14:14421", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:25", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:19", "1803215", "219.142.15.101:4353", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:45:25", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:19", "1803216", "220.231.47.163:4353", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:45:25", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:19", "1803217", "221.130.42.19:4353", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:45:25", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:18", "1803204", "207.107.147.42:4438", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-09 05:44:28", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:18", "1803205", "208.249.244.20:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-09 05:44:30", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:18", "1803206", "209.151.145.164:8443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:44:30", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:18", "1803208", "212.227.93.107:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:32", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:18", "1803210", "213.199.35.149:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:44:33", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:17", "1803199", "2.27.29.65:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:23", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:17", "1803200", "202.171.43.176:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:26", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-01 02:43:17", "1803201", "202.181.24.236:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:26", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-01 02:43:17", "1803202", "202.95.17.188:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:27", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:17", "1803203", "206.189.40.107:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:28", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-01 02:43:15", "1803190", "193.112.115.127:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:15", "1803192", "193.23.137.40:3334", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:17", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:14", "1803180", "185.242.3.83:9909", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:09", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:14", "1803181", "185.247.224.40:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:09", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:13", "1803173", "185.212.128.81:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:06", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:13", "1803174", "185.212.129.23:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:07", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:13", "1803175", "185.212.129.24:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:07", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:13", "1803176", "185.212.129.29:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:07", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:13", "1803177", "185.212.129.30:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:07", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:13", "1803178", "185.213.20.250:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:08", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:13", "1803179", "185.242.245.120:42534", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:09", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:12", "1803166", "180.184.29.135:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:57", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:12", "1803167", "182.255.45.114:4848", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:03", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:12", "1803168", "185.122.171.4:44355", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:03", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:12", "1803171", "185.212.128.25:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:05", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:12", "1803172", "185.212.128.48:9000", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:44:06", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:11", "1803161", "178.16.52.105:207", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-07 08:43:40", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:11", "1803162", "178.16.52.22:8396", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:54", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:10", "1803158", "173.211.106.231:21321", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:51", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:10", "1803159", "173.242.59.199:8888", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:52", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:09", "1803148", "162.243.100.39:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:42", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:09", "1803149", "162.243.64.101:3333", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-06-09 05:43:42", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch"
"2026-05-01 02:43:09", "1803152", "172.111.162.252:3030", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:48", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:09", "1803153", "172.9.165.216:8096", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:43:51", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:09", "1803154", "172.93.144.164:8580", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:51", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:08", "1803140", "153.75.224.159:5400", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-09 05:43:32", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:08", "1803141", "154.219.115.123:60001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:32", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:08", "1803142", "156.238.236.249:7930", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-07 18:43:27", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:08", "1803145", "161.248.179.92:1111", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:41", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:08", "1803146", "161.248.179.92:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:41", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:08", "1803147", "162.14.124.25:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:42", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:07", "1803134", "149.104.28.204:3656", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:29", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:07", "1803139", "151.236.4.135:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-06-09 05:43:31", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:06", "1803127", "142.93.88.220:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:25", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-05-01 02:43:05", "1803121", "134.175.253.242:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:20", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:05", "1803124", "138.124.113.131:4211", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:21", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:05", "1803125", "138.197.119.51:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:22", "75", "False", "None", "Covenant,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:05", "1803126", "139.64.164.72:63337", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:43:23", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:04", "1803114", "115.42.60.122:5440", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:16", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:04", "1803115", "117.72.101.55:9520", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:43:17", "75", "False", "None", "CHAOS,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:04", "1803119", "130.94.23.39:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:20", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:03", "1803107", "103.151.52.35:3306", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-07 08:43:05", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:03", "1803108", "103.57.250.99:41895", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:08", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:03", "1803109", "103.75.190.47:54630", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:09", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2026-05-01 02:43:03", "1803110", "104.234.174.93:57712", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:10", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:03", "1803111", "106.55.71.62:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:12", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:03", "1803112", "114.132.133.191:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:15", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-05-01 02:43:03", "1803113", "115.190.247.97:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:16", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2026-04-30 18:43:45", "1802897", "82.156.219.31:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-30 18:43:33", "1802895", "39.105.74.52:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 10:46:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-30 18:43:33", "1802896", "39.105.74.52:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 10:46:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-30 18:43:30", "1802894", "193.53.127.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-30 18:43:10", "1802892", "www.microsslcheck.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-30 18:43:09", "1802891", "releases-export-finishing-phillips.trycloudflare.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 10:45:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-30 12:55:24", "1802724", "101.43.29.69:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:48", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-04-30 05:46:39", "1802286", "aeronbranding.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:29", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-04-30 05:46:36", "1802288", "dokunmatikekrandegisimi.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 07:53:32", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz"
"2026-04-29 15:18:41", "1802153", "103.140.238.45:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:05", "75", "False", "", "Sliver", "0", "whoamix302"
"2026-04-29 14:43:42", "1802141", "82.156.62.131:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:37", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-29 14:43:28", "1802139", "217.154.212.25:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:17", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-29 14:43:24", "1802138", "156.245.147.98:9010", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-29 14:43:11", "1802137", "100.113.210.8:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:46", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-29 07:49:06", "1801960", "156.245.147.101:9010", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:10", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-04-28 14:43:02", "1801679", "1318289497-6hwi9hel8e.ap-beijing.tencentscf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-27 11:02:18", "1800975", "45.43.59.179:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:24", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-27 10:46:10", "1800972", "ns1.twnic.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-27 10:43:32", "1800970", "cc.twnic.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-27 08:25:23", "1800903", "107.172.252.244:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:51", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2026-04-27 08:23:19", "1800899", "147.78.2.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:06", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-04-27 08:22:39", "1800898", "45.130.148.102:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:23", "100", "False", "None", "CobaltStrike,cs-watermark-305419896", "0", "abuse_ch"
"2026-04-27 04:47:42", "1800672", "82.165.179.9:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:20", "75", "False", "https://bazaar.abuse.ch/sample/dc7926a343bf4a612ebd57924bd5e3a6df997164b090c662855f2f3e6e91c930/", "asyncrat", "0", "abuse_ch"
"2026-04-26 19:14:08", "1800528", "http://pillow.riverbridge.site", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:22:34", "75", "False", "None", "ipocalur,Vidar", "0", "abuse_ch"
"2026-04-26 18:19:19", "1800509", "pillow.riverbridge.site", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:22:34", "100", "False", "https://bazaar.abuse.ch/sample/2199baf11d50dd10555f8aec122178e03b62570fc0d4614a8e928978dc547154/", "ipocalur,Vidar", "0", "abuse_ch"
"2026-04-26 18:11:00", "1800411", "http://91.92.242.236/oPvjr94jfe/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-08 09:07:43", "100", "False", "None", "54e64e,amadey,c2", "0", "Bitsight"
"2026-04-26 18:08:56", "1800496", "2.26.133.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 12:46:12", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-04-26 08:48:33", "1800301", "156.245.147.98:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-26 08:43:33", "1800299", "dd.googleos-js.vip", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-26 08:43:30", "1800298", "d2.googleos-js.vip", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-25 14:39:53", "1799966", "91.92.242.228:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 18:45:44", "75", "False", "", "None", "0", "whoamix302"
"2026-04-25 14:21:21", "1800020", "8.136.97.98:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:33", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2026-04-25 14:17:33", "1800017", "124.222.75.188:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:04", "100", "False", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch"
"2026-04-24 15:18:06", "1797248", "psy.flise-mesteren.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:22:12", "75", "False", "None", "r88vry,Vidar", "0", "abuse_ch"
"2026-04-24 15:18:01", "1797247", "https://psy.flise-mesteren.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:22:12", "75", "False", "None", "r88vry,Vidar", "0", "abuse_ch"
"2026-04-24 08:14:10", "1797062", "31.56.209.78:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:29", "75", "False", "", "Remcos,RemcosRAT,Remvio,Socmer", "0", "whoamix302"
"2026-04-23 04:45:34", "1796426", "http://196.251.107.248/kont2rt/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-09 06:13:40", "100", "False", "None", "Amadey", "0", "abuse_ch"
"2026-04-22 20:53:22", "1796313", "192.210.174.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-22 20:50:52", "1796311", "141.227.135.62:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-22 14:30:19", "1796097", "47.94.162.43:2222", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:30", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-04-22 11:17:13", "1796068", "wrath.bottlevacuum.shop", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:22:23", "75", "False", "None", "opiusra,Vidar", "0", "abuse_ch"
"2026-04-22 11:17:09", "1796067", "http://wrath.bottlevacuum.shop", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:22:23", "75", "False", "None", "opiusra,Vidar", "0", "abuse_ch"
"2026-04-22 10:36:10", "1796009", "82.156.62.131:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:37", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-04-21 14:54:03", "1795599", "43.225.158.58:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-21 14:46:24", "1795596", "ws1.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-21 14:46:21", "1795595", "ws.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-21 11:31:32", "1795513", "103.97.176.69:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:48", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-04-19 18:25:29", "1794638", "http://213.5.130.87", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:42", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-04-19 15:48:58", "1794558", "82.156.90.136:9180", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:37", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-04-18 02:46:54", "1793918", "121.4.92.72:1111", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:00", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-17 22:15:11", "1793814", "https://dustyductsbegone.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-17 21:15:07", "1793754", "https://camtechpotiskum.edu.ng/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-17 20:50:11", "1793739", "43.230.200.254:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-17 20:44:37", "1793738", "ns2.jane2010.filegear-sg.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-17 20:44:14", "1793737", "ns1.jane2010.filegear-sg.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-17 18:15:06", "1793645", "http://213.5.130.147", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:42", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-04-17 17:13:27", "1793617", "ask.shurimaster.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:21:29", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch"
"2026-04-17 17:13:25", "1793616", "https://ask.shurimaster.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:21:29", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch"
"2026-04-17 15:17:52", "1793584", "155.103.71.232:15407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:35", "75", "False", "https://x.com/K_N1kolenko/status/2045099146856599584", "RAT,RemcosRAT", "0", "abuse_ch"
"2026-04-16 20:15:13", "1793032", "https://casobrar.com.br/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-16 19:15:08", "1792955", "https://kidsandtas.edu.do/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 22:00:16", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-16 16:13:58", "1792850", "pir.rapidphonebuyer.co.uk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:19:11", "75", "False", "None", "d0b0p,Vidar", "0", "abuse_ch"
"2026-04-16 16:13:56", "1792849", "https://pir.rapidphonebuyer.co.uk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:19:11", "75", "False", "None", "d0b0p,Vidar", "0", "abuse_ch"
"2026-04-16 11:16:20", "1792719", "gusto.brothbridge.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:21:51", "75", "False", "None", "odiznrio,Vidar", "0", "abuse_ch"
"2026-04-16 11:16:17", "1792718", "http://gusto.brothbridge.space", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:21:51", "75", "False", "None", "odiznrio,Vidar", "0", "abuse_ch"
"2026-04-16 10:57:49", "1792708", "47.109.23.77:4567", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 10:46:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-16 10:56:58", "1792707", "43.167.177.224:7778", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-16 02:43:39", "1792532", "bxx2rghe05kng.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-15 11:43:19", "1791747", "http://107.189.24.190:80", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:16:30", "75", "False", "None", "gr00n1,Vidar", "0", "abuse_ch"
"2026-04-15 11:39:45", "1791738", "139.224.23.63:8866", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:05", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-04-15 08:15:17", "1791688", "venom.summertunnel.shop", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:21:40", "75", "False", "None", "ozpifus,Vidar", "0", "abuse_ch"
"2026-04-15 08:15:13", "1791687", "http://venom.summertunnel.shop", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:21:40", "75", "False", "None", "ozpifus,Vidar", "0", "abuse_ch"
"2026-04-15 03:15:14", "1791341", "https://infocus.tn/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:23", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 18:35:26", "1790897", "http://185.183.35.120", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:41", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-04-14 16:03:14", "1790859", "lts.cloudvaly.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:13:38", "75", "False", "None", "ho0r1,Vidar", "0", "abuse_ch"
"2026-04-14 16:03:10", "1790857", "https://lts.cloudvaly.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:13:38", "75", "False", "None", "ho0r1,Vidar", "0", "abuse_ch"
"2026-04-14 14:11:23", "1790171", "dzodu.sparklingideas.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:20:57", "75", "False", "None", "odzdkzo,Vidar", "0", "abuse_ch"
"2026-04-14 14:11:18", "1790170", "http://dzodu.sparklingideas.space", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:20:57", "75", "False", "None", "odzdkzo,Vidar", "0", "abuse_ch"
"2026-04-14 14:10:11", "1790169", "http://kdije.weirdthings.site", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:18:07", "75", "False", "None", "okfueh,Vidar", "0", "abuse_ch"
"2026-04-14 13:17:58", "1789930", "https://amici-di-pogrande.it/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 13:17:18", "1789788", "https://erossiconsultoria.com.br/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:23", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 13:16:01", "1789560", "https://ebuydepot.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 02:00:08", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 13:15:12", "1789408", "https://balkanrefugeenetwork.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 13:15:10", "1789402", "https://allcountiesroofingltd.co.uk/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 12:17:29", "1789134", "https://gomberg.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 12:17:17", "1789098", "https://zark.ltd/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 02:30:08", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 12:16:51", "1789019", "https://berlin21.info/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 12:15:45", "1788815", "https://southasianher.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:22", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:39:38", "1788449", "https://clearskyfarms.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 18:00:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:38:09", "1788122", "https://pompes-funebres-defruit.fr/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 03:30:16", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:37:34", "1787989", "https://viagmmy.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:22", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:35:55", "1787629", "https://joannedeitsch.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:23", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:34:32", "1787353", "https://jkbuildersg.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-09 03:30:16", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:33:59", "1787235", "https://ruetraverse.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:22", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:33:45", "1787189", "https://bbchurch.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:33:19", "1787104", "https://faculdadedamoda.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:33:17", "1787094", "https://dropstars.ai/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:33:03", "1787049", "https://mediweightloss.com.au/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:23", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:32:51", "1787027", "https://cannabis-dna.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-09 06:15:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 11:32:32", "1786954", "https://thepesthunter.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:22", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 09:48:39", "1786768", "https://vernerestaurant.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:22", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 09:48:38", "1786766", "https://visualimpressao.com.br/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 14:30:18", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 09:47:50", "1786601", "https://stroycenter.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:22", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 09:46:53", "1786409", "https://legalmarketing.shop/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 12:00:20", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 09:45:13", "1786095", "https://healgram.gr/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 02:00:08", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 09:43:35", "1785783", "https://stampcollectshop.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-08 10:00:22", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch"
"2026-04-14 06:06:10", "1785529", "http://185.183.35.206", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:42", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-04-14 05:10:44", "1785317", "140.143.207.166:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:24", "100", "False", "", "C2,Mythic", "0", "whoamix302"
"2026-04-13 18:05:42", "1785272", "bj88jpn.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-07 15:17:35", "100", "False", "https://tria.ge/260413-sxpycsbs9q", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2026-04-13 07:47:21", "1785064", "pre.hifive.net.au", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:20:36", "100", "False", "", "Vidar", "0", "crep1x"
"2026-04-13 07:46:34", "1785049", "https://pre.hifive.net.au/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:20:36", "100", "False", "", "Vidar", "0", "crep1x"
"2026-04-12 07:02:44", "1784575", "156.239.47.94:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:10", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-04-12 06:34:43", "1784558", "47.104.248.7:8884", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:25", "100", "False", "", "Agentemis,BEACON,C2,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-04-11 12:10:14", "1784256", "45.74.244.142:18433", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:48", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch"
"2026-04-11 07:06:58", "1783725", "120.48.18.226:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:59", "100", "False", "", "Agentemis,BEACON,C2,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-04-11 07:06:51", "1783757", "etokrol.lol", "domain", "botnet_cc", "js.iclickfix", "None", "IClickFix", "2026-06-08 17:54:05", "100", "False", "", "clickfix", "1", "m_govcert_ch"
"2026-04-11 07:06:31", "1783849", "https://cdn.mensualgeneratr.com/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-06-09 05:59:36", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight"
"2026-04-11 06:36:58", "1784155", "101.35.214.58:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:47", "100", "False", "None", "CobaltStrike,cs-watermark-305419896", "0", "abuse_ch"
"2026-04-09 18:00:35", "1783509", "bj888.email", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-08 10:23:16", "100", "False", "https://tria.ge/260409-td2ngsft2s", "quasar", "0", "dyingbreeds_"
"2026-04-09 18:00:35", "1783510", "bj88indo.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-07 15:17:35", "100", "False", "https://tria.ge/260409-td2ngsft2s", "quasar", "0", "dyingbreeds_"
"2026-04-09 14:48:47", "1783375", "39.102.125.11:4435", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:20", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-08 04:40:11", "1782616", "marketing.gundf.de", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "2026-06-08 18:00:44", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch"
"2026-04-07 23:06:40", "1782524", "82.165.179.9:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:46:20", "75", "False", "https://bazaar.abuse.ch/sample/4c3b97c157d08ee298edb5d30fa86a3b90b04fedfbe517e7e0307b6013eacbf0/", "asyncrat", "0", "abuse_ch"
"2026-04-07 07:46:05", "1782182", "dzdi.serendipityhub.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:20:25", "100", "False", "", "Vidar", "0", "crep1x"
"2026-04-07 07:43:55", "1782152", "http://dzdi.serendipityhub.space/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:20:25", "100", "False", "", "Vidar", "0", "crep1x"
"2026-04-06 18:49:49", "1781907", "43.139.108.161:8192", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:20", "100", "False", "", "Agentemis,BEACON,C2,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302"
"2026-04-06 02:47:20", "1781593", "47.76.96.68:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-05 16:11:44", "1781533", "kjkgsi-gsjgkan-wintersga.pages.dev", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2026-06-07 15:07:03", "100", "False", "", "macOS", "0", "HuntYethHounds"
"2026-04-04 20:44:05", "1781225", "111.230.217.36:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-04 20:44:01", "1781224", "109.244.130.113:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-04-03 16:13:22", "1780720", "hor.kaitorinihon.jp", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:19:33", "100", "False", "", "Vidar", "0", "crep1x"
"2026-04-03 16:12:59", "1780716", "https://hor.kaitorinihon.jp/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:19:33", "100", "False", "", "Vidar", "0", "crep1x"
"2026-04-01 15:29:27", "1780145", "solstice-line-drift.pro", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "2026-06-08 05:41:28", "100", "False", "https://bazaar.abuse.ch/sample/97b9baa6e486c6515f4eff4e625dcec79907d785255c40c070a53cb98f13fa35/", "DeerStealer", "0", "abuse_ch"
"2026-04-01 10:45:34", "1780037", "164.92.67.70:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:45", "50", "False", "https://www.shodan.io/host/164.92.67.70#443", "c2,havoc,shodan", "0", "juroots"
"2026-03-29 14:01:09", "1778235", "florida-grower.com", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "75", "False", "https://www.virustotal.com/gui/ip-address/91.236.230.17", "BlueVPS,Bumblebee,IAB,phishing", "0", "Lenny_3BO"
"2026-03-29 14:01:08", "1778234", "ms365-team.com", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "75", "False", "https://www.virustotal.com/gui/ip-address/91.236.230.17", "BlueVPS,Bumblebee,IAB,phishing", "0", "Lenny_3BO"
"2026-03-29 14:01:07", "1778236", "tmegramapps.com", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "75", "False", "https://www.virustotal.com/gui/ip-address/91.236.230.17", "BlueVPS,Bumblebee,IAB,phishing", "0", "Lenny_3BO"
"2026-03-29 14:01:07", "1778237", "endpointmapperprocess.com", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "75", "False", "https://www.virustotal.com/gui/ip-address/91.236.230.17", "BlueVPS,Bumblebee,IAB,phishing", "0", "Lenny_3BO"
"2026-03-29 14:01:06", "1778238", "pepedrop.yachts", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "75", "False", "https://www.virustotal.com/gui/ip-address/91.236.230.17", "BlueVPS,Bumblebee,IAB,phishing", "0", "Lenny_3BO"
"2026-03-28 14:56:18", "1777986", "47.122.47.221:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-03-27 21:24:29", "1777607", "pn2.skfilmsint.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:18:18", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 21:24:29", "1777609", "gre.syslicense.net", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:17:46", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 21:24:29", "1777611", "fefeo.iknowthat.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:18:39", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 21:24:17", "1777601", "https://pn2.skfilmsint.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:18:18", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 21:24:17", "1777603", "https://gre.syslicense.net/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:17:46", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 21:24:17", "1777605", "http://fefeo.iknowthat.space/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:18:39", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 12:01:30", "1777296", "185.242.3.83:2202", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:09", "100", "False", "https://search.censys.io/hosts/185.242.3.83", "AS60223,AsyncRAT,C2,censys,NETIFACE-AS,RAT", "0", "DonPasci"
"2026-03-27 00:01:49", "1777022", "161.248.179.38:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:41", "100", "False", "https://search.censys.io/hosts/161.248.179.38", "AS150895,AsyncRAT,C2,censys,EZTECH-VN,RAT", "0", "DonPasci"
"2026-03-27 00:00:31", "1777014", "49.234.199.152:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:31", "100", "False", "https://search.censys.io/hosts/49.234.199.152", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2026-03-26 14:59:36", "1776672", "158.94.209.95:80", "ip:port", "botnet_cc", "win.gcleaner", "None", "GCleaner", "2026-06-09 05:49:59", "100", "False", "None", "GCleaner,loader", "0", "Bitsight"
"2026-03-25 20:00:39", "1776411", "83.229.127.46:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:38", "100", "False", "https://search.censys.io/hosts/83.229.127.46", "AS139659,C2,censys,CobaltStrike,cs-watermark-666666666,LUCID-AS-AP", "0", "DonPasci"
"2026-03-25 07:08:19", "1775338", "47.120.20.86:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:26", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-03-24 12:01:13", "1774903", "37.72.172.58:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:35", "100", "False", "https://search.censys.io/hosts/37.72.172.58", "AS29802,AsyncRAT,C2,censys,HVC-AS,RAT", "0", "DonPasci"
"2026-03-24 12:00:35", "1774898", "47.92.208.27:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:30", "100", "False", "https://search.censys.io/hosts/47.92.208.27", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2026-03-23 21:06:09", "1774595", "154.83.12.132:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:09", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-03-23 15:31:32", "1774403", "sdkconnect121.st", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-08 10:57:37", "100", "False", "https://github.com/deepfield/public-research/blob/main/cecbot/iocs/domains.csv", "CECbot", "0", "abuse_ch"
"2026-03-23 13:42:00", "1774355", "kdije.weirdthings.site", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:18:08", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-23 08:02:27", "1774216", "msi.swadeshcomputer.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:17:13", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-23 08:01:55", "1774200", "https://msi.swadeshcomputer.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:17:13", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-23 08:01:13", "1774191", "45.77.22.230:443", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "2026-06-09 05:45:48", "100", "False", "https://search.censys.io/hosts/45.77.22.230", "AS-VULTR,AS20473,C2,censys,Posh", "0", "DonPasci"
"2026-03-23 06:56:52", "1774142", "115.191.25.159:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:54", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-03-22 20:01:13", "1773942", "100.52.66.182:8080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:03", "100", "False", "https://search.censys.io/hosts/100.52.66.182", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci"
"2026-03-22 18:02:20", "1773536", "156.239.252.191:448", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:09", "100", "False", "", "BEACON,C2,CobaltStrike,Shodan", "0", "whoamix302"
"2026-03-22 12:01:29", "1773754", "138.226.236.52:13212", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:22", "100", "False", "https://search.censys.io/hosts/138.226.236.52", "AdaptixC2,AS205775,C2,censys,NEONCORENETWORKS", "0", "DonPasci"
"2026-03-21 20:00:25", "1773380", "47.76.96.68:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:29", "100", "False", "https://search.censys.io/hosts/47.76.96.68", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2026-03-20 16:00:44", "1772653", "5.101.86.72:3305", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:03", "100", "False", "https://search.censys.io/hosts/5.101.86.72", "AS-GLOBALTELEHOST,AS62563,C2,censys,RAT,Remcos", "0", "DonPasci"
"2026-03-20 16:00:21", "1772652", "101.35.95.103:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:47", "100", "False", "https://search.censys.io/hosts/101.35.95.103", "AS45090,C2,censys,CobaltStrike,cs-watermark-0,TENCENT-NET-AP", "0", "DonPasci"
"2026-03-20 13:59:59", "1772372", "pr2.codetohaven.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:17:02", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-20 13:59:49", "1772370", "https://pr2.codetohaven.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:17:02", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-20 12:55:47", "1772326", "zmzk2dyqak0lcsej.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:46", "1772305", "y7dcrc1ssuhvpzm4.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:46", "1772322", "za0994spazvcyo39.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:45", "1772290", "wjhc5uqb3nine0qv.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:45", "1772293", "x0p7kv4g5g27h7to.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:44", "1772256", "tk0mqqvqzjunlyv6.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:43", "1772242", "rdv2slcujtsiga6c.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:41", "1772197", "khbilua706wrezbf.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:41", "1772200", "l7wgh93czcwqhlyt.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:30", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:40", "1772158", "hcbh8ykvhlaq13ga.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:30", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:39", "1772145", "fao70xbsy9gff0ll.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:39", "1772150", "gebyqsk76vri0ocd.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:38", "1772128", "dvteixixhs2m8ryu.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 12:55:35", "1772047", "21wg02hmrp1ldfn7.org", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://bazaar.abuse.ch/sample/0c9569cf1f8592b1e60e81d2bede54ca33a228955696b6d996e8cc0f7ff09732/", "BumbleBee", "0", "abuse_ch"
"2026-03-20 06:42:00", "1771875", "182.255.44.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:13", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-03-20 00:02:12", "1771791", "8.136.13.87:7001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:17", "100", "False", "https://search.censys.io/hosts/8.136.13.87", "AdaptixC2,ALIBABA-CN-NET,AS37963,C2,censys", "0", "DonPasci"
"2026-03-19 20:02:51", "1771714", "45.136.13.247:43211", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:44", "100", "False", "https://search.censys.io/hosts/45.136.13.247", "AdaptixC2,AS139659,C2,censys,LUCID-AS-AP", "0", "DonPasci"
"2026-03-19 20:02:47", "1771713", "167.17.47.121:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:45", "100", "False", "https://search.censys.io/hosts/167.17.47.121", "AdaptixC2,AS43180,C2,censys,TRUNKNETWORKS-AS", "0", "DonPasci"
"2026-03-19 13:11:25", "1771456", "dhzuadd.hellothere.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:17:35", "75", "False", "None", "drkfiz,Vidar", "0", "abuse_ch"
"2026-03-19 13:11:20", "1771455", "https://dhzuadd.hellothere.sbs", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:17:35", "75", "False", "None", "drkfiz,Vidar", "0", "abuse_ch"
"2026-03-19 04:00:37", "1771235", "85.206.168.238:888", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:24", "100", "False", "https://search.censys.io/hosts/85.206.168.238", "AS61272,C2,censys,IST-AS,RAT,Remcos", "0", "DonPasci"
"2026-03-19 00:00:22", "1771152", "165.154.244.77:2562", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:11", "100", "False", "https://search.censys.io/hosts/165.154.244.77", "AS142002,C2,censys,CobaltStrike,cs-watermark-987654321,SCLOUDPTELTD-AS", "0", "DonPasci"
"2026-03-18 04:00:18", "1769955", "43.138.39.212:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:20", "100", "False", "https://search.censys.io/hosts/43.138.39.212", "AS45090,C2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci"
"2026-03-17 20:03:22", "1769709", "172.86.107.196:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:43:50", "100", "False", "https://search.censys.io/hosts/172.86.107.196", "AS14956,C2,censys,Pupy,RAT,ROUTERHOSTING", "0", "DonPasci"
"2026-03-17 04:01:23", "1769012", "88.218.60.191:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:26", "100", "False", "https://search.censys.io/hosts/88.218.60.191", "AdaptixC2,AS48282,C2,censys,VDSINA-AS", "0", "DonPasci"
"2026-03-17 02:48:23", "1768984", "156.245.144.203:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-03-17 00:01:17", "1768940", "20.29.10.79:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:26", "100", "False", "https://search.censys.io/hosts/20.29.10.79", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Mythic", "0", "DonPasci"
"2026-03-16 20:01:10", "1768644", "35.179.229.71:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:34", "100", "False", "https://search.censys.io/hosts/35.179.229.71", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci"
"2026-03-16 10:41:19", "1767951", "http://82.38.71.155/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-06-09 06:10:04", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight"
"2026-03-15 16:00:41", "1767077", "185.242.3.83:5505", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:09", "100", "False", "https://search.censys.io/hosts/185.242.3.83", "AS60223,AsyncRAT,C2,censys,NETIFACE-AS,RAT", "0", "DonPasci"
"2026-03-15 14:49:59", "1767015", "156.245.144.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-03-15 14:49:59", "1767016", "156.245.144.203:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-03-15 06:51:25", "1766813", "119.29.117.194:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:59", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-03-15 04:01:14", "1766764", "202.191.67.71:50003", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:27", "100", "False", "https://search.censys.io/hosts/202.191.67.71", "AdaptixC2,AS131262,C2,censys,KELNET-AS-AP", "0", "DonPasci"
"2026-03-14 17:20:41", "1766343", "cdn-2faclov.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-08 21:20:18", "85", "False", "https://www.sekoia.io/en/blog/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/", "clearfake,clickfix,errtraffic", "0", "Lenny_3BO"
"2026-03-14 17:20:41", "1766344", "winecdn.sbs", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-08 21:20:19", "85", "False", "https://www.sekoia.io/en/blog/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/", "clearfake,clickfix,errtraffic", "0", "Lenny_3BO"
"2026-03-14 17:20:41", "1766345", "mrllvd.beer", "domain", "botnet_cc", "js.clearfake", "None", "ClearFake", "2026-06-08 21:20:18", "85", "False", "https://www.sekoia.io/en/blog/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/", "clearfake,clickfix,errtraffic", "0", "Lenny_3BO"
"2026-03-14 08:00:55", "1765787", "5.101.82.60:2509", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:57", "100", "False", "https://search.censys.io/hosts/5.101.82.60", "AS-GLOBALTELEHOST,AS63023,C2,censys,RAT,Remcos", "0", "DonPasci"
"2026-03-13 15:06:16", "1765444", "pan.paihost.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:16:20", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-13 15:05:58", "1765442", "https://pan.paihost.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:16:19", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-13 11:28:03", "1764993", "3000vps.kozow.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-07 15:17:35", "50", "False", "", "c2,dcrat", "0", "juroots"
"2026-03-13 04:01:11", "1764276", "46.151.182.205:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:50", "100", "False", "https://search.censys.io/hosts/46.151.182.205", "AS205759,AsyncRAT,C2,censys,GHOSTYNETWORKS,RAT", "0", "DonPasci"
"2026-03-12 00:02:50", "1763830", "20.104.107.19:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:24", "100", "False", "https://search.censys.io/hosts/20.104.107.19", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci"
"2026-03-11 23:00:21", "1763737", "130.12.182.209:9456", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-09 05:43:19", "100", "False", "https://tria.ge/260311-zw3w6adw5k", "quasar", "0", "dyingbreeds_"
"2026-03-11 16:01:48", "1763543", "159.138.31.252:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:40", "100", "False", "https://search.censys.io/hosts/159.138.31.252", "AS136907,C2,censys,HWCLOUDS-AS-AP,Mythic", "0", "DonPasci"
"2026-03-11 12:01:42", "1763331", "77.237.245.173:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:16", "100", "False", "https://search.censys.io/hosts/77.237.245.173", "AS51167,C2,censys,CONTABO,Covenant", "0", "DonPasci"
"2026-03-11 07:03:38", "1763170", "60.247.206.23:7443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:32", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2026-03-10 16:00:58", "1762854", "85.206.168.238:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:24", "100", "False", "https://search.censys.io/hosts/85.206.168.238", "AS61272,C2,censys,IST-AS,RAT,Remcos", "0", "DonPasci"
"2026-03-10 00:01:13", "1762492", "107.172.3.15:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:12", "100", "False", "https://search.censys.io/hosts/107.172.3.15", "AS-COLOCROSSING,AS36352,C2,censys,Mythic", "0", "DonPasci"
"2026-03-09 21:47:27", "1762462", "38.147.170.252:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 10:46:16", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-03-09 09:29:37", "1762153", "ooe.myserver.com.bd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:16:09", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-09 09:29:17", "1762131", "https://ooe.myserver.com.bd/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:16:09", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-09 08:43:24", "1762086", "mullenpalimpseststudio.com", "domain", "botnet_cc", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "2026-06-08 05:41:28", "100", "False", "https://tria.ge/260306-g134lsgs2p", "c2,domain,HijackLoader,triage", "0", "DonPasci"
"2026-03-07 08:01:02", "1760833", "20.100.168.21:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:24", "100", "False", "https://search.censys.io/hosts/20.100.168.21", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Mythic", "0", "DonPasci"
"2026-03-06 00:01:40", "1759331", "194.36.178.53:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:20", "100", "False", "https://search.censys.io/hosts/194.36.178.53", "AdaptixC2,AS200740,C2,censys,FIRST-SERVER-EU-AS", "0", "DonPasci"
"2026-03-05 06:17:58", "1758456", "http://213.5.130.197", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:43", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-03-05 06:17:57", "1758457", "http://213.5.130.154", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:39", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-03-05 06:17:56", "1758458", "http://213.5.130.200", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:43", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-03-05 06:17:55", "1758459", "http://213.5.130.131", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:41", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-03-05 06:17:54", "1758460", "http://213.5.130.179", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:41", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-03-05 06:17:54", "1758461", "http://213.5.130.189", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:43", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-03-04 04:01:12", "1758006", "70.153.18.45:10002", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:15", "100", "False", "https://search.censys.io/hosts/70.153.18.45", "AS8075,censys,EvilGoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,panel,Phishing", "0", "DonPasci"
"2026-03-03 00:00:51", "1757096", "77.90.185.21:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:16", "100", "False", "https://search.censys.io/hosts/77.90.185.21", "AS213790,C2,censys,LIMITEDNETWORK-AS,RAT,Remcos", "0", "DonPasci"
"2026-03-02 15:30:09", "1756955", "104.243.248.63:1801", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:10", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch"
"2026-03-02 09:31:49", "1756664", "ctl.it-bd.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:15:37", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-02 09:30:33", "1756622", "https://ctl.it-bd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 05:15:37", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-01 14:27:15", "1756333", "171.22.181.114:38990", "ip:port", "botnet_cc", "elf.pink", "None", "Pink", "2026-06-07 09:34:13", "100", "False", "None", "Pink", "0", "Bitsight"
"2026-02-28 11:00:05", "1755728", "188.227.14.105:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:13", "100", "False", "https://search.censys.io/hosts/188.227.14.105", "AS35000,C2,censys", "0", "dyingbreeds_"
"2026-02-26 07:04:33", "1754986", "47.84.183.211:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:54", "100", "False", "https://search.censys.io/hosts/47.84.183.211", "AS45102,C2,censys", "0", "dyingbreeds_"
"2026-02-25 20:02:24", "1754813", "47.120.20.86:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:26", "100", "False", "https://search.censys.io/hosts/47.120.20.86", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2026-02-25 19:01:08", "1754671", "115.190.250.28:5521", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:54", "100", "False", "https://search.censys.io/hosts/115.190.250.28", "AS137718,C2,censys", "0", "dyingbreeds_"
"2026-02-25 09:05:20", "1754439", "185.72.8.121:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:10", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-02-25 09:05:18", "1754438", "185.72.8.121:1032", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:10", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-02-24 23:00:13", "1754326", "vps3000.kozow.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-07 15:17:35", "100", "False", "https://tria.ge/260224-yc1f9ahv5d", "AsyncRAT", "0", "dyingbreeds_"
"2026-02-23 23:00:07", "1753846", "64.89.161.183:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:32", "100", "False", "https://search.censys.io/hosts/64.89.161.183", "AS205759,C2,censys,GHOSTYNETWORKS", "0", "dyingbreeds_"
"2026-02-23 10:07:22", "1753479", "glo.gadgetwalabd.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:15:04", "100", "False", "", "Vidar", "0", "crep1x"
"2026-02-23 10:06:47", "1753432", "https://glo.gadgetwalabd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:15:04", "100", "False", "", "Vidar", "0", "crep1x"
"2026-02-21 08:01:40", "1751483", "45.116.104.104:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:43", "100", "False", "https://search.censys.io/hosts/45.116.104.104", "AS215481,C2,censys,FLEXYNODE-AS,Mythic", "0", "DonPasci"
"2026-02-21 03:00:07", "1751453", "47.104.159.246:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:25", "100", "False", "https://search.censys.io/hosts/47.104.159.246", "AS37963,C2,censys", "0", "dyingbreeds_"
"2026-02-20 11:00:06", "1751104", "107.172.217.220:12096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:50", "100", "False", "https://search.censys.io/hosts/107.172.217.220", "AS36352,C2,censys", "0", "dyingbreeds_"
"2026-02-20 08:47:26", "1751083", "185.180.198.3:2025", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:04", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-02-20 08:47:26", "1751084", "185.180.198.3:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:05", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2026-02-20 08:46:17", "1751080", "163.181.208.79:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:43:43", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-02-20 07:09:34", "1751056", "81.68.89.216:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:36", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-02-18 08:01:44", "1750283", "kitsoinsbebeclique.shop", "domain", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "2026-06-08 05:45:12", "100", "False", "https://bazaar.abuse.ch/sample/bc0c9c58f2886e83b8d035c81bc3100bb8d2afd87b67591130b88ff5027bf8b6/", "Socks5Systemz", "0", "abuse_ch"
"2026-02-16 09:05:30", "1749217", "111.228.4.54:4455", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:51", "50", "False", "https://www.shodan.io/host/111.228.4.54#4455", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots"
"2026-02-14 18:46:07", "1748314", "27.221.15.199:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:45:28", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-02-13 14:01:35", "1747540", "gor.emiraride.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:14:42", "100", "False", "", "Vidar", "0", "crep1x"
"2026-02-13 14:01:02", "1747538", "https://gor.emiraride.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:14:42", "100", "False", "", "Vidar", "0", "crep1x"
"2026-02-13 08:01:04", "1747433", "83.229.127.46:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:37", "100", "False", "https://search.censys.io/hosts/83.229.127.46", "AS139659,C2,censys,CobaltStrike,cs-watermark-666666666,LUCID-AS-AP", "0", "DonPasci"
"2026-02-13 07:00:24", "1747139", "45.66.164.17:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:48", "100", "False", "https://search.censys.io/hosts/45.66.164.17", "AS63023,C2,censys,Mythic", "0", "dyingbreeds_"
"2026-02-13 06:59:13", "1747121", "117.72.191.140:8028", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:55", "50", "False", "https://www.shodan.io/host/117.72.191.140#8028", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots"
"2026-02-12 20:00:41", "1747002", "118.107.0.254:2002", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:57", "100", "False", "https://search.censys.io/hosts/118.107.0.254", "AS152194,C2,censys,CobaltStrike,cs-watermark-987654321,CTGSERVERLIMITED-AS-AP", "0", "DonPasci"
"2026-02-12 16:01:27", "1746911", "175.192.75.105:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:43:52", "100", "False", "https://search.censys.io/hosts/175.192.75.105", "AS4766,C2,censys,KIXS-AS-KR,Netsupport,RAT", "0", "DonPasci"
"2026-02-10 03:00:13", "1744175", "118.107.0.254:2003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:57", "100", "False", "https://search.censys.io/hosts/118.107.0.254", "AS152194,C2,censys", "0", "dyingbreeds_"
"2026-02-09 11:14:08", "1743719", "opa.dokantrack.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:14:21", "100", "False", "", "Vidar", "0", "crep1x"
"2026-02-09 11:13:23", "1743622", "https://opa.dokantrack.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:14:21", "100", "False", "", "Vidar", "0", "crep1x"
"2026-02-09 11:00:33", "1743594", "15.204.14.143:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:30", "100", "False", "https://search.censys.io/hosts/15.204.14.143", "AS16276,C2,censys,OVH", "0", "dyingbreeds_"
"2026-02-08 16:58:26", "1743406", "sdn-cloudflare-js-botstrup.cfd", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-08 21:20:19", "100", "False", "", "censys,ErrTraffic,panel", "0", "NDA0E"
"2026-02-08 16:58:26", "1743407", "sdn-cloudflare-js.cfd", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-08 21:20:19", "100", "False", "", "censys,ErrTraffic,panel", "0", "NDA0E"
"2026-02-08 16:00:16", "1743398", "192.3.233.166:59850", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:14", "100", "False", "https://search.censys.io/hosts/192.3.233.166", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2026-02-08 15:42:41", "1743395", "1.15.25.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:40", "1743391", "106.52.208.143:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:40", "1743392", "106.13.137.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:40", "1743393", "101.43.2.116:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:40", "1743394", "101.133.148.66:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:39", "1743388", "115.190.178.249:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:39", "1743389", "114.132.150.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:39", "1743390", "110.40.176.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:37", "1743386", "120.48.50.33:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:37", "1743387", "117.72.214.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:36", "1743381", "124.223.199.39:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:36", "1743382", "124.221.32.87:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:36", "1743383", "124.220.48.168:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:36", "1743384", "124.220.164.98:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:36", "1743385", "121.41.167.80:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:35", "1743378", "152.136.139.105:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:35", "1743379", "129.204.103.151:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:35", "1743380", "124.223.47.219:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:34", "1743374", "172.245.215.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:34", "1743375", "165.154.125.212:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:34", "1743376", "156.233.233.134:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:34", "1743377", "154.201.91.224:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:33", "1743370", "38.190.224.63:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:33", "1743371", "222.255.214.236:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:33", "1743372", "192.252.187.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:33", "1743373", "178.16.52.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:32", "1743365", "43.139.146.100:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:32", "1743366", "43.133.41.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:32", "1743367", "42.192.49.72:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:32", "1743368", "39.107.85.83:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:32", "1743369", "39.106.144.162:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:31", "1743363", "47.100.168.4:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:31", "1743364", "43.139.169.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:30", "1743362", "47.111.146.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:29", "1743358", "47.243.175.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:29", "1743359", "47.239.188.48:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:29", "1743360", "47.122.30.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:29", "1743361", "47.122.1.243:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:28", "1743356", "61.166.154.109:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:28", "1743357", "49.235.177.231:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:27", "1743353", "81.70.255.195:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:27", "1743354", "81.69.98.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:27", "1743355", "8.210.78.137:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:26", "1743351", "83.229.126.65:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:26", "1743352", "81.71.159.99:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:15", "1743349", "83.229.123.61:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:15", "1743350", "83.229.126.183:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:14", "1743348", "8.153.205.30:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:13", "1743347", "8.137.149.67:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:12", "1743344", "47.93.28.103:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:12", "1743345", "60.205.139.210:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:12", "1743346", "lcowpowerlite.italynorth.cloudapp.azure.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:26", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:11", "1743340", "47.109.198.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:11", "1743341", "47.120.70.161:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:11", "1743342", "47.121.137.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:11", "1743343", "47.121.29.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:10", "1743336", "45.115.236.152:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:10", "1743338", "47.107.136.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:10", "1743339", "47.109.145.121:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:09", "1743333", "192.140.176.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:09", "1743334", "36.140.162.173:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:09", "1743335", "39.105.165.37:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:08", "1743330", "152.32.251.78:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:08", "1743331", "154.201.74.112:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:08", "1743332", "179.43.186.214:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:07", "1743326", "139.196.41.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:07", "1743327", "139.224.16.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:07", "1743328", "14.103.175.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:07", "1743329", "150.187.25.242:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:06", "1743322", "120.48.168.57:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:06", "1743323", "121.40.18.128:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:06", "1743324", "122.51.93.94:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:06", "1743325", "134.122.140.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:05", "1743320", "117.72.102.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:05", "1743321", "117.72.242.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:04", "1743318", "113.44.67.52:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:04", "1743319", "115.190.161.178:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:03", "1743314", "106.38.201.95:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:03", "1743315", "106.75.162.108:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:03", "1743316", "106.75.215.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:03", "1743317", "106.75.224.31:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:02", "1743312", "106.12.219.245:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 15:42:02", "1743313", "106.13.29.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2026-02-08 11:00:25", "1743267", "15.204.14.143:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:30", "100", "False", "https://search.censys.io/hosts/15.204.14.143", "AS16276,C2,censys,OVH", "0", "dyingbreeds_"
"2026-02-08 04:00:55", "1743209", "15.204.95.228:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:30", "100", "False", "https://search.censys.io/hosts/15.204.95.228", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci"
"2026-02-07 03:00:18", "1742595", "174.138.86.141:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:52", "100", "False", "https://search.censys.io/hosts/174.138.86.141", "AS14061,C2,censys,Mythic", "0", "dyingbreeds_"
"2026-02-05 13:04:12", "1741652", "192.159.99.249:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:14", "50", "False", "https://www.shodan.io/host/192.159.99.249#5555", "c2,evilginx,shodan", "0", "juroots"
"2026-02-05 13:01:59", "1741587", "57.158.27.132:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:09", "50", "False", "https://www.shodan.io/host/57.158.27.132#31337", "c2,shodan,sliver", "0", "juroots"
"2026-02-05 11:00:23", "1741476", "94.74.0.253:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:32", "100", "False", "https://search.censys.io/hosts/94.74.0.253", "AS39636,ASN-AEMNET,C2,censys,Mythic", "0", "dyingbreeds_"
"2026-02-05 06:34:37", "1741375", "37.72.172.58:6066", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:35", "75", "False", "", "AS29802,asyncrat,c2,fofa,RAT", "0", "oxygen28"
"2026-02-04 11:00:54", "1741132", "172.174.234.34:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:48", "100", "False", "https://search.censys.io/hosts/172.174.234.34", "AS8075,C2,censys,Mythic", "0", "dyingbreeds_"
"2026-02-04 00:02:27", "1740953", "188.166.244.201:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:11", "100", "False", "https://search.censys.io/hosts/188.166.244.201", "AdaptixC2,AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "DonPasci"
"2026-02-03 00:02:43", "1740216", "47.115.175.62:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:53", "100", "False", "https://search.censys.io/hosts/47.115.175.62", "AdaptixC2,ALIBABA-CN-NET,AS37963,C2,censys", "0", "DonPasci"
"2026-01-31 00:05:33", "1739255", "98.85.71.175:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:33", "100", "False", "https://search.censys.io/hosts/98.85.71.175", "AMAZON-AES,AS14618,C2,censys,Mythic", "0", "DonPasci"
"2026-01-30 18:54:11", "1739209", "47.115.193.52:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:45:53", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-01-30 16:05:29", "1739169", "167.99.208.145:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:46", "100", "False", "https://search.censys.io/hosts/167.99.208.145", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci"
"2026-01-30 16:04:48", "1739163", "107.150.105.91:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:11", "100", "False", "https://search.censys.io/hosts/107.150.105.91", "AS135377,C2,censys,CobaltStrike,cs-watermark-666666666,UCLOUD-HK-AS-AP", "0", "DonPasci"
"2026-01-30 08:04:49", "1739009", "111.92.243.40:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:12", "100", "False", "https://search.censys.io/hosts/111.92.243.40", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-666666666", "0", "DonPasci"
"2026-01-30 00:06:02", "1738909", "68.64.178.201:54321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:15", "100", "False", "https://search.censys.io/hosts/68.64.178.201", "AdaptixC2,AS139659,C2,censys,LUCID-AS-AP", "0", "DonPasci"
"2026-01-26 23:00:09", "1737790", "47.120.46.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:24", "100", "False", "https://search.censys.io/hosts/47.120.46.230", "AS37963,C2,censys", "0", "dyingbreeds_"
"2026-01-26 13:57:13", "1737664", "https://fluraresto.me/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:06:36", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight"
"2026-01-26 13:57:13", "1737665", "https://mastralakkot.live/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:14:40", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight"
"2026-01-26 08:05:39", "1737569", "27.223.85.234:58001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:28", "100", "False", "https://search.censys.io/hosts/27.223.85.234", "AdaptixC2,AS4837,C2,censys,CHINA169-BACKBONE", "0", "DonPasci"
"2026-01-25 22:49:35", "1737455", "167.179.76.179:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-25 22:48:35", "1737454", "ns1.ns-apache.jo3.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-24 18:47:55", "1736696", "80.87.206.64:443", "ip:port", "botnet_cc", "win.rhysida", "None", "Rhysida", "2026-06-09 05:46:19", "75", "False", "None", "drb-ra,Rhysida", "0", "abuse_ch"
"2026-01-24 18:47:55", "1736697", "80.87.206.64:80", "ip:port", "botnet_cc", "win.rhysida", "None", "Rhysida", "2026-06-09 05:46:19", "75", "False", "None", "drb-ra,Rhysida", "0", "abuse_ch"
"2026-01-23 09:14:44", "1736055", "lat.sodstreams.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:14:09", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-23 09:14:26", "1736049", "https://lat.sodstreams.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:14:09", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-23 08:45:57", "1736034", "158.158.8.193:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-06-09 05:43:38", "75", "False", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2026-01-23 08:04:06", "1736014", "47.120.32.72:8075", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:26", "100", "False", "https://search.censys.io/hosts/47.120.32.72", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2026-01-22 17:23:40", "1735678", "fusionjanicepalimpsest.com", "domain", "botnet_cc", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "2026-06-08 05:41:28", "100", "False", "https://www.joesandbox.com/analysis/1855760/0/html", "c2,domain,HijackLoader,joesandbox", "0", "DonPasci"
"2026-01-22 12:04:28", "1735522", "176.31.71.168:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:43:53", "100", "False", "https://search.censys.io/hosts/176.31.71.168", "AS16276,C2,censys,OVH,Pupy,RAT", "0", "DonPasci"
"2026-01-22 04:04:19", "1735412", "34.64.98.201:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-07 18:44:51", "100", "False", "https://search.censys.io/hosts/34.64.98.201", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Pupy,RAT", "0", "DonPasci"
"2026-01-21 20:04:36", "1735342", "54.145.56.188:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:08", "100", "False", "https://search.censys.io/hosts/54.145.56.188", "AMAZON-AES,AS14618,C2,censys,Mythic", "0", "DonPasci"
"2026-01-21 20:03:53", "1735337", "121.4.92.72:5000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:00", "100", "False", "https://search.censys.io/hosts/121.4.92.72", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2026-01-20 16:04:24", "1734893", "136.24.173.249:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:20", "100", "False", "https://search.censys.io/hosts/136.24.173.249", "AS19165,C2,censys,Mythic,WEBPASS", "0", "DonPasci"
"2026-01-18 00:03:59", "1734081", "103.79.79.105:8444", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:43:09", "100", "False", "https://search.censys.io/hosts/103.79.79.105", "AS199959,C2,censys,CROWNCLOUD,Pupy,RAT", "0", "DonPasci"
"2026-01-17 11:00:10", "1733763", "113.250.188.15:8078", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:53", "100", "False", "https://search.censys.io/hosts/113.250.188.15", "AS134420,C2,censys", "0", "dyingbreeds_"
"2026-01-16 15:03:06", "1733589", "poc.sekershuk.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:12:44", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-16 15:02:50", "1733587", "https://poc.sekershuk.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:12:44", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-16 11:05:53", "1732736", "64.23.231.32:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:12", "50", "False", "https://www.shodan.io/host/64.23.231.32#31337", "c2,shodan,sliver", "0", "juroots"
"2026-01-16 11:03:46", "1732709", "117.72.178.246:4848", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:55", "50", "False", "https://www.shodan.io/host/117.72.178.246#4848", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots"
"2026-01-13 20:03:58", "1732012", "212.103.26.10:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:32", "100", "False", "https://search.censys.io/hosts/212.103.26.10", "AS15557,C2,censys,Havoc,LDCOMNET", "0", "DonPasci"
"2026-01-13 20:03:34", "1732009", "47.84.83.56:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:45:54", "100", "False", "https://search.censys.io/hosts/47.84.83.56", "ALIBABA-CN-NET,AS45102,C2,censys,Sliver", "0", "DonPasci"
"2026-01-13 08:52:00", "1731532", "54.38.94.225:8881", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:46:08", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2026-01-12 23:00:32", "1701407", "64.23.248.252:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:13", "100", "False", "https://search.censys.io/hosts/64.23.248.252", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_"
"2026-01-12 16:03:19", "1701312", "130.12.181.93:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:43:19", "100", "False", "https://search.censys.io/hosts/130.12.181.93", "AS36680,C2,censys,NETIFACELLC,RAT,Remcos", "0", "DonPasci"
"2026-01-10 06:45:16", "1700297", "139.224.16.185:1234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:05", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-01-09 20:02:46", "1700191", "115.190.237.175:35555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:54", "100", "False", "https://search.censys.io/hosts/115.190.237.175", "AS137718,C2,censys,CobaltStrike,cs-watermark-666666666,VOLCANO-ENGINE", "0", "DonPasci"
"2026-01-09 11:01:05", "1693493", "137.184.93.131:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:21", "100", "False", "https://search.censys.io/hosts/137.184.93.131", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "dyingbreeds_"
"2026-01-09 04:02:43", "1693407", "8.148.184.136:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:34", "100", "False", "https://search.censys.io/hosts/8.148.184.136", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2026-01-08 23:00:12", "1693365", "117.72.178.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:15", "100", "False", "https://search.censys.io/hosts/117.72.178.246", "AS141679,C2,censys", "0", "dyingbreeds_"
"2026-01-08 22:50:04", "1693357", "172.94.18.103:191", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:51", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch"
"2026-01-07 20:02:36", "1692743", "38.49.57.15:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:21", "100", "False", "https://search.censys.io/hosts/38.49.57.15", "AS8796,C2,censys,CobaltStrike,cs-watermark-666666666,FD-298-8796", "0", "DonPasci"
"2026-01-06 08:02:23", "1691952", "115.190.233.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:14", "100", "False", "https://search.censys.io/hosts/115.190.233.79", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci"
"2026-01-05 13:21:42", "1691605", "http://213.5.130.122", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:43", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-01-05 13:21:41", "1691603", "http://213.5.130.151", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:43", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-01-05 13:21:40", "1691604", "http://213.5.130.124", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:41", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-01-05 13:21:40", "1691606", "http://213.5.130.187", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:40", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2026-01-05 10:07:27", "1691533", "hov.multiatend.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:12:23", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-05 10:06:49", "1691482", "https://hov.multiatend.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:12:23", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-05 08:35:25", "1691375", "124.198.131.115:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 18:43:13", "50", "False", "https://www.shodan.io/host/124.198.131.115#5555", "c2,evilginx,shodan", "0", "juroots"
"2025-12-30 16:21:16", "1688739", "101.34.205.214:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:15", "1688738", "103.171.35.66:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:14", "1688737", "107.149.192.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:13", "1688734", "124.222.218.20:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:13", "1688735", "124.221.255.78:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:13", "1688736", "123.56.78.220:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:12", "1688732", "152.32.202.240:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:12", "1688733", "150.158.119.242:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:11", "1688730", "165.154.244.73:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:11", "1688731", "156.225.20.77:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:10", "1688729", "182.92.239.94:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:08", "1688726", "39.105.160.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:08", "1688727", "38.38.250.99:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:08", "1688728", "211.184.175.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:07", "1688725", "45.58.56.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:05", "1688723", "8.130.80.145:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:05", "1688724", "8.130.26.216:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:03", "1688721", "94.74.164.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:21:03", "1688722", "87.251.67.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2025-12-30 16:04:05", "1688694", "16.171.13.191:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:41", "100", "False", "https://search.censys.io/hosts/16.171.13.191", "AMAZON-02,AS16509,C2,censys,Covenant", "0", "DonPasci"
"2025-12-28 20:01:34", "1687817", "118.89.88.183:56781", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:58", "100", "False", "https://search.censys.io/hosts/118.89.88.183", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2025-12-28 07:41:32", "1687327", "37.72.172.58:8088", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:35", "100", "False", "https://search.censys.io/hosts/37.72.172.58", "AS29802,C2,censys,HVC-AS,RAT", "0", "dyingbreeds_"
"2025-12-27 16:02:33", "1687170", "37.72.172.58:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:35", "100", "False", "https://search.censys.io/hosts/37.72.172.58", "AS29802,AsyncRAT,C2,censys,HVC-AS,RAT", "0", "DonPasci"
"2025-12-25 18:44:15", "1686405", "155.102.62.60:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:43:33", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-25 07:52:31", "1686010", "139.196.223.82:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:17", "100", "False", "https://search.censys.io/hosts/139.196.223.82", "AS37963,C2,censys", "0", "dyingbreeds_"
"2025-12-24 18:08:41", "1685948", "ghost4senator.duckdns.org", "domain", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "2026-06-08 05:46:38", "100", "False", "https://tria.ge/251224-vvmrbshs2b", "C2,domain,netwire,rat,triage", "0", "DonPasci"
"2025-12-24 12:48:51", "1685856", "helpremote.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-12-23 22:45:05", "1685596", "172.94.18.103:190", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:51", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch"
"2025-12-23 20:01:06", "1685256", "115.190.160.206:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:13", "100", "False", "https://search.censys.io/hosts/115.190.160.206", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci"
"2025-12-23 18:07:43", "1685210", "196.251.107.104:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:22", "100", "False", "https://tria.ge/251223-qezczazpcx", "AS9304,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-23 18:07:42", "1685209", "196.251.107.104:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:22", "100", "False", "https://tria.ge/251223-qezczazpcx", "AS9304,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-23 03:00:34", "1684938", "8.159.146.72:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-12-23 02:54:49", "1684936", "missmovie.lol", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-12-22 20:01:00", "1684826", "179.43.186.214:7889", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:13", "100", "False", "https://search.censys.io/hosts/179.43.186.214", "AS51852,C2,censys,CobaltStrike,cs-watermark-987654321,PLI-AS", "0", "DonPasci"
"2025-12-22 18:02:02", "1684794", "45.133.180.162:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:45:44", "100", "False", "https://tria.ge/251222-d45vtstqc1", "AS9009,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-12-22 13:24:27", "1684679", "193.142.146.30:9433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:14", "100", "False", "https://search.censys.io/hosts/193.142.146.30", "AS213438,C2,censys", "0", "dyingbreeds_"
"2025-12-22 00:01:20", "1684543", "64.190.113.161:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:46:12", "100", "False", "https://search.censys.io/hosts/64.190.113.161", "AS399629,BLNWX,C2,censys,Pupy,RAT", "0", "DonPasci"
"2025-12-18 18:44:36", "1682522", "155.102.133.61:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:43:33", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-17 17:02:48", "1681582", "fortwaynejubileebrontide.com", "domain", "botnet_cc", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "2026-06-08 05:41:29", "100", "False", "", "None", "0", "proxylife"
"2025-12-17 13:31:59", "1681468", "chi.botick.top", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:12:02", "100", "False", "", "Vidar", "0", "crep1x"
"2025-12-17 13:31:48", "1681466", "https://chi.botick.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:12:01", "100", "False", "", "Vidar", "0", "crep1x"
"2025-12-16 02:49:55", "1680306", "43.161.245.186:79", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-12-14 07:16:58", "1678597", "myrepis.gd", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 13:21:20", "100", "False", "https://bazaar.abuse.ch/sample/80809b3c28022cad38c37667c082ed755561f7d5bfd5cf6415cb6bf0211a2e2a/", "Mirai", "0", "abuse_ch"
"2025-12-13 08:00:47", "1677537", "effinghampodiatriclore.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2026-06-08 05:41:29", "100", "False", "", "DeerStealer,DonutLoader,HijackLoader", "0", "Gi7w0rm"
"2025-12-12 02:50:28", "1676363", "67.219.102.244:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-12-09 18:49:53", "1673804", "47.246.29.99:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:45:53", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-12-09 08:05:46", "1673343", "https://91.124.149.73/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:11:50", "100", "False", "", "Vidar", "0", "crep1x"
"2025-12-08 14:58:40", "1670887", "20.157.116.151:8000", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:25", "100", "False", "https://search.censys.io/hosts/20.157.116.151", "AdaptixC2,AS8069,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci"
"2025-12-07 16:01:37", "1668967", "180.76.141.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:20", "100", "False", "https://search.censys.io/hosts/180.76.141.175", "AS38365,BAIDU,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci"
"2025-12-05 06:06:54", "1667916", "clients.enigmasolutions.xyz", "domain", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "2026-06-08 05:46:37", "100", "False", "https://tria.ge/251205-f9a9hstlb1", "C2,domain,netwire,rat,triage", "0", "DonPasci"
"2025-12-04 00:03:19", "1667182", "216.238.89.173:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:24", "100", "False", "https://search.censys.io/hosts/216.238.89.173", "AdaptixC2,AS-VULTR,AS20473,C2,censys", "0", "DonPasci"
"2025-12-03 20:01:15", "1667105", "115.190.161.178:1234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:54", "100", "False", "https://search.censys.io/hosts/115.190.161.178", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci"
"2025-12-03 12:31:15", "1666902", "122.114.10.199:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:17", "90", "False", "https://search.censys.io/hosts/122.114.10.199", "AS4837,C2,censys", "0", "dyingbreeds_"
"2025-12-02 12:51:03", "1666137", "8.137.149.67:8091", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-12-01 14:57:52", "1665523", "http://213.5.130.104", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:40", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-12-01 14:57:52", "1665524", "http://213.5.130.180", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:40", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-12-01 14:57:50", "1665525", "http://213.5.130.106", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:40", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-12-01 14:57:49", "1665526", "http://213.5.130.102", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:41", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-12-01 14:57:49", "1665527", "http://213.5.130.152", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:39", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-12-01 14:57:49", "1665528", "http://213.5.130.107", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:39", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-12-01 14:57:49", "1665529", "http://213.5.130.153", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:42", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-12-01 14:57:48", "1665530", "http://213.5.130.100", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:40", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-12-01 14:57:48", "1665531", "http://213.5.130.182", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:42", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-12-01 14:57:47", "1665532", "http://213.5.130.181", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:40", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-12-01 12:36:20", "1665454", "122.114.10.199:8001", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:17", "90", "False", "https://search.censys.io/hosts/122.114.10.199", "AS4837,C2,censys", "0", "dyingbreeds_"
"2025-12-01 06:57:39", "1665331", "47.84.83.56:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:45:54", "50", "False", "https://www.shodan.io/host/47.84.83.56#31337", "c2,shodan,sliver", "0", "juroots"
"2025-11-30 20:01:55", "1663611", "103.110.65.166:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:04", "100", "False", "https://search.censys.io/hosts/103.110.65.166", "AS26383,ASNET,C2,censys,Sliver", "0", "DonPasci"
"2025-11-29 20:00:50", "1663223", "106.13.29.104:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:49", "100", "False", "https://search.censys.io/hosts/106.13.29.104", "AS38365,BAIDU,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-11-29 12:00:52", "1663012", "47.236.56.15:4445", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:28", "100", "False", "https://search.censys.io/hosts/47.236.56.15", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-0", "0", "DonPasci"
"2025-11-29 04:01:42", "1660878", "43.162.121.116:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:42", "100", "False", "https://search.censys.io/hosts/43.162.121.116", "AS132203,censys,EvilGinx,panel,Phishing,TENCENT-NET-AP-CN", "0", "DonPasci"
"2025-11-28 12:03:50", "1660370", "85.130.116.122:8085", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 06:12:03", "100", "False", "https://search.censys.io/hosts/85.130.116.122", "A1BG_RSD,AS13124,censys,Chaos,panel", "0", "DonPasci"
"2025-11-28 10:51:31", "1660317", "148.135.120.162:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:07", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-28 10:50:17", "1660316", "ns2.googleclouds.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-28 10:50:14", "1660315", "ns1.googleclouds.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-28 04:01:01", "1651951", "5.101.82.51:9999", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:56", "100", "False", "https://search.censys.io/hosts/5.101.82.51", "AS-GLOBALTELEHOST,AS63023,C2,censys,RAT,Remcos", "0", "DonPasci"
"2025-11-27 18:47:59", "1651813", "47.103.143.60:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:52", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch"
"2025-11-27 06:38:12", "1651425", "slursbeback.ru", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 13:22:03", "100", "False", "https://bazaar.abuse.ch/sample/d508929946b9ae3d643d900983435230eedb2549b8d30690b516bd5a70ee67c4/", "Mirai", "0", "abuse_ch"
"2025-11-26 12:50:54", "1650889", "job.itechno.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-25 10:49:55", "1650040", "156.245.248.173:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-25 06:01:37", "1649775", "http://213.5.130.84", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:42", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-11-25 06:01:36", "1649776", "http://213.5.130.96", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:43", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-11-25 06:01:36", "1649777", "http://213.5.130.98", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:40", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-11-25 06:01:35", "1649778", "http://213.5.130.160", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:42", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-11-23 08:00:29", "1649164", "5.101.86.44:61288", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:01", "100", "False", "https://search.censys.io/hosts/5.101.86.44", "AS-GLOBALTELEHOST,AS62563,C2,censys,RAT,Remcos", "0", "DonPasci"
"2025-11-21 10:49:27", "1647756", "1.13.247.208:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:45", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-21 00:02:05", "1647575", "123.58.64.57:34567", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:02", "100", "False", "https://search.censys.io/hosts/123.58.64.57", "AS17623,C2,censys,CNCGROUP-SZ,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-11-19 23:00:16", "1646839", "43.156.63.124:64494", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:19", "100", "False", "https://search.censys.io/hosts/43.156.63.124", "AS132203,C2,censys", "0", "dyingbreeds_"
"2025-11-17 23:00:18", "1645785", "47.236.149.142:46832", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:28", "100", "False", "https://search.censys.io/hosts/47.236.149.142", "AS45102,C2,censys", "0", "dyingbreeds_"
"2025-11-17 12:04:03", "1645505", "194.233.73.173:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:44:19", "100", "False", "https://search.censys.io/hosts/194.233.73.173", "AdaptixC2,AS141995,C2,CAPL-AS-AP,censys", "0", "DonPasci"
"2025-11-15 08:48:18", "1641582", "62.4.0.66:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:11", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch"
"2025-11-13 04:54:17", "1639703", "62.60.226.183:483", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "2026-06-09 06:15:22", "100", "False", "None", "c2,Tofsee", "0", "Bitsight"
"2025-11-12 04:02:31", "1638854", "54.165.230.182:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:08", "100", "False", "https://search.censys.io/hosts/54.165.230.182", "AMAZON-AES,AS14618,C2,censys,Covenant", "0", "DonPasci"
"2025-11-10 18:47:41", "1638274", "38.242.212.5:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:37", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2025-11-10 16:02:55", "1638236", "154.205.145.109:2096", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:32", "100", "False", "https://search.censys.io/hosts/154.205.145.109", "AS138915,C2,censys,Havoc,KAOPU-HK", "0", "DonPasci"
"2025-11-09 08:02:17", "1637255", "62.60.226.65:43155", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:11", "100", "False", "https://search.censys.io/hosts/62.60.226.65", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci"
"2025-11-09 07:54:32", "1637240", "startmenuexperiencehosting.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-07 15:17:35", "50", "False", "", "asyncrat,c2", "0", "juroots"
"2025-11-07 23:00:12", "1636099", "111.228.55.96:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:11", "100", "False", "https://search.censys.io/hosts/111.228.55.96", "AS141679,C2,censys", "0", "dyingbreeds_"
"2025-11-07 18:48:21", "1636044", "193.143.1.216:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:44:16", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch"
"2025-11-07 02:49:37", "1634744", "165.154.225.239:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-05 08:00:35", "1633709", "156.225.20.77:5006", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:09", "100", "False", "https://search.censys.io/hosts/156.225.20.77", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-987654321", "0", "DonPasci"
"2025-11-04 20:01:04", "1633501", "59.110.28.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:25", "100", "False", "https://search.censys.io/hosts/59.110.28.230", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-11-04 08:00:54", "1633194", "51.15.8.6:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:07", "100", "False", "https://search.censys.io/hosts/51.15.8.6", "AS12876,C2,censys,Online,Sliver", "0", "DonPasci"
"2025-11-04 02:49:22", "1633063", "192.253.227.88:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-04 02:49:14", "1633061", "167.88.168.76:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-03 20:00:26", "1632776", "83.229.126.183:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:37", "100", "False", "https://search.censys.io/hosts/83.229.126.183", "AS139659,C2,censys,CobaltStrike,cs-watermark-987654321,LUCID-AS-AP", "0", "DonPasci"
"2025-11-03 12:08:57", "1631753", "117.72.175.125:443", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "2026-06-09 06:00:53", "100", "False", "https://www.nviso.eu/blog", "C2,NVISO,VShell", "0", "0xThiebaut"
"2025-11-03 09:03:04", "1631367", "117.72.242.9:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:56", "100", "False", "https://search.censys.io/hosts/117.72.242.9", "AS141679,C2,censys", "0", "dyingbreeds_"
"2025-11-03 07:01:12", "1631471", "119.42.148.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:38", "50", "False", "https://www.shodan.io/host/119.42.148.186#443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots"
"2025-11-01 12:33:11", "1630767", "159.223.0.103:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:40", "50", "False", "https://www.shodan.io/host/159.223.0.103#31337", "c2,shodan,sliver", "0", "juroots"
"2025-11-01 12:31:38", "1630704", "117.72.175.125:8087", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:55", "50", "False", "https://www.shodan.io/host/117.72.175.125#8087", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots"
"2025-10-31 16:01:24", "1630391", "85.215.57.133:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:46:25", "100", "False", "https://search.censys.io/hosts/85.215.57.133", "AdaptixC2,AS8560,C2,censys,IONOS-AS", "0", "DonPasci"
"2025-10-30 04:00:42", "1629384", "103.149.93.146:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:40", "100", "False", "https://search.censys.io/hosts/103.149.93.146", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-666666666", "0", "DonPasci"
"2025-10-29 10:49:29", "1628837", "112.3.31.155:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:46:02", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-29 09:23:45", "1628814", "179.43.186.214:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:13", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-10-29 07:22:28", "1628768", "gestcular.cfd", "domain", "botnet_cc", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "2026-06-08 05:41:29", "50", "False", "", "c2,hijackloader", "0", "juroots"
"2025-10-29 04:01:19", "1628725", "94.154.35.114:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-07 18:45:46", "100", "False", "https://search.censys.io/hosts/94.154.35.114", "AS214943,C2,censys,DcRAT,RAILNET,RAT", "0", "DonPasci"
"2025-10-29 02:49:59", "1628691", "8.17.56.128:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-28 20:48:37", "1628195", "ns1.servicedata.services", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 10:45:46", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-28 12:28:01", "1628076", "8.137.149.67:8060", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:34", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-10-28 04:00:27", "1627925", "182.254.155.23:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:35", "100", "False", "https://search.censys.io/hosts/182.254.155.23", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2025-10-28 02:49:21", "1627719", "182.16.98.83:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-27 20:50:01", "1627659", "182.16.98.84:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-26 07:39:14", "1626705", "196.251.83.89:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:34", "100", "False", "https://search.censys.io/hosts/196.251.83.89", "AS401120,C2,censys,CHEAPY-HOST", "0", "dyingbreeds_"
"2025-10-25 04:02:07", "1626312", "173.212.216.226:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:43:52", "100", "False", "https://search.censys.io/hosts/173.212.216.226", "AS51167,censys,Chaos,CONTABO,panel", "0", "DonPasci"
"2025-10-25 04:00:11", "1626300", "47.121.135.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:31", "100", "False", "https://search.censys.io/hosts/47.121.135.201", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-10-24 16:00:08", "1626112", "140.143.194.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:50", "100", "False", "https://search.censys.io/hosts/140.143.194.253", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2025-10-23 16:48:58", "1625642", "maelootp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-23 12:50:22", "1625564", "evil.ritademo.io.vn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-23 08:02:52", "1625393", "40.66.42.246:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:39", "100", "False", "https://search.censys.io/hosts/40.66.42.246", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci"
"2025-10-22 22:00:43", "1625174", "40.66.42.246:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:39", "100", "False", "https://search.censys.io/hosts/40.66.42.246", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "dyingbreeds_"
"2025-10-22 18:45:52", "1625107", "185.72.8.137:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:10", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-10-22 18:45:52", "1625108", "185.72.8.137:7882", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:10", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-10-22 15:43:44", "1624905", "116.62.226.163:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:53", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear"
"2025-10-22 08:02:02", "1624664", "115.190.140.220:1443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:53", "100", "False", "https://search.censys.io/hosts/115.190.140.220", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci"
"2025-10-21 20:01:59", "1624300", "47.110.67.64:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:45", "100", "False", "https://search.censys.io/hosts/47.110.67.64", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-10-21 13:19:24", "1624166", "http://213.5.130.75", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:41", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-10-21 13:19:23", "1624167", "http://213.5.130.10", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:42", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-10-21 13:19:22", "1624169", "http://213.5.130.90", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:40", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-10-21 13:19:22", "1624170", "http://213.5.130.89", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 06:01:41", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs"
"2025-10-21 02:49:37", "1618876", "www.salesf0rce.club", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-19 06:39:17", "1617732", "157.20.182.18:4443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:37", "100", "False", "https://search.censys.io/hosts/157.20.182.18", "AS152485,C2,censys,RAT", "0", "dyingbreeds_"
"2025-10-18 12:49:25", "1617577", "143.92.43.246:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-17 12:02:17", "1617285", "5.152.16.189:8443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:46:05", "100", "False", "https://search.censys.io/hosts/5.152.16.189", "AS35805,C2,censys,Netsupport,RAT,SILKNET-AS", "0", "DonPasci"
"2025-10-17 08:02:43", "1617002", "3.143.55.137:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:28", "100", "False", "https://search.censys.io/hosts/3.143.55.137", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci"
"2025-10-16 22:50:54", "1616729", "47.129.2.130:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-16 22:49:04", "1616728", "ns1.gygiuh.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-15 18:47:32", "1616141", "23.94.44.214:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:27", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch"
"2025-10-14 20:02:48", "1615761", "89.58.30.49:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:27", "100", "False", "https://search.censys.io/hosts/89.58.30.49", "AS197540,C2,censys,Covenant,NETCUP-AS", "0", "DonPasci"
"2025-10-14 08:01:33", "1614712", "5.101.82.60:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:45:56", "100", "False", "https://search.censys.io/hosts/5.101.82.60", "AS-GLOBALTELEHOST,AS63023,C2,censys,RAT,Remcos", "0", "DonPasci"
"2025-10-07 20:02:30", "1608986", "45.138.16.162:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:44", "100", "False", "https://search.censys.io/hosts/45.138.16.162", "AdaptixC2,AS210558,C2,censys,SERVICES-1337-GMBH", "0", "DonPasci"
"2025-10-07 02:49:11", "1608605", "143.92.43.153:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-10-07 02:49:11", "1608606", "143.92.43.231:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:06", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-09-30 00:02:15", "1604499", "149.50.135.215:49152", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:29", "100", "False", "https://search.censys.io/hosts/149.50.135.215", "AdaptixC2,AS27823,C2,censys,Dattatec.com", "0", "DonPasci"
"2025-09-28 15:48:32", "1603281", "154.92.15.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:37", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear"
"2025-09-27 16:02:13", "1602818", "84.27.86.226:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:46:23", "100", "False", "https://search.censys.io/hosts/84.27.86.226", "AS33915,C2,censys,Netsupport,RAT,TNF-AS", "0", "DonPasci"
"2025-09-25 20:00:39", "1601556", "115.120.245.134:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:12", "100", "False", "https://search.censys.io/hosts/115.120.245.134", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci"
"2025-09-25 12:51:01", "1601359", "196.251.69.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-09-24 20:00:10", "1599651", "47.113.186.138:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:45", "100", "False", "https://search.censys.io/hosts/47.113.186.138", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-09-24 08:02:13", "1599442", "43.162.114.240:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:42", "100", "False", "https://search.censys.io/hosts/43.162.114.240", "AS132203,censys,EvilGinx,panel,Phishing,TENCENT-NET-AP-CN", "0", "DonPasci"
"2025-09-23 06:06:58", "1598336", "43.139.170.200:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:21", "100", "False", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch"
"2025-09-23 04:00:59", "1598300", "43.162.114.107:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:42", "100", "False", "https://search.censys.io/hosts/43.162.114.107", "AS132203,censys,EvilGinx,Phishing", "0", "dyingbreeds_"
"2025-09-22 14:51:05", "1598102", "159.75.211.248:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-09-22 14:49:30", "1598100", "cstest.mucfc.store", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-09-22 08:49:38", "1597898", "ns2.cryptwechat.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-09-22 08:49:35", "1597894", "ns1.cryptwechat.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-09-21 16:01:22", "1596535", "43.162.108.133:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:42", "100", "False", "https://search.censys.io/hosts/43.162.108.133", "AS132203,censys,EvilGinx,panel,Phishing,TENCENT-NET-AP-CN", "0", "DonPasci"
"2025-09-14 04:00:25", "1589781", "91.92.241.142:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-07 18:45:44", "100", "False", "https://search.censys.io/hosts/91.92.241.142", "AS209800,C2,censys,METASPINNER-ASN,RAT", "0", "dyingbreeds_"
"2025-09-13 20:02:04", "1589687", "213.252.247.119:1234", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:33", "100", "False", "https://search.censys.io/hosts/213.252.247.119", "AS61272,C2,censys,IST-AS,RAT,Remcos", "0", "DonPasci"
"2025-09-13 04:01:58", "1589068", "18.167.174.198:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:43:57", "100", "False", "https://search.censys.io/hosts/18.167.174.198", "AMAZON-02,AS16509,C2,censys,Pupy,RAT", "0", "DonPasci"
"2025-09-11 20:01:36", "1588133", "195.178.110.135:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:35", "100", "False", "https://search.censys.io/hosts/195.178.110.135", "AS48090,C2,censys,CobaltStrike,cs-watermark-426352781,DMZHOST", "0", "DonPasci"
"2025-09-11 20:01:30", "1588128", "150.158.170.241:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:37", "100", "False", "https://search.censys.io/hosts/150.158.170.241", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2025-09-11 06:43:14", "1587773", "106.12.111.209:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:40", "100", "False", "None", "CobaltStrike,cs-watermark-1234567890", "0", "abuse_ch"
"2025-09-10 20:01:24", "1587441", "101.32.109.112:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:41", "100", "False", "https://search.censys.io/hosts/101.32.109.112", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci"
"2025-09-10 16:02:07", "1587229", "142.93.86.246:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:25", "100", "False", "https://search.censys.io/hosts/142.93.86.246", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci"
"2025-09-06 20:01:18", "1582910", "8.138.222.215:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:30", "100", "False", "https://search.censys.io/hosts/8.138.222.215", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-09-06 12:01:48", "1582784", "103.236.70.158:8000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-06-09 05:43:08", "100", "False", "https://search.censys.io/hosts/103.236.70.158", "AS134768,C2,censys,CHINANET-SHAANXI-CLOUD-BASE,DcRAT,RAT", "0", "DonPasci"
"2025-09-04 07:40:17", "1581557", "8.148.194.157:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:30", "50", "False", "https://www.shodan.io/host/8.148.194.157#443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots"
"2025-09-02 18:52:55", "1580723", "47.236.159.248:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-09-02 18:50:45", "1580721", "ns2.microoosoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-09-02 18:50:42", "1580720", "ns1.microoosoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-09-02 05:43:42", "1580257", "47.121.137.8:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:27", "50", "False", "https://www.shodan.io/host/47.121.137.8#80", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots"
"2025-09-02 04:01:38", "1580237", "47.99.196.178:7001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:45:54", "100", "False", "https://search.censys.io/hosts/47.99.196.178", "AdaptixC2,ALIBABA-CN-NET,AS37963,C2,censys", "0", "DonPasci"
"2025-08-31 20:50:07", "1578899", "103.73.66.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:55", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 22:50:45", "1577783", "43.199.78.142:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:22", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 22:49:03", "1577775", "n1.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 22:49:03", "1577776", "n2.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 22:49:03", "1577777", "n3.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-29 22:49:01", "1577774", "lab.google-analytcis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-25 16:50:36", "1574437", "183.63.173.29:8008", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:13", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-25 08:14:17", "1574099", "89.216.98.17:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:46:27", "50", "False", "https://www.shodan.io/host/89.216.98.17#3085", "c2,netsupport,shodan", "0", "juroots"
"2025-08-25 00:00:27", "1573705", "43.163.112.217:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:33", "100", "False", "https://search.censys.io/hosts/43.163.112.217", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci"
"2025-08-23 18:00:42", "1573120", "62.60.226.133:61287", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:11", "100", "False", "https://tria.ge/250823-wglgsaxsdv", "AS214351,C2,rat,remcos,triage", "0", "DonPasci"
"2025-08-21 12:49:30", "1572312", "dakk5rnsax46s.cfc-execute.su.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:36", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-20 08:02:12", "1571607", "178.16.55.53:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:48", "100", "False", "https://search.censys.io/hosts/178.16.55.53", "C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-08-18 20:01:59", "1570775", "116.203.31.207:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:54", "100", "False", "https://search.censys.io/hosts/116.203.31.207", "AS24940,C2,censys,CobaltStrike,cs-watermark-987654321,HETZNER-AS", "0", "DonPasci"
"2025-08-17 20:01:54", "1570558", "150.187.25.242:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:07", "100", "False", "https://search.censys.io/hosts/150.187.25.242", "AS20312,C2,censys,CobaltStrike,cs-watermark-987654321,Fundacion", "0", "DonPasci"
"2025-08-16 15:22:26", "1569825", "8.138.167.123:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:30", "50", "False", "https://www.shodan.io/host/8.138.167.123#443", "c2,cobaltstrike,shodan", "0", "juroots"
"2025-08-16 08:01:47", "1569780", "119.29.231.118:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:39", "100", "False", "https://search.censys.io/hosts/119.29.231.118", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci"
"2025-08-15 21:57:45", "1569167", "116.198.233.179:6666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:54", "50", "False", "https://www.shodan.io/host/116.198.233.179#6666", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots"
"2025-08-15 06:21:34", "1568713", "117.72.184.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:53", "100", "False", "https://search.censys.io/hosts/117.72.184.172", "AS141679,C2,censys", "0", "dyingbreeds_"
"2025-08-12 20:01:25", "1567756", "116.198.233.179:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:53", "100", "False", "https://search.censys.io/hosts/116.198.233.179", "AS137699,C2,censys,CHINATELECOM-JIANGSU-SUQIAN-IDC,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-08-12 12:01:59", "1567668", "62.117.98.115:8001", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:10", "100", "False", "https://search.censys.io/hosts/62.117.98.115", "AS8732,C2,censys,COMCOR-AS,Mythic", "0", "DonPasci"
"2025-08-12 10:50:19", "1567648", "107.174.115.43:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-11 08:01:15", "1567234", "45.204.216.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:33", "100", "False", "https://search.censys.io/hosts/45.204.216.24", "AS62468,C2,censys,CobaltStrike,cs-watermark-987654321,HKCLOUDX", "0", "DonPasci"
"2025-08-06 12:54:26", "1565164", "8.219.76.168:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-06 09:56:01", "1564931", "net.booter.pro", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-06-07 13:16:47", "50", "False", "", "c2,mirai", "0", "juroots"
"2025-08-05 08:53:36", "1564496", "47.105.36.109:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:32", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-08-04 20:45:44", "1564345", "185.233.166.124:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:08", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-08-04 20:45:44", "1564346", "185.233.166.124:9702", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:09", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-08-01 20:01:06", "1563211", "89.197.168.150:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:27", "100", "False", "https://search.censys.io/hosts/89.197.168.150", "AS47474,C2,censys,Mythic,VIRTUAL1", "0", "DonPasci"
"2025-07-28 05:29:47", "1561533", "217.154.212.25:3000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:45:24", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-07-27 16:00:55", "1561181", "117.72.181.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:39", "100", "False", "https://search.censys.io/hosts/117.72.181.104", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-666666", "0", "DonPasci"
"2025-07-25 10:51:18", "1560617", "47.236.130.154:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:28", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-07-19 12:49:30", "1558329", "103.125.248.109:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-07-19 00:01:30", "1558180", "104.167.16.88:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-06-09 05:43:09", "100", "False", "https://search.censys.io/hosts/104.167.16.88", "AdaptixC2,AS16276,C2,censys,OVH", "0", "DonPasci"
"2025-07-18 12:51:20", "1558066", "193.112.84.248:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-07-18 08:01:12", "1558027", "206.189.227.148:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:28", "100", "False", "https://search.censys.io/hosts/206.189.227.148", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci"
"2025-07-18 06:02:25", "1557968", "test.accendente.tn", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2026-06-07 15:15:20", "100", "False", "https://tria.ge/250718-b6pkhstn19", "C2,domain,njrat,triage", "0", "DonPasci"
"2025-07-16 22:49:04", "1557619", "ns3.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-07-16 22:49:03", "1557618", "ns2.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-07-16 22:49:02", "1557617", "ns1.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-07-12 00:01:36", "1556099", "51.81.171.234:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:07", "100", "False", "https://search.censys.io/hosts/51.81.171.234", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci"
"2025-07-11 12:05:09", "1555914", "38.207.178.172:8002", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:45:37", "100", "False", "None", "AS139659,chaos,LUCIDACLOUD LIMITED", "0", "antiphishorg"
"2025-07-08 20:56:28", "1554642", "88.129.151.109:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:46:26", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-07-07 20:54:20", "1554340", "88.129.147.201:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:46:26", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-07-06 20:00:32", "1554064", "8.152.99.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:30", "100", "False", "https://search.censys.io/hosts/8.152.99.85", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-07-03 20:00:15", "1553070", "112.125.19.107:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:52", "100", "False", "https://search.censys.io/hosts/112.125.19.107", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci"
"2025-06-28 08:51:18", "1550284", "54.38.94.225:8886", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:46:09", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2025-06-27 06:58:55", "1549901", "217.154.212.25:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:16", "50", "False", "https://www.shodan.io/host/217.154.212.25#80", "c2,cobaltstrike,shodan", "0", "juroots"
"2025-06-25 04:00:19", "1549030", "156.227.233.153:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:36", "100", "False", "https://search.censys.io/hosts/156.227.233.153", "AS138152,C2,censys", "0", "dyingbreeds_"
"2025-06-21 18:56:08", "1548335", "107.173.122.193:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:51", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-21 18:55:13", "1548333", "ns3.admlistdel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-21 18:55:10", "1548330", "ns2.admlistdel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-20 06:01:32", "1547925", "82.156.156.160:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:29", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2025-06-18 08:02:37", "1546246", "191.93.118.254:9000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:13", "75", "False", "https://bazaar.abuse.ch/sample/9265a6e0b26a240f1f8bffddf3b36d0e533919d0c894bd66839a90e351961464/", "AsyncRAT,RAT", "0", "abuse_ch"
"2025-06-18 07:58:54", "1546232", "191.93.118.254:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:44:13", "75", "False", "https://bazaar.abuse.ch/sample/6ecbf71d231e9b9e7459b97c97d94aed467481b5b4f22af288bbaea5945c1af4/", "AsyncRAT,RAT", "0", "abuse_ch"
"2025-06-17 03:12:25", "1545615", "8.147.128.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-16 23:10:50", "1545597", "47.107.136.106:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:25", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-16 12:01:46", "1545348", "8.137.149.67:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:33", "100", "False", "https://search.censys.io/hosts/8.137.149.67", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-06-13 20:01:30", "1544612", "47.109.48.57:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:32", "100", "False", "https://search.censys.io/hosts/47.109.48.57", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-06-12 08:56:19", "1544039", "39.104.78.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:34", "100", "False", "https://search.censys.io/hosts/39.104.78.25", "AS37963,C2,censys", "0", "dyingbreeds_"
"2025-06-10 16:01:13", "1543390", "8.155.0.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:29", "100", "False", "https://search.censys.io/hosts/8.155.0.238", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-06-08 20:01:01", "1542759", "119.45.29.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:52", "100", "False", "https://search.censys.io/hosts/119.45.29.172", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2025-06-06 20:01:59", "1542057", "172.81.131.230:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:49", "100", "False", "https://search.censys.io/hosts/172.81.131.230", "AS27176,C2,censys,DATAWAGON,Mythic", "0", "DonPasci"
"2025-06-06 16:01:21", "1541666", "3.19.238.211:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:45:29", "100", "False", "https://search.censys.io/hosts/3.19.238.211", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci"
"2025-06-06 16:00:50", "1541652", "68.64.176.42:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:31", "100", "False", "https://search.censys.io/hosts/68.64.176.42", "AS139659,C2,censys,CobaltStrike,cs-watermark-391144938,LUCID-AS-AP", "0", "DonPasci"
"2025-06-06 02:53:59", "1541446", "ns1.admlistdel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-02 12:01:04", "1538881", "193.239.85.15:2083", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:17", "100", "False", "https://search.censys.io/hosts/193.239.85.15", "AS9009,C2,censys,Havoc,M247", "0", "DonPasci"
"2025-06-02 05:47:28", "1538799", "47.109.198.8:6000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:26", "50", "False", "https://www.shodan.io/host/47.109.198.8#6000", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots"
"2025-06-01 08:52:56", "1538358", "54.38.94.225:8885", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:46:09", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2025-05-31 07:45:39", "1537676", "101.43.91.156:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:55", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic"
"2025-05-31 07:45:38", "1537678", "59.110.7.32:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:43", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic"
"2025-05-30 08:53:21", "1536850", "99.112.198.249:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:46:33", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-05-30 08:00:11", "1536831", "129.28.85.210:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:38", "100", "False", "https://search.censys.io/hosts/129.28.85.210", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci"
"2025-05-30 02:55:17", "1536730", "111.229.4.108:2096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-05-29 22:26:34", "1536683", "161.35.176.231:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:41", "100", "False", "https://search.censys.io/hosts/161.35.176.231", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci"
"2025-05-28 08:01:49", "1535962", "217.154.212.25:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:25", "100", "False", "https://search.censys.io/hosts/217.154.212.25", "AS8560,C2,censys,IONOS-AS,Mythic", "0", "DonPasci"
"2025-05-28 08:01:49", "1535963", "159.89.36.127:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:40", "100", "False", "https://search.censys.io/hosts/159.89.36.127", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci"
"2025-05-26 20:01:30", "1534920", "8.216.80.229:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:17", "100", "False", "https://search.censys.io/hosts/8.216.80.229", "ALIBABA-CN-NET,AS45102,C2,censys,Sliver", "0", "DonPasci"
"2025-05-24 20:01:31", "1533613", "221.132.29.137:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:25", "100", "False", "https://search.censys.io/hosts/221.132.29.137", "AS45899,C2,censys,Mythic,VNPT-AS-VN", "0", "DonPasci"
"2025-05-24 11:13:44", "1533071", "1.15.174.189:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:41", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic"
"2025-05-23 05:34:51", "1532332", "8.140.239.162:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:43", "75", "False", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic"
"2025-05-22 23:55:29", "1532341", "msg.msdegeup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:38", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-05-22 20:01:48", "1532306", "178.217.98.23:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2026-06-09 05:43:56", "100", "False", "https://search.censys.io/hosts/178.217.98.23", "AS48282,censys,Chaos,panel,VDSINA-AS", "0", "DonPasci"
"2025-05-21 08:00:35", "1527752", "117.72.206.39:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:52", "100", "False", "https://search.censys.io/hosts/117.72.206.39", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-05-20 06:37:42", "1526357", "106.54.61.188:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:40", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-05-19 12:00:22", "1525628", "118.26.39.237:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:57", "100", "False", "https://search.censys.io/hosts/118.26.39.237", "AS135377,C2,censys,CobaltStrike,cs-watermark-666666666,UCLOUD-HK-AS-AP", "0", "DonPasci"
"2025-05-18 15:34:22", "1525250", "124.223.114.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:38", "100", "False", "https://intelinsights.substack.com/p/from-939-to-85-hunting-cobalt-strike", "censys,cobaltstrike", "0", "orlof_v"
"2025-05-18 08:05:45", "1525138", "47.108.139.103:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:52", "100", "False", "https://search.censys.io/hosts/47.108.139.103", "AS37963,censys,Viper", "0", "dyingbreeds_"
"2025-05-17 14:42:08", "1524773", "167.99.51.2:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:46", "50", "False", "https://www.shodan.io/host/167.99.51.2#31337", "c2,shodan,sliver", "0", "juroots"
"2025-05-17 08:00:32", "1524641", "167.99.51.2:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:46", "100", "False", "https://search.censys.io/hosts/167.99.51.2", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci"
"2025-05-17 06:27:29", "1524331", "8.216.80.229:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:17", "50", "False", "https://www.shodan.io/host/8.216.80.229#31337", "c2,shodan,sliver", "0", "juroots"
"2025-05-17 06:26:23", "1524319", "101.35.109.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:40", "50", "False", "https://www.shodan.io/host/101.35.109.246#443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots"
"2025-05-15 21:14:57", "1523466", "103.171.35.26:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:40", "75", "False", "https://x.com/abodovic1", "c2,censys,cobalt_strike", "0", "Abodovic"
"2025-05-15 21:14:47", "1523462", "60.204.169.16:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:43", "75", "False", "https://x.com/abodovic1", "c2,censys,cobalt_strike", "0", "Abodovic"
"2025-05-15 21:13:56", "1523434", "179.43.186.223:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:36", "75", "False", "https://x.com/abodovic1", "c2,censys,cobalt_strike", "0", "Abodovic"
"2025-05-15 05:25:01", "1523246", "8.134.70.73:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:07", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-05-13 14:08:42", "1521639", "8.134.70.73:88", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:33", "100", "False", "None", "beacon,c2,Cobalt Strike,CobaltStrike", "0", "pancak3lullz"
"2025-05-12 20:58:42", "1520343", "38.54.112.234:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-05-12 20:55:40", "1520342", "asusupdateserver.asuscomm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-05-11 06:11:06", "1519438", "47.109.190.151:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:52", "100", "False", "https://search.censys.io/hosts/47.109.190.151", "AS37963,censys,Viper", "0", "dyingbreeds_"
"2025-05-11 05:00:17", "1519450", "https://topguningit.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:03:05", "100", "False", "", "None", "0", "Rony"
"2025-05-09 05:36:03", "1518529", "47.108.140.10:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:52", "100", "False", "https://search.censys.io/hosts/47.108.140.10", "AS37963,censys,Viper", "0", "dyingbreeds_"
"2025-05-07 13:00:19", "1518023", "106.52.207.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-05-05 12:00:58", "1516147", "41.216.189.77:2096", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:40", "100", "False", "https://search.censys.io/hosts/41.216.189.77", "AS211138,C2,censys,Havoc,PRIVATEHOSTING-NET", "0", "DonPasci"
"2025-04-29 08:53:29", "1513590", "54.38.94.225:8882", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-08 08:45:26", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2025-04-29 08:43:42", "1513585", "107.143.144.154:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:43:12", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-04-25 08:10:27", "1511186", "23.254.215.118:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:27", "50", "False", "https://www.shodan.io/host/23.254.215.118#443", "c2,havoc,shodan", "0", "juroots"
"2025-04-22 12:21:47", "1509966", "167.71.13.103:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:45", "50", "False", "https://www.shodan.io/host/167.71.13.103#31337", "c2,shodan,sliver", "0", "juroots"
"2025-04-17 00:01:32", "1492577", "118.31.114.149:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:57", "100", "False", "https://search.censys.io/hosts/118.31.114.149", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-04-16 16:01:35", "1492480", "113.45.253.80:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:53", "100", "False", "https://search.censys.io/hosts/113.45.253.80", "AS55990,C2,censys,CobaltStrike,cs-watermark-666666666,HWCSNET", "0", "DonPasci"
"2025-04-16 08:01:30", "1492218", "112.126.68.61:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:46:02", "100", "False", "https://search.censys.io/hosts/112.126.68.61", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci"
"2025-04-15 16:02:30", "1492012", "47.83.134.97:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:45:53", "100", "False", "https://search.censys.io/hosts/47.83.134.97", "ALIBABA-CN-NET,AS45102,C2,censys,Havoc", "0", "DonPasci"
"2025-04-15 04:01:37", "1491748", "193.142.146.70:56004", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:16", "100", "False", "https://search.censys.io/hosts/193.142.146.70", "AS213438,C2,censys,COLOCATEL-INC,RAT,Remcos", "0", "DonPasci"
"2025-04-10 05:55:49", "1486437", "167.71.13.103:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:46", "90", "False", "https://search.censys.io/hosts/167.71.13.103", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_"
"2025-04-07 13:47:33", "1485438", "3.146.93.253:55502", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-09 01:13:04", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight"
"2025-04-07 12:47:32", "1485428", "3.146.93.253:55501", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-09 05:55:14", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight"
"2025-04-07 12:47:31", "1485431", "3.146.93.253:55590", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-09 03:18:30", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight"
"2025-04-07 12:47:30", "1485432", "3.146.93.253:55500", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-09 04:20:55", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight"
"2025-04-07 12:47:28", "1485433", "52.15.213.182:80", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-09 04:20:55", "100", "False", "None", "bot,Vo1d", "0", "Bitsight"
"2025-04-07 11:09:30", "1485407", "3.146.93.253:55600", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-09 05:24:07", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight"
"2025-04-07 11:09:30", "1485408", "gecsge4e1e5427f8.com", "domain", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-09 05:55:15", "100", "False", "None", "redirector,Vo1d", "0", "Bitsight"
"2025-04-05 05:50:37", "1484906", "52.14.24.94:80", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-09 03:18:31", "100", "False", "None", "bot,Vo1d", "0", "Bitsight"
"2025-04-02 10:08:14", "1463173", "38.46.218.36:9999", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-09 05:29:24", "100", "False", "None", "Vo1d", "0", "Bitsight"
"2025-04-02 10:08:13", "1463174", "38.46.218.38:9999", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-09 05:59:25", "100", "False", "None", "Vo1d", "0", "Bitsight"
"2025-04-02 10:08:12", "1463176", "38.46.218.39:9999", "ip:port", "botnet_cc", "apk.vo1d", "None", "vo1d", "2026-06-09 04:22:30", "100", "False", "None", "Vo1d", "0", "Bitsight"
"2025-04-02 08:01:26", "1463152", "200.107.126.227:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:26", "100", "False", "https://search.censys.io/hosts/200.107.126.227", "AS14754,C2,censys,Netsupport,RAT,TELECOMUNICACIONES", "0", "DonPasci"
"2025-04-01 10:24:30", "1462468", "43.143.229.126:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:33", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2025-03-28 04:00:35", "1459722", "193.142.146.70:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:16", "100", "False", "https://search.censys.io/hosts/193.142.146.70", "AS213438,C2,censys,COLOCATEL-INC,RAT,Remcos", "0", "DonPasci"
"2025-03-25 22:53:24", "1458716", "ehchq7m7rpvdr.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-03-24 06:29:33", "1457513", "103.142.147.17:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:05", "100", "False", "https://search.censys.io/hosts/103.142.147.17", "AS135581,censys,Viper", "0", "dyingbreeds_"
"2025-03-22 20:43:16", "1454148", "103.142.147.18:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:06", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch"
"2025-03-22 20:43:16", "1454149", "103.142.147.19:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:06", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch"
"2025-03-20 12:01:27", "1452404", "47.116.208.81:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:45", "100", "False", "https://search.censys.io/hosts/47.116.208.81", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-03-12 02:47:28", "1446559", "www.dyshop.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:44", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-03-11 12:01:13", "1446149", "210.2.169.213:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:31", "100", "False", "https://search.censys.io/hosts/210.2.169.213", "AS23966,C2,censys,Havoc,LDN-AS-PK", "0", "DonPasci"
"2025-03-06 04:01:35", "1441769", "51.81.171.234:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:46:07", "100", "False", "https://search.censys.io/hosts/51.81.171.234", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci"
"2025-03-04 00:00:37", "1440611", "43.153.2.113:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:21", "100", "False", "https://search.censys.io/hosts/43.153.2.113", "AS132203,C2,censys,CobaltStrike,cs-watermark-100000,TENCENT-NET-AP-CN", "0", "DonPasci"
"2025-03-03 12:01:16", "1440087", "15.204.95.228:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:30", "100", "False", "https://search.censys.io/hosts/15.204.95.228", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci"
"2025-03-02 20:01:03", "1439776", "150.5.174.231:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:31", "100", "False", "https://search.censys.io/hosts/150.5.174.231", "AS150436,BYTEPLUS-AS-AP,C2,censys,Mythic", "0", "DonPasci"
"2025-03-02 08:46:23", "1439368", "54.38.94.225:8887", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:46:09", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2025-03-01 20:47:46", "1439168", "47.129.171.26:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-03-01 20:46:51", "1439166", "ns.1.3.0o0.foo", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-03-01 20:46:51", "1439167", "ns.1.4.0o0.foo", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-02-17 10:47:48", "1414086", "169.239.129.45:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 10:46:10", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-02-14 00:01:07", "1411885", "192.52.167.140:80", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:16", "100", "False", "https://search.censys.io/hosts/192.52.167.140", "AS199959,C2,censys,CROWNCLOUD,Netsupport,RAT", "0", "DonPasci"
"2025-02-10 20:43:10", "1409420", "103.215.81.156:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:07", "75", "False", "None", "drb-ra,RAT", "0", "abuse_ch"
"2025-02-06 13:54:51", "1405307", "https://apworsindos.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:05:55", "100", "False", "", "None", "0", "Rony"
"2025-02-06 13:54:51", "1405308", "https://reminasolirol.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:14:17", "100", "False", "", "None", "0", "Rony"
"2025-02-05 22:51:06", "1404178", "20.74.209.192:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-02-02 16:00:48", "1402495", "62.60.226.42:43155", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:11", "100", "False", "https://search.censys.io/hosts/62.60.226.42", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci"
"2025-02-02 12:49:35", "1402480", "service-rchqbzvz-1301033415.sh.tencentapigw.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-02-01 08:44:50", "1399002", "173.44.141.226:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:52", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-02-01 04:00:38", "1398921", "62.60.226.6:43155", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:46:11", "100", "False", "https://search.censys.io/hosts/62.60.226.6", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci"
"2025-01-31 13:44:30", "1398820", "162.252.173.12:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:43", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-31 12:01:38", "1398810", "162.252.173.12:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:43", "100", "False", "https://search.censys.io/hosts/162.252.173.12", "AS9009,backdoor,C2,censys,M247,Ransomhub", "0", "DonPasci"
"2025-01-31 12:00:35", "1398803", "213.252.247.119:1111", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:33", "100", "False", "https://search.censys.io/hosts/213.252.247.119", "AS61272,C2,censys,IST-AS,RAT,Remcos", "0", "DonPasci"
"2025-01-31 08:45:58", "1398748", "193.203.49.90:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-07 18:43:57", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-31 07:01:30", "1398657", "8.134.108.73:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:17", "100", "False", "https://search.censys.io/hosts/8.134.108.73", "AS37963,censys,Viper", "0", "dyingbreeds_"
"2025-01-30 08:47:19", "1396136", "38.146.28.93:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:45:36", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-30 08:45:48", "1396135", "185.33.86.15:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:10", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-30 08:01:38", "1396130", "38.146.28.93:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:45:36", "100", "False", "https://search.censys.io/hosts/38.146.28.93", "AS174,backdoor,C2,censys,COGENT-174,Ransomhub", "0", "DonPasci"
"2025-01-30 08:01:37", "1396129", "193.203.49.90:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-07 18:43:57", "100", "False", "https://search.censys.io/hosts/193.203.49.90", "AS204957,backdoor,C2,censys,GREENFLOID-AS,Ransomhub", "0", "DonPasci"
"2025-01-30 04:01:31", "1396102", "185.33.86.15:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:10", "100", "False", "https://search.censys.io/hosts/185.33.86.15", "AS202015,backdoor,C2,censys,HZ-US-AS,Ransomhub", "0", "DonPasci"
"2025-01-26 08:46:00", "1394408", "54.38.94.225:8883", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:46:08", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2025-01-25 20:47:04", "1394158", "54.38.94.225:8880", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:46:08", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2025-01-24 15:38:52", "1393459", "wmds946t.life", "domain", "botnet_cc", "win.bumblebee", "COLDTRAIN,SHELLSTING,Shindig", "BumbleBee", "2026-06-08 05:43:29", "100", "False", "https://tria.ge/250121-r3kp6ayrbl", "bumblebee,c2,dcc3,dga", "0", "DonPasci"
"2025-01-23 07:00:09", "1391935", "173.44.141.226:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:52", "100", "False", "https://search.censys.io/hosts/173.44.141.226", "AS62904,backdoor,C2,censys,Ransomhub", "0", "DonPasci"
"2025-01-21 20:45:43", "1390969", "1brainfix.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2026-06-08 05:46:38", "50", "False", "", "anyrun,c2,njrat", "0", "juroots"
"2025-01-20 06:20:45", "1388561", "2ffahbg8eydhr96hx3x2lje2ymygt5iq.duckdns.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2026-06-07 15:18:17", "75", "False", "None", "njrat,RAT", "0", "SarlackLab"
"2025-01-18 16:10:00", "1386236", "https://135.181.31.18", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:10:58", "100", "False", "", "None", "0", "Gi7w0rm"
"2025-01-17 09:16:20", "1384954", "92.118.112.208:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:46:31", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 09:16:19", "1384953", "92.118.112.208:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:46:30", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 09:15:21", "1384933", "38.180.81.153:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:45:37", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 09:15:21", "1384934", "38.180.81.153:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:45:37", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 09:14:13", "1384921", "167.99.139.231:8004", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-06-09 05:43:46", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2025-01-17 09:13:19", "1384912", "185.174.101.240:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:04", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 09:13:19", "1384913", "185.174.101.240:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:04", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 09:13:19", "1384914", "185.174.101.69:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:04", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 09:13:19", "1384915", "185.174.101.69:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:44:04", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 09:12:27", "1384908", "108.181.115.171:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:13", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 09:12:27", "1384909", "108.181.115.171:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:13", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 09:12:27", "1384910", "108.181.182.143:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:13", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 09:12:27", "1384911", "108.181.182.143:8000", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-06-09 05:43:13", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch"
"2025-01-17 07:45:55", "1384790", "at1.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-17 07:45:55", "1384791", "at2.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-17 07:45:55", "1384792", "at3.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-15 00:03:52", "1383739", "ns3177629.ip-51-195-60.eu", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 07:08:40", "100", "False", "https://search.censys.io/hosts/51.195.60.102+ns3177629.ip-51-195-60.eu", "AS16276,C2,censys,Nosviak,OVH,Panel", "0", "DonPasci"
"2025-01-12 12:03:45", "1382512", "drrugs.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 07:08:40", "100", "False", "https://search.censys.io/hosts/51.195.60.102+drrugs.xyz", "AS16276,C2,censys,Nosviak,OVH,Panel", "0", "DonPasci"
"2025-01-10 13:55:47", "1381420", "77.238.236.123:18300", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:46:16", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-01-10 13:43:51", "1381067", "112.5.58.181:7001", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-06-09 05:43:15", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-01-10 09:14:38", "1380875", "update.mloadspring.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 09:14:38", "1380878", "upgrade.mloadspring.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 09:14:30", "1380837", "ns3.akawowfast.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 09:14:30", "1380841", "ns3.translategoos.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 09:14:29", "1380833", "ns2.translategoos.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:42", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 09:14:27", "1380818", "ns2.cmbchina.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 09:14:26", "1380815", "ns2.akawowfast.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 09:14:25", "1380811", "ns1.translategoos.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 09:14:20", "1380783", "ns1.akawowfast.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 09:14:20", "1380787", "ns1.cmbchina.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:39", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 08:18:57", "1380635", "8.219.78.159:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:35", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 08:18:43", "1380629", "70.34.196.238:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:33", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 08:18:28", "1380607", "47.98.134.252:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:31", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 08:17:37", "1380569", "38.54.115.233:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 08:17:20", "1380533", "207.148.68.118:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 08:16:21", "1380446", "139.180.189.95:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:05", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 08:15:44", "1380421", "118.25.91.151:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:52", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 08:15:43", "1380420", "117.72.39.83:43872", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:56", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-01-10 04:04:28", "1380232", "38.207.179.146:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:37", "100", "False", "https://search.censys.io/hosts/38.207.179.146", "AS139659,C2,censys,LUCID-AS-AP,Mythic", "0", "DonPasci"
"2025-01-02 07:44:34", "1377164", "47.99.93.43:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:30", "100", "False", "https://www.shodan.io/host/47.99.93.43", "as37963,c2,CobaltStrike,cs-watermark-100000,shodan", "0", "skocherhan"
"2025-01-01 04:03:19", "1376919", "86.124.168.255:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2026-06-09 05:46:25", "100", "False", "https://search.censys.io/hosts/86.124.168.255", "AS8708,c2,censys,RCS-RDS,SocGholish", "0", "DonPasci"
"2024-12-30 04:04:10", "1369624", "kurama.ltd", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-07 07:08:40", "100", "False", "https://search.censys.io/hosts/51.195.60.102+kurama.ltd", "AS16276,C2,censys,Nosviak,OVH,Panel", "0", "DonPasci"
"2024-12-24 08:00:43", "1359401", "8.153.97.202:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:28", "100", "False", "https://search.censys.io/hosts/8.153.97.202", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2024-12-24 04:01:34", "1359309", "91.199.154.103:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:28", "100", "False", "https://search.censys.io/hosts/91.199.154.103", "AS62212,C2,censys,Sliver", "0", "DonPasci"
"2024-12-20 09:04:31", "1358812", "47.93.240.197:65433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:46:32", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2024-12-16 16:01:41", "1357389", "45.56.69.210:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:47", "100", "False", "https://search.censys.io/hosts/45.56.69.210", "AKAMAI-LINODE-AP,AS63949,censys,EvilGoPhish,panel,Phishing", "0", "DonPasci"
"2024-12-12 06:21:40", "1356002", "113.44.90.0:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:15", "100", "False", "https://search.censys.io/hosts/113.44.90.0", "AS55990,censys,Viper", "0", "dyingbreeds_"
"2024-12-06 07:36:52", "1352876", "139.196.126.161:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:50", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2024-12-02 21:01:15", "1350210", "117.72.39.83:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:56", "100", "False", "https://search.censys.io/hosts/117.72.39.83", "AS141679,C2,censys", "0", "dyingbreeds_"
"2024-12-01 07:43:42", "1349957", "117.72.39.83:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:56", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2024-11-30 20:06:19", "1349567", "216.118.101.24:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:00", "100", "False", "", "censys,panel,Viper", "0", "NDA0E"
"2024-11-30 20:06:11", "1349531", "216.118.101.132:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:40", "100", "False", "", "censys,panel,Viper", "0", "NDA0E"
"2024-11-30 20:06:08", "1349510", "216.118.101.199:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:53", "100", "False", "", "censys,panel,Viper", "0", "NDA0E"
"2024-11-30 20:06:04", "1349492", "216.118.101.216:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:56", "100", "False", "", "censys,panel,Viper", "0", "NDA0E"
"2024-11-30 20:05:51", "1349438", "216.118.101.54:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:45:14", "100", "False", "", "censys,panel,Viper", "0", "NDA0E"
"2024-11-29 13:56:30", "1348902", "216.118.101.108:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:36", "100", "False", "", "Viper", "0", "dyingbreeds_"
"2024-11-27 19:47:54", "1348295", "47.90.142.15:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:43", "100", "False", "", "censys,CobaltStrike", "0", "NDA0E"
"2024-11-27 19:47:07", "1348026", "8.137.114.210:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:31", "100", "False", "", "censys,CobaltStrike", "0", "NDA0E"
"2024-11-19 18:00:05", "1346058", "servicioremotoempresas.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2024-10-30 17:53:55", "1340201", "146.70.158.198:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:28", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Sliver%20C2", "c2,sliver,sliverc2", "0", "TheRavenFile"
"2024-10-29 08:02:00", "1339913", "39.107.242.125:666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-07 10:46:17", "100", "False", "None", "CobaltStrike,cs-watermark-426352781", "0", "abuse_ch"
"2024-10-22 13:56:41", "1338675", "https://stripplasst.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:02:17", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci"
"2024-10-22 13:56:39", "1338673", "https://skinnyjeanso.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:10:43", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci"
"2024-10-22 13:56:34", "1338670", "https://coolarition.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:11:20", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci"
"2024-10-06 12:01:50", "1334295", "47.116.17.233:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 08:46:28", "100", "False", "https://search.censys.io/hosts/47.116.17.233", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2024-10-02 06:31:45", "1332624", "154.221.17.44:2888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:09", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch"
"2024-10-01 16:02:09", "1332328", "195.100.198.220:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:44:20", "100", "False", "https://search.censys.io/hosts/195.100.198.220", "AS5400,BT,C2,censys,Mythic", "0", "DonPasci"
"2024-09-25 08:00:47", "1329042", "118.25.148.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:39", "100", "False", "https://search.censys.io/hosts/118.25.148.25", "AS45090,C2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci"
"2024-09-22 15:34:40", "1327720", "http://fethard.biz/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:48", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:39", "1327719", "http://kavkaz.ru/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:50", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:37", "1327716", "http://konfiskat.org/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:48", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:36", "1327715", "http://xware.cjb.net/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:47", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:35", "1327713", "http://crutop.ru/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:49", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:34", "1327711", "http://cvv.ru/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:49", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:34", "1327712", "http://crutop.nu/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:49", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:33", "1327710", "http://kadet.ru/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:49", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:32", "1327708", "http://promo.ru/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:48", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:32", "1327709", "http://potleaf.chat.ru/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:49", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:30", "1327705", "http://fethard.biz/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:46", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:30", "1327706", "http://ldark.nm.ru/index.htm", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:48", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:29", "1327704", "http://hackers.lv/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:46", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:28", "1327703", "http://cvv.ru/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:45", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:27", "1327702", "http://www.redline.ru/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:45", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:25", "1327699", "http://devx.nm.ru/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:44", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:22", "1327695", "http://trojan.ru/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:47", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:19", "1327691", "http://crutop.ru/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:46", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-22 15:34:18", "1327690", "http://crutop.nu/index.php", "url", "botnet_cc", "win.berbew", "None", "Berbew", "2026-06-09 05:27:44", "100", "False", "", "Berbew", "0", "nickkuechel"
"2024-09-20 08:01:06", "1326604", "206.210.123.104:8889", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:28", "100", "False", "https://search.censys.io/hosts/206.210.123.104", "AS33130,C2,censys,IASL,RAT", "0", "DonPasci"
"2024-09-19 16:01:20", "1326366", "189.115.194.189:9990", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:12", "100", "False", "https://search.censys.io/hosts/189.115.194.189", "AS18881,C2,censys,RAT,TELEFONICA", "0", "DonPasci"
"2024-09-19 14:07:51", "1326051", "https://isomicrotich.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:11:51", "50", "False", "None", "1.7,Alpha", "0", "spamhaus"
"2024-09-19 14:07:50", "1326052", "https://rilomenifis.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:02:48", "50", "False", "None", "1.7,Alpha", "0", "spamhaus"
"2024-09-07 16:01:45", "1321901", "64.23.213.61:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:12", "100", "False", "https://search.censys.io/hosts/64.23.213.61", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci"
"2024-09-01 12:00:42", "1319266", "154.221.17.44:2666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:08", "100", "False", "https://search.censys.io/hosts/154.221.17.44", "AS142403,C2,censys,CobaltStrike,cs-watermark-666666666,YISUCLOUDLTD-HK", "0", "DonPasci"
"2024-08-30 07:05:10", "1317376", "https://pikchestop.com/test/", "url", "botnet_cc", "win.lactrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 05:58:51", "49", "False", "https://www.netskope.com/jp/blog/latrodectus-rapid-evolution-continues-with-latest-new-payload-features", "None", "0", "johannes"
"2024-08-30 07:05:10", "1317377", "https://indepahote.com/test/", "url", "botnet_cc", "win.lactrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-09 06:08:09", "49", "False", "https://www.netskope.com/jp/blog/latrodectus-rapid-evolution-continues-with-latest-new-payload-features", "None", "0", "johannes"
"2024-08-29 00:01:11", "1317070", "86.53.241.21:447", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:46:25", "100", "False", "https://search.censys.io/hosts/86.53.241.21", "AS3257,C2,censys,GTT-BACKBONE,RAT", "0", "DonPasci"
"2024-08-28 04:01:10", "1316706", "213.252.247.119:4444", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-09 05:44:34", "100", "False", "https://search.censys.io/hosts/213.252.247.119", "AS61272,C2,censys,IST-AS,RAT", "0", "DonPasci"
"2024-08-27 04:00:34", "1316522", "107.22.165.49:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:43:13", "100", "False", "https://search.censys.io/hosts/107.22.165.49", "AMAZON-AES,AS14618,C2,censys,RAT", "0", "DonPasci"
"2024-08-22 10:04:33", "1314694", "83.229.120.73:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:46:22", "100", "False", "https://search.censys.io/hosts/83.229.120.73", "AS139659,C2,censys,Mythic", "0", "DonPasci"
"2024-08-19 19:55:59", "1313657", "193.19.242.55:1443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:17", "100", "False", "https://search.censys.io/hosts/193.19.242.55", "AS35319,AS48964,C2,censys,RAT", "0", "DonPasci"
"2024-08-18 14:04:40", "1313194", "110.13.35.37:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:43:14", "100", "False", "https://search.censys.io/hosts/110.13.35.37", "AS9318,C2,censys,RAT,SKB-AS", "0", "DonPasci"
"2024-08-17 14:04:20", "1312402", "20.188.119.195:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:25", "100", "False", "https://search.censys.io/hosts/20.188.119.195", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci"
"2024-08-17 02:04:24", "1312338", "210.249.114.154:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:32", "100", "False", "https://search.censys.io/hosts/210.249.114.154", "AS2516,C2,censys,RAT", "0", "DonPasci"
"2024-08-16 14:02:33", "1312117", "20.188.119.195:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:44:25", "100", "False", "https://search.censys.io/hosts/20.188.119.195", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci"
"2024-08-15 22:40:43", "1311619", "23.24.178.35:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:45:26", "100", "False", "https://search.censys.io/hosts/23.24.178.35", "AS20214,C2,censys,COMCAST-20214,RAT", "0", "DonPasci"
"2024-08-15 22:40:39", "1311614", "120.25.239.36:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:43:17", "100", "False", "https://search.censys.io/hosts/120.25.239.36", "ALIBABA-CN-NET,AS37963,C2,censys,RAT", "0", "DonPasci"
"2024-08-11 21:50:57", "1309755", "146.70.158.198:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:29", "100", "False", "https://search.censys.io/hosts/146.70.158.198", "AS9009,C2,censys,M247", "0", "DonPasci"
"2024-07-09 19:05:36", "1296480", "43.138.0.179:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:34", "100", "False", "None", "CobaltStrike,cs-watermark-0,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2024-07-09 06:51:58", "1296006", "213.149.181.121:469", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:33", "50", "False", "https://search.censys.io/hosts/213.149.181.121", "CYTA-NETWORK Internet Services,NetSupportRAT", "0", "drb_ra"
"2024-07-09 06:51:48", "1296003", "20.105.139.205:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:25", "50", "False", "https://search.censys.io/hosts/20.105.139.205", "MICROSOFT-CORP-MSN-AS-BLOCK,NetSupportRAT", "0", "drb_ra"
"2024-07-08 06:51:14", "1295752", "210.249.114.153:80", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:32", "50", "False", "https://search.censys.io/hosts/210.249.114.153", "KDDI KDDI CORPORATION,NetSupportRAT", "0", "drb_ra"
"2024-07-07 03:48:38", "1295405", "23.24.178.33:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:45:26", "50", "False", "https://search.censys.io/hosts/23.24.178.33", "COMCAST-7922,NetSupportRAT", "0", "drb_ra"
"2024-07-03 06:52:14", "1292877", "210.249.114.154:80", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:32", "50", "False", "https://search.censys.io/hosts/210.249.114.154", "KDDI KDDI CORPORATION,NetSupportRAT", "0", "drb_ra"
"2024-07-01 10:05:40", "1291417", "198.244.197.118:9443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:22", "50", "False", "https://search.censys.io/hosts/198.244.197.118", "NetSupportRAT,OVH", "0", "drb_ra"
"2024-07-01 10:05:30", "1291414", "206.210.123.104:8888", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:28", "50", "False", "https://search.censys.io/hosts/206.210.123.104", "IASL,NetSupportRAT", "0", "drb_ra"
"2024-07-01 10:05:19", "1291411", "61.96.204.117:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:46:10", "50", "False", "https://search.censys.io/hosts/61.96.204.117", "DREAMX-AS DREAMLINE CO.,NetSupportRAT", "0", "drb_ra"
"2024-07-01 10:05:15", "1291410", "185.23.192.33:444", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:08", "50", "False", "https://search.censys.io/hosts/185.23.192.33", "NetSupportRAT,WINET", "0", "drb_ra"
"2024-07-01 10:05:10", "1291409", "2.136.235.200:3085", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:22", "50", "False", "https://search.censys.io/hosts/2.136.235.200", "NetSupportRAT,TELEFONICA_DE_ESPANA", "0", "drb_ra"
"2024-07-01 10:04:31", "1291397", "210.249.114.153:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-06-09 05:44:31", "50", "False", "https://search.censys.io/hosts/210.249.114.153", "KDDI KDDI CORPORATION,NetSupportRAT", "0", "drb_ra"
"2024-06-30 21:00:04", "1291297", "londopas.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2024-06-30 21:00:03", "1291296", "berjimek.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2024-06-30 10:13:19", "1291010", "www.qianxinnbplus.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:56", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,HKLNIL Landui Cloud ComputingHK Limited", "0", "drb_ra"
"2024-06-26 17:08:27", "1289464", "50.116.12.237:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-08 07:48:22", "100", "False", "None", "CobaltStrike,cs-watermark-426352781", "0", "abuse_ch"
"2024-06-26 17:07:43", "1289423", "152.32.202.240:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:07", "100", "False", "None", "CobaltStrike,cs-watermark-666666", "0", "abuse_ch"
"2024-06-22 06:45:48", "1287670", "91.199.154.103:34211", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:46:28", "50", "False", "https://search.censys.io/hosts/91.199.154.103", "Sliver", "0", "drb_ra"
"2024-06-16 14:42:03", "1285430", "ieee-ecce.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2024-06-16 14:42:03", "1285431", "kauzalvip.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2024-06-16 14:42:03", "1285432", "nakit-yok.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2024-06-16 14:42:03", "1285433", "nathanhr.services", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2024-06-10 09:26:05", "1283657", "support.whatsappsignup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:57", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,PEG TECH INC", "0", "drb_ra"
"2024-06-02 19:42:15", "1278385", "static.nvidiadrives.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2024-06-02 08:38:33", "1278172", "119.91.208.190:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:59", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2024-06-01 13:08:25", "1277937", "47.109.69.135:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:04", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra"
"2024-05-31 12:57:33", "1277588", "101.43.32.212:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:57", "100", "False", "None", "CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2024-05-29 12:53:46", "1276810", "asterchildrenshoes.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:06", "100", "False", "None", "BL Networks,CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2024-05-29 12:52:55", "1276802", "124.223.41.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:00", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2024-05-29 10:17:04", "1276786", "8.210.9.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:06", "100", "False", "None", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-0", "0", "drb_ra"
"2024-05-27 16:13:21", "1276244", "https://65.108.55.55:9000/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:10:27", "100", "False", "", "Vidar", "0", "crep1x"
"2024-05-25 22:18:29", "1275630", "pt-security.ru", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:57", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,MTW-AS", "0", "drb_ra"
"2024-05-24 13:15:35", "1274726", "47.92.127.53:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:04", "100", "False", "None", "CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra"
"2024-05-22 11:06:58", "1273973", "119.28.83.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:59", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Tencent Building Kejizhongyi Avenue", "0", "drb_ra"
"2024-05-21 18:51:48", "1273882", "51.15.16.116:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2026-06-09 05:46:06", "50", "False", "https://search.censys.io/hosts/51.15.16.116", "Online SAS,SocGholish", "0", "drb_ra"
"2024-05-21 12:53:29", "1273456", "139.159.203.44:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:00", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center", "0", "drb_ra"
"2024-05-19 07:56:13", "1272788", "123.58.198.236:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:00", "100", "False", "None", "CobaltStrike,cs-watermark-391144938,UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED", "0", "drb_ra"
"2024-05-16 07:53:43", "1271699", "vip8806.mom", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:57", "100", "False", "None", "CNSERVERS LLC,CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2024-05-15 22:13:26", "1271605", "blmdiscount.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:56", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,FBWNETWORKS", "0", "drb_ra"
"2024-05-15 22:13:26", "1271606", "91.238.181.235:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:06", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,FBWNETWORKS", "0", "drb_ra"
"2024-05-15 15:33:07", "1271347", "118.25.85.198:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:52", "100", "False", "https://search.censys.io/hosts/118.25.85.198", "AS45090,c2,censys,CobaltStrike,cs-watermark-305419896,TENCENT-NET-AP", "0", "DonPasci"
"2024-05-14 10:14:21", "1270684", "64.7.198.58:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:05", "100", "False", "None", "BLNWX,CobaltStrike,cs-watermark-426352781", "0", "drb_ra"
"2024-05-11 22:47:31", "1269727", "113.31.105.33:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:58", "100", "False", "None", "China Telecom (Group),CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2024-05-11 22:47:10", "1269724", "185.196.8.18:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:02", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Simple Carrier LLC", "0", "drb_ra"
"2024-05-11 22:47:09", "1269723", "action-winds.cfd", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:06", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Simple Carrier LLC", "0", "drb_ra"
"2024-05-11 22:47:08", "1269721", "microstar.cfd", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:07", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Simple Carrier LLC", "0", "drb_ra"
"2024-05-07 10:14:57", "1267565", "113.31.106.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:58", "100", "False", "None", "CHINANET-SHANGHAI-MAN China Telecom Group,CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2024-05-07 07:48:08", "1267486", "111.230.12.238:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:58", "100", "False", "https://search.censys.io/hosts/111.230.12.238", "AS45090,c2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci"
"2024-05-06 12:49:25", "1266959", "134.122.130.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:00", "100", "False", "None", "BGPNET Global ASN,CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2024-04-29 12:51:26", "1263972", "134.122.130.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:00", "100", "False", "None", "BGPNET Global ASN,CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2024-04-28 17:59:06", "1263319", "124.71.106.234:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:00", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,Huawei Cloud Service data center", "0", "drb_ra"
"2024-04-26 12:59:31", "1262666", "118.31.116.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:59", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra"
"2024-04-25 22:12:56", "1262568", "8.134.11.7:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:05", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2024-04-24 13:08:20", "1261845", "165.227.108.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:01", "100", "False", "None", "CobaltStrike,cs-watermark-970865301,DigitalOcean LLC", "0", "drb_ra"
"2024-04-23 18:05:49", "1260893", "80.66.75.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:06", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,GRIZ-INET-SERVICE", "0", "drb_ra"
"2024-04-23 18:05:43", "1260890", "101.201.54.74:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:57", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra"
"2024-04-21 15:09:17", "1259796", "62.204.41.11:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:05", "100", "False", "https://search.censys.io/hosts/62.204.41.11", "AS59425,c2,censys,CobaltStrike,cs-watermark-1580103824,HORIZONMSK-AS", "0", "DonPasci"
"2024-04-11 10:15:16", "1255726", "124.220.6.158:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:03", "100", "False", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28services.software.uniform_resource_identifier%3A+%60cpe%3A2.3%3Aa%3Afortra%3Acobalt_strike%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci"
"2024-04-11 10:15:15", "1255727", "124.220.6.158:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:03", "100", "False", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28services.software.uniform_resource_identifier%3A+%60cpe%3A2.3%3Aa%3Afortra%3Acobalt_strike%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci"
"2024-04-09 06:47:29", "1255012", "159.223.0.103:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:40", "50", "False", "https://search.censys.io/hosts/159.223.0.103", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra"
"2024-04-02 10:17:26", "1252542", "185.196.10.121:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:02", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,SIMPLECARRIER", "0", "drb_ra"
"2024-03-27 14:42:02", "1250157", "soneypaly.club", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2024-03-27 07:57:29", "1249815", "47.105.69.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:04", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2024-03-22 19:47:18", "1248363", "https://titnovacrion.top/live/", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "2026-06-09 06:02:40", "100", "False", "", "None", "0", "Cryptolaemus1"
"2024-03-09 20:54:40", "1245476", "47.100.87.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:04", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2024-03-06 20:55:37", "1244781", "194.165.16.55:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:03", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS", "0", "drb_ra"
"2024-03-06 10:12:56", "1244726", "googlesupportacc.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:07", "100", "False", "None", "ASSEFLOW,CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2024-02-21 22:13:19", "1241656", "121.43.55.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:59", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra"
"2024-02-07 10:12:21", "1237621", "qw.regcssv.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:10", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,FLYSERVERS-ASN", "0", "drb_ra"
"2024-02-03 19:38:15", "1236577", "ec2-3-22-66-152.us-east-2.compute.amazonaws.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:10", "100", "False", "https://search.censys.io/hosts/3.22.66.152+ec2-3-22-66-152.us-east-2.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys", "0", "thehappydinoa"
"2024-02-02 06:00:13", "1236276", "20.56.70.245:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:03", "80", "False", "None", "None", "0", "malpulse"
"2024-01-30 06:20:34", "1235332", "www.louangelwolf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:13", "100", "False", "", "cobaltstrike,cs-watermark-1551089073", "0", "myceliumbroker"
"2024-01-28 06:22:18", "1234854", "kkudndkwatnfevcaqeefytqnh.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:10", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker"
"2024-01-28 06:22:17", "1234859", "whxzqkbbtzvdyxdeseoiyujzs.co", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:12", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker"
"2024-01-28 06:22:17", "1234860", "uohhunkmnfhbimtagizqgwpmv.to", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:12", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker"
"2024-01-27 14:31:40", "1234928", "114.55.133.151:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:59", "100", "False", "https://search.censys.io/hosts/114.55.133.151", "AS37963,C2,censys", "0", "thehappydinoa"
"2024-01-27 14:31:20", "1234909", "117.72.39.83:30005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:56", "100", "False", "https://search.censys.io/hosts/117.72.39.83", "AS141679,C2,censys", "0", "thehappydinoa"
"2024-01-24 18:49:24", "1234304", "38.147.189.199:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:45:36", "50", "False", "https://search.censys.io/hosts/38.147.189.199", "Pupy RAT,XNNET", "0", "drb_ra"
"2024-01-23 13:53:21", "1233919", "www.idn15r69vh3fwhzclfoeuaoy.today", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:12", "100", "False", "https://search.censys.io/hosts/8.219.229.99+www.idn15r69vh3fwhzclfoeuaoy.today", "AS45102,C2,censys", "0", "thehappydinoa"
"2024-01-18 13:44:13", "1231802", "164-90-169-184.cprapid.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:12", "100", "False", "https://search.censys.io/hosts/164.90.169.184+164-90-169-184.cprapid.com", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa"
"2024-01-16 08:13:32", "1230963", "https://65.21.187.53/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-09 06:10:16", "100", "False", "", "Vidar", "0", "crep1x"
"2024-01-15 16:27:00", "1230909", "lz4.tiktok123.life", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:11", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker"
"2024-01-13 06:47:25", "1230478", "164.92.79.49:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:45", "50", "False", "https://search.censys.io/hosts/164.92.79.49", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra"
"2024-01-12 18:36:24", "1230429", "site.dev.hutechweb.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:12", "100", "False", "", "cobaltstrike,cs-watermark-987654321", "0", "myceliumbroker"
"2024-01-11 06:54:21", "1230076", "ns1.fiducaire.lu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:11", "100", "False", "", "cobaltstrike,cs-watermark-1263551644", "0", "myceliumbroker"
"2024-01-11 06:54:21", "1230077", "ns1.asurances.lu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:11", "100", "False", "", "cobaltstrike,cs-watermark-1263551644", "0", "myceliumbroker"
"2024-01-11 06:54:20", "1230078", "sagsblog.telinduslab.lu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:11", "100", "False", "", "cobaltstrike,cs-watermark-1263551644", "0", "myceliumbroker"
"2024-01-11 06:54:20", "1230079", "ns1.jocelynhealth.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:11", "100", "False", "", "cobaltstrike,cs-watermark-1590258876", "0", "myceliumbroker"
"2024-01-10 10:50:13", "1229840", "ns.emaratalyoum.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:11", "100", "False", "", "cobaltstrike,cs-watermark-1727139162", "0", "myceliumbroker"
"2024-01-10 06:48:20", "1229817", "161.35.239.147:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-06-09 05:43:41", "50", "False", "https://search.censys.io/hosts/161.35.239.147", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra"
"2024-01-09 14:55:19", "1229694", "emailmigration.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:10", "100", "False", "", "cobaltstrike,cs-watermark-1892870985", "0", "myceliumbroker"
"2024-01-09 14:55:17", "1229695", "ns1.emailmigration.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:11", "100", "False", "", "cobaltstrike,cs-watermark-1892870985", "0", "myceliumbroker"
"2024-01-09 08:45:29", "1229661", "111.92.243.236:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:58", "100", "False", "None", "CobaltStrike,cs-watermark-666666666,HFTCL-AS-AP High Family Technology Co. Limited", "0", "drb_ra"
"2024-01-06 17:30:58", "1228645", "wejqwed.link", "domain", "botnet_cc", "win.fickerstealer", "None", "Ficker Stealer", "2026-06-08 05:42:57", "100", "False", "", "None", "0", "Gi7w0rm"
"2024-01-06 17:30:44", "1228613", "ed2efjw.link", "domain", "botnet_cc", "win.fickerstealer", "None", "Ficker Stealer", "2026-06-08 05:42:57", "100", "False", "", "None", "0", "Gi7w0rm"
"2024-01-06 17:30:44", "1228614", "fasdas.link", "domain", "botnet_cc", "win.fickerstealer", "None", "Ficker Stealer", "2026-06-08 05:42:57", "100", "False", "", "None", "0", "Gi7w0rm"
"2024-01-05 21:31:13", "1228458", "139.9.62.19:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:01", "100", "False", "https://search.censys.io/hosts/139.9.62.19", "C2,censys", "0", "thehappydinoa"
"2024-01-05 14:48:41", "1228181", "101.133.225.51:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:47", "100", "False", "https://search.censys.io/hosts/101.133.225.51", "C2,censys", "0", "thehappydinoa"
"2024-01-05 06:45:36", "1228033", "143.110.151.209:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:25", "50", "False", "https://search.censys.io/hosts/143.110.151.209", "DIGITALOCEAN-ASN,Sliver", "0", "drb_ra"
"2024-01-02 14:31:12", "1227297", "106.54.209.36:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:58", "100", "False", "https://search.censys.io/hosts/106.54.209.36", "C2,censys", "0", "thehappydinoa"
"2023-12-30 11:33:25", "1226488", "astra4512.startdedicated.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:13", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,GD-EMEA-DC-SXB1", "0", "drb_ra"
"2023-12-27 22:15:29", "1224105", "cs.xcb.one", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:13", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra"
"2023-12-26 06:46:27", "1223678", "8.140.203.92:7817", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-09 05:46:17", "50", "False", "https://search.censys.io/hosts/8.140.203.92", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Deimos", "0", "drb_ra"
"2023-12-18 05:00:11", "1221451", "62.234.27.204:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:05", "80", "False", "None", "None", "0", "malpulse"
"2023-12-16 22:12:14", "1213636", "MicrosoftSyst3m.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:14", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,GLOBALLAYER", "0", "drb_ra"
"2023-12-15 18:59:31", "1213211", "117.72.39.83:33333", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:56", "100", "False", "https://search.censys.io/hosts/117.72.39.83", "C2,censys", "0", "thehappydinoa"
"2023-12-04 08:45:50", "1209246", "unzip2.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:14", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra"
"2023-11-24 08:21:04", "1205166", "techsyscloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-11-24 08:21:04", "1205167", "yify88.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:16", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-11-24 08:21:02", "1205164", "americcorp.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-11-22 20:04:09", "1204685", "tech-guard.vguard.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:15", "100", "False", "https://search.censys.io/hosts/44.204.120.159+tech-guard.vguard.tech", "AMAZON-AES,C2,censys", "0", "thehappydinoa"
"2023-11-15 20:24:37", "1202628", "ns.manager.moonlighter.space", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:15", "100", "False", "None", "CobaltStrike,cs-watermark-1893164628,DIGITALOCEAN-ASN", "0", "drb_ra"
"2023-11-09 17:50:07", "1201144", "101.34.222.38:60000", "ip:port", "botnet_cc", "apk.viper_rat", "None", "Viper RAT", "2026-06-09 05:43:04", "100", "False", "https://search.censys.io/hosts/101.34.222.38", "C2,censys,RAT", "0", "thehappydinoa"
"2023-11-09 04:06:44", "1200343", "dev.theokanegroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:16", "100", "False", "https://search.censys.io/hosts/134.209.164.110+dev.theokanegroup.com", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa"
"2023-11-06 21:04:29", "1199545", "38.54.115.233:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:19", "80", "False", "None", "None", "0", "malpulse"
"2023-11-06 18:07:30", "1199506", "bwyb.love", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:14", "100", "False", "https://search.censys.io/hosts/47.242.158.114+bwyb.love", "C2,censys", "0", "thehappydinoa"
"2023-11-05 15:00:42", "1199160", "www.sunwu.world", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:16", "100", "False", "https://search.censys.io/hosts/82.157.149.194+www.sunwu.world", "C2,censys", "0", "thehappydinoa"
"2023-10-24 10:39:59", "1192255", "139.155.148.131:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:00", "100", "False", "https://search.censys.io/hosts/139.155.148.131", "C2,censys", "0", "thehappydinoa"
"2023-10-20 21:57:56", "1191379", "www.goocoinorg.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:16", "100", "False", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=name%3A+www.goocoinorg.com&ref=threatfox", "C2,censys", "0", "thehappydinoa"
"2023-10-16 08:49:32", "1189545", "airlinesapp.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:14", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,DigitalOcean LLC", "0", "drb_ra"
"2023-10-13 19:49:34", "1188605", "lectricelfuel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:15", "100", "False", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=name%3A+lectricelfuel.com&ref=threatfox", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa"
"2023-10-12 01:35:38", "1187879", "143.110.151.209:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-06-09 05:43:25", "90", "False", "https://search.censys.io/hosts/143.110.151.209", "C2,censys,DIGITALOCEAN-ASN", "0", "thehappydinoa"
"2023-10-11 12:59:56", "1187462", "117.72.8.192:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:59", "100", "False", "https://search.censys.io/hosts/117.72.8.192", "C2,censys", "0", "thehappydinoa"
"2023-09-30 16:12:13", "1180378", "111.229.187.212:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:58", "80", "False", "None", "None", "0", "malpulse"
"2023-09-27 18:41:09", "1177540", "wcbradley.duckdns.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2026-06-08 05:46:37", "100", "False", "None", "c2,historicalandnew,NanoCore,rat", "0", "Gi7w0rm"
"2023-09-27 14:01:51", "1169282", "http://domcomp.info/1210776429.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:28", "100", "False", "None", "Azorult,c2,historicalandnew", "0", "Gi7w0rm"
"2023-09-27 13:58:49", "1168737", "http://boglogov.site/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:29", "100", "False", "None", "Azorult,c2,historicalandnew", "0", "Gi7w0rm"
"2023-09-21 09:29:08", "1165497", "igo0gle.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:13", "100", "False", "None", "AS-ALVIVA,CobaltStrike,cs-watermark-674054486", "0", "drb_ra"
"2023-09-20 18:47:20", "1165172", "8.217.217.243:8082", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-09 05:46:17", "50", "False", "https://search.censys.io/hosts/8.217.217.243", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Deimos", "0", "drb_ra"
"2023-09-10 22:37:10", "1161447", "muhoste.ddnsfree.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 15:18:17", "100", "False", "None", "c2,historicalandnew,remcos", "0", "Gi7w0rm"
"2023-09-10 22:37:00", "1161367", "remcoss.onmypc.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 15:18:17", "100", "False", "None", "c2,historicalandnew,remcos", "0", "Gi7w0rm"
"2023-09-10 22:36:02", "1160869", "systen32.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 15:18:17", "100", "False", "None", "c2,historicalandnew,remcos", "0", "Gi7w0rm"
"2023-09-10 22:36:01", "1160860", "remco102.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 15:18:18", "100", "False", "None", "c2,historicalandnew,remcos", "0", "Gi7w0rm"
"2023-09-10 22:35:56", "1160816", "cashout2018.ddnss.de", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 15:18:17", "100", "False", "None", "c2,historicalandnew,remcos", "0", "Gi7w0rm"
"2023-09-10 22:35:27", "1160557", "wiskiriski15.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 15:18:17", "100", "False", "None", "c2,historicalandnew,remcos", "0", "Gi7w0rm"
"2023-09-10 22:34:52", "1160369", "blazeblaze.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-08 05:46:38", "100", "False", "None", "c2,historicalandnew,remcos", "0", "Gi7w0rm"
"2023-09-10 22:34:50", "1160349", "bobo231.hopto.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 15:18:17", "100", "False", "None", "c2,historicalandnew,remcos", "0", "Gi7w0rm"
"2023-09-10 22:34:43", "1160286", "remco101.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 15:18:18", "100", "False", "None", "c2,historicalandnew,remcos", "0", "Gi7w0rm"
"2023-09-10 22:34:29", "1160163", "plunder.nsupdate.info", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-06-07 15:18:17", "100", "False", "None", "c2,historicalandnew,remcos", "0", "Gi7w0rm"
"2023-09-10 21:56:52", "1158651", "dynsys.is-a-guru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-08 10:22:31", "100", "False", "None", "AsyncRAT,c2,historicalandnew,mightcontainvariantsofasyncrat", "0", "Gi7w0rm"
"2023-09-10 21:12:28", "1157092", "manuel3.publicvm.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-06-08 05:46:37", "100", "False", "None", "c2,historicalandnew,QuasarRAT", "0", "Gi7w0rm"
"2023-09-09 20:06:55", "1155921", "csxv.sec.cm", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:14", "100", "False", "None", "CHANGWAY-AS,CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2023-09-05 21:52:59", "1155319", "43.136.38.59:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:04", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-08-26 18:42:05", "1152278", "withoutedge.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-08-26 18:42:04", "1152277", "thconnewfoot.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-08-26 18:42:03", "1152274", "caixas.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-08-26 18:42:03", "1152275", "ddllsearch.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-08-26 18:42:03", "1152276", "gepcash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-08-26 18:42:02", "1152272", "amazonclouds.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-08-26 18:42:02", "1152273", "amur-city.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:17", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-08-23 11:56:21", "1151693", "43.153.222.28:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:46", "100", "False", "None", "CobaltStrike,cs-watermark-100000,Tencent Building Kejizhongyi Avenue", "0", "drb_ra"
"2023-08-14 18:46:43", "1149951", "164.92.145.128:7810", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-06-09 05:43:44", "50", "False", "https://search.censys.io/hosts/164.92.145.128", "Brute Ratel C4,DIGITALOCEAN-ASN", "0", "drb_ra"
"2023-08-14 16:00:05", "1149946", "pctor.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-08-14 16:00:04", "1149945", "tehomics.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-08-14 16:00:03", "1149944", "instant-healthonline.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:20", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-08-05 14:38:23", "1148731", "stratpringl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:20", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,PINDC-AS", "0", "drb_ra"
"2023-08-04 11:01:52", "1148487", "onlinetechdesk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:21", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike,cs-watermark-587247372", "0", "drb_ra"
"2023-08-03 10:25:44", "1146843", "harmonyshoused.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:21", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,HVC-AS", "0", "drb_ra"
"2023-08-03 10:24:41", "1146834", "api.office-updates.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:14", "100", "False", "None", "CobaltStrike,cs-watermark-494165167,DIGITALOCEAN-ASN", "0", "drb_ra"
"2023-08-02 10:24:58", "1146619", "mkbkygbgwcdc.buzz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:19", "100", "False", "None", "CobaltStrike,cs-watermark-391144938,KAOPU-HK Kaopu Cloud HK Limited", "0", "drb_ra"
"2023-08-01 17:58:59", "1146287", "trenity.top", "domain", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2026-06-08 05:44:02", "100", "False", "None", "C2,redline,stealer", "0", "Gi7w0rm"
"2023-08-01 17:58:11", "1145844", "fhgerbugjreqnhfegrb.top", "domain", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2026-06-08 05:44:02", "100", "False", "None", "C2,redline,stealer", "0", "Gi7w0rm"
"2023-07-31 11:01:39", "1144026", "ekostroy33.ru", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:37", "100", "False", "None", "AS-SUISSE,CobaltStrike,cs-watermark-0", "0", "drb_ra"
"2023-07-30 09:53:51", "1143796", "rupertok.su", "domain", "botnet_cc", "win.systembc", "Coroxy,DroxiDat", "SystemBC", "2026-06-08 10:19:57", "100", "False", "", "None", "0", "Gi7w0rm"
"2023-07-30 09:53:50", "1143770", "logstat17.club", "domain", "botnet_cc", "win.systembc", "Coroxy,DroxiDat", "SystemBC", "2026-06-08 10:19:56", "100", "False", "", "None", "0", "Gi7w0rm"
"2023-07-30 09:53:49", "1143738", "bernieforweeed.com", "domain", "botnet_cc", "win.systembc", "Coroxy,DroxiDat", "SystemBC", "2026-06-08 10:19:57", "100", "False", "", "None", "0", "Gi7w0rm"
"2023-07-30 09:53:49", "1143750", "dexblog90.club", "domain", "botnet_cc", "win.systembc", "Coroxy,DroxiDat", "SystemBC", "2026-06-08 10:19:57", "100", "False", "", "None", "0", "Gi7w0rm"
"2023-07-30 09:53:49", "1143758", "fb01ddd.xyz", "domain", "botnet_cc", "win.systembc", "Coroxy,DroxiDat", "SystemBC", "2026-06-08 10:19:57", "100", "False", "", "None", "0", "Gi7w0rm"
"2023-07-30 09:53:48", "1143712", "admstat45.xyz", "domain", "botnet_cc", "win.systembc", "Coroxy,DroxiDat", "SystemBC", "2026-06-08 10:19:57", "100", "False", "", "None", "0", "Gi7w0rm"
"2023-07-25 10:17:22", "1140114", "tcessolution.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:16", "100", "False", "None", "AS202973,CobaltStrike,cs-watermark-587247372", "0", "drb_ra"
"2023-07-18 17:57:56", "1138741", "http://aloowforest.xyz/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:35", "100", "False", "https://app.any.run/tasks/c4d44b15-e208-4db2-b119-351ceef1f068", "Lumma,Stealer", "0", "g0njxa"
"2023-07-18 05:35:24", "1138601", "http://speedtestip.xyz/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:34", "100", "False", "https://app.any.run/tasks/05cd0861-68b0-4b15-8ad4-6179430d986d", "Lumma,stealer", "0", "g0njxa"
"2023-07-16 18:51:47", "1138390", "http://many-verses.xyz/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:35", "100", "False", "https://app.any.run/tasks/16736490-2916-42c4-9a6a-e2d2ea841ce3", "KjGtqi,Lumma,Stealer", "0", "g0njxa"
"2023-07-16 15:56:48", "1138361", "http://worldofpoetry.xyz/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:35", "100", "False", "https://app.any.run/tasks/9f4ac06d-5c74-4405-be6c-86be69bf66e0", "Lumma,Stealer", "0", "g0njxa"
"2023-07-15 15:27:17", "1138204", "http://crazypictures.xyz/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:34", "100", "False", "https://app.any.run/tasks/1f182b9d-da31-498f-8e04-c26d6f999d35", "Lumma,Stealer", "0", "g0njxa"
"2023-07-15 12:48:31", "1138196", "rw1.sentrysource.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:11", "100", "False", "None", "CobaltStrike,cs-watermark-93937751,ROGERS-COMMUNICATIONS", "0", "drb_ra"
"2023-07-11 05:33:00", "1137213", "http://clonecloud-my.xyz/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:34", "100", "False", "https://app.any.run/tasks/2162c485-a4a5-45d4-a304-cc6e812b3577", "Lumma,Stealer,YT6gHy", "0", "g0njxa"
"2023-07-03 15:42:02", "1135804", "pedagogists.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-07-03 15:42:01", "1135803", "cdnsupply.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:21", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-07-03 07:07:02", "1135691", "http://agustfreeday-my.xyz/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:33", "100", "False", "https://app.any.run/tasks/bbe7d580-0a5e-4ec6-9658-c4821455d624", "iOqpIq,Lumma,Stealer", "0", "g0njxa"
"2023-06-29 22:01:01", "1135028", "localhost.exchange", "domain", "botnet_cc", "win.systembc", "Coroxy,DroxiDat", "SystemBC", "2026-06-08 10:19:57", "100", "False", "", "SystemBC,viaAmadey", "0", "Gi7w0rm"
"2023-06-29 06:30:24", "1134732", "http://flowers-my.xyz/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:33", "100", "False", "https://app.any.run/tasks/88e5e14b-87b8-4df1-a647-8889c32b68d2", "Lumma,Stealer", "0", "g0njxa"
"2023-06-28 22:51:22", "1134787", "1.15.248.225:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:57", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-26 08:12:17", "1134128", "check1.judicical.ml", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:36", "100", "False", "None", "CNSERVERS,CobaltStrike,cs-watermark-100000000", "0", "drb_ra"
"2023-06-26 08:11:33", "1134127", "check.judicical.ml", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:36", "100", "False", "None", "CNSERVERS,CobaltStrike,cs-watermark-100000000", "0", "drb_ra"
"2023-06-22 17:12:29", "1133505", "usadevgroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:22", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,WAICORE-TRANSIT", "0", "drb_ra"
"2023-06-20 18:49:40", "1132563", "103.27.186.185:9001", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:43:08", "50", "False", "https://search.censys.io/hosts/103.27.186.185", "Pupy RAT,SNL-HK Starry Network Limited", "0", "drb_ra"
"2023-06-19 19:49:43", "1131885", "http://gservice-node.io/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:33", "100", "False", "https://twitter.com/crep1x/status/1670881176364408833", "Lumma,stealer", "0", "crep1x"
"2023-06-16 22:15:55", "1131330", "http://217.12.206.230/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:33", "100", "False", "https://app.any.run/tasks/4e682046-d702-46c7-91c5-6f2a6c9a0909/", "Lumma,Stealer", "0", "g0njxa"
"2023-06-11 22:26:06", "1128165", "heastings.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:21", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,M247", "0", "drb_ra"
"2023-06-09 20:00:05", "1127715", "unitechdb.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:23", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-06-09 20:00:04", "1127713", "cornptia.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-06-09 20:00:04", "1127714", "eyefinancemonitor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-06-08 16:27:41", "1127447", "surplusofer.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:22", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,HVC-AS", "0", "drb_ra"
"2023-06-04 19:33:16", "1126526", "http://185.99.133.246/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:32", "100", "False", "None", "Lumma,stealer", "0", "0xw4ifu"
"2023-05-25 15:42:02", "1122048", "dianqi2.dianqi1.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:37", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra"
"2023-05-25 15:41:46", "1122047", "dianqi1.dianqi2.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:37", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra"
"2023-05-25 15:41:31", "1122046", "dianqi2.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:37", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra"
"2023-05-25 15:41:10", "1122045", "dianqi1.jiayongdianqi.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:37", "100", "False", "None", "CobaltStrike,cs-watermark-492498911,XNNET LLC", "0", "drb_ra"
"2023-05-24 19:36:26", "1121462", "skynet-i.asuscomm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:42", "100", "False", "None", "CobaltStrike,cs-watermark-987654321,STC-AS PJSC Rostelecom Krasnodar", "0", "drb_ra"
"2023-05-24 19:35:48", "1121460", "update.microsoftapply.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:46:43", "100", "False", "None", "CobaltStrike,cs-watermark-Not Found,DediPath", "0", "drb_ra"
"2023-05-23 12:37:36", "1120772", "australiansuper.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:22", "100", "False", "None", "Amazon.com Inc.,CobaltStrike,cs-watermark-348901740", "0", "drb_ra"
"2023-05-19 14:21:26", "1119456", "popshues.top", "domain", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2026-06-08 05:44:02", "100", "False", "https://app.any.run/tasks/81097f33-5d06-4dd7-94b4-9be75ebc320b", "Redline", "0", "g0njxa"
"2023-05-16 10:00:03", "1116637", "sheersdesigns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:23", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-05-16 10:00:02", "1116636", "artmicrodesign.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:23", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-05-14 08:10:28", "1115696", "http://195.123.227.138/c2sock", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-06-07 15:14:33", "100", "False", "https://app.any.run/tasks/c31fecf8-b6fc-4d4a-a212-64b3d852e449", "Lumma,Stealer", "0", "g0njxa"
"2023-05-10 18:49:37", "1114522", "103.27.186.185:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:43:08", "50", "False", "https://search.censys.io/hosts/103.27.186.185", "Pupy RAT,SNL-HK Starry Network Limited", "0", "drb_ra"
"2023-05-07 14:05:24", "1113010", "http://cpinfo.sustainable-development-partners.com/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:27", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-05-06 16:13:31", "1112839", "situotech.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:23", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,HARMONYHOSTING-AS", "0", "drb_ra"
"2023-05-05 12:41:05", "1111457", "35.201.196.246:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2026-06-09 05:45:34", "50", "False", "https://search.censys.io/hosts/35.201.196.246", "GOOGLE-CLOUD-PLATFORM,Pupy RAT", "0", "drb_ra"
"2023-05-04 06:46:43", "1110863", "39.106.36.96:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-09 05:45:38", "50", "False", "https://search.censys.io/hosts/39.106.36.96", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Deimos", "0", "drb_ra"
"2023-05-04 06:46:41", "1110862", "36.95.131.171:9091", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-09 05:45:35", "50", "False", "https://search.censys.io/hosts/36.95.131.171", "Deimos,TELKOMNET-AS-AP PT Telekomunikasi Indonesia", "0", "drb_ra"
"2023-05-04 06:46:35", "1110860", "18.162.155.202:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-09 05:43:56", "50", "False", "https://search.censys.io/hosts/18.162.155.202", "AMAZON-02,Deimos", "0", "drb_ra"
"2023-05-04 06:46:33", "1110859", "8.218.26.114:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-09 05:46:18", "50", "False", "https://search.censys.io/hosts/8.218.26.114", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Deimos", "0", "drb_ra"
"2023-05-04 06:46:30", "1110858", "3.209.12.178:3060", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "2026-06-09 05:45:29", "50", "False", "https://search.censys.io/hosts/3.209.12.178", "AMAZON-AES,Deimos", "0", "drb_ra"
"2023-05-01 06:10:12", "1109418", "http://171.22.30.164/papi/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:27", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-04-26 15:45:17", "1108158", "http://muhosransk.site/annabel/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:28", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-04-22 18:00:03", "1106335", "maboloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:23", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-04-22 18:00:03", "1106336", "matong.buzz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:23", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-04-21 10:20:17", "1105988", "qw.sveexec.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:23", "100", "False", "None", "CobaltStrike,cs-watermark-1580103824,GLOBALLAYER", "0", "drb_ra"
"2023-04-19 06:00:48", "1104749", "http://azla3e.shop/dbkl/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:28", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-04-18 08:25:24", "1104483", "http://45.88.66.207/purelog/Panel/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:28", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-04-15 12:28:52", "1103771", "77.242.250.36:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:05", "100", "False", "None", "CobaltStrike,cs-watermark-1416875320", "0", "drb_ra"
"2023-04-12 09:02:56", "1102558", "lls-rs.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:23", "100", "False", "None", "CobaltStrike,cs-watermark-0,PROSPERO-AS", "0", "drb_ra"
"2023-04-12 08:11:32", "1102556", "http://171.22.30.164/smith/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:29", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-04-11 12:00:18", "1101911", "http://dblg023.shop/bill1/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:28", "75", "False", "https://bazaar.abuse.ch/sample/f00cdfd984eccedd6447987cc68bb5f308954f393e855440a69ff6d565e74794/", "azorult", "0", "abuse_ch"
"2023-04-11 09:00:22", "1101855", "http://45.88.66.207/newone/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:29", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-04-11 08:55:14", "1101853", "http://171.22.30.147/abbey/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:29", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-04-10 13:30:09", "1101508", "http://bll5e.shop/dbkl/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:29", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-04-06 09:00:40", "1099977", "http://45.88.66.207/oxza/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:29", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-04-04 08:01:21", "1097046", "http://141.98.6.162/office/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:29", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-04-03 07:21:03", "1096685", "iony.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-04-03 07:21:03", "1096686", "office36o.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-04-03 07:21:02", "1096683", "feyrijavac.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-04-03 07:21:02", "1096684", "fidelyus.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-03-29 22:27:30", "1095276", "jacketsupport.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:23", "100", "False", "None", "CobaltStrike,cs-watermark-587247372,GLOBALLAYER", "0", "drb_ra"
"2023-03-29 04:51:21", "1095042", "duckducklive.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:24", "100", "False", "https://www.virustotal.com/gui/file/b5da1db6d69f2f872e603beb0f121c68f3320ed33a0c9835bfc1a931d177c947", "391144938,Beacon,Cobalt Strike,CobaltStrike", "0", "AndreGironda"
"2023-03-28 15:52:23", "1094484", "louvree.abudhabe.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:20", "100", "False", "None", "CobaltStrike,cs-watermark-1826426664,EMIRATES-INTERNET Emirates Internet", "0", "drb_ra"
"2023-03-20 17:21:02", "1092077", "jquerymaingame.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-03-20 17:21:02", "1092078", "mail-my-account.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-03-20 17:21:02", "1092079", "my-accounts-gooogle.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-03-20 17:21:02", "1092080", "pegistrationads.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-03-20 17:21:01", "1092075", "eaglehardwares.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-03-20 17:21:01", "1092076", "information.baby", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-03-20 13:36:29", "1092009", "moviegallerys.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:24", "100", "False", "None", "CobaltStrike,cs-watermark-206546002,UAB Cherry Servers", "0", "drb_ra"
"2023-03-17 22:40:17", "1091575", "acroserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:24", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,Flyservers S.A.", "0", "drb_ra"
"2023-03-17 19:45:49", "1091535", "atechniques.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:24", "100", "False", "None", "AEZA-AS,CobaltStrike,cs-watermark-674054486", "0", "drb_ra"
"2023-03-17 13:33:15", "1091454", "winsatoom.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:25", "100", "False", "None", "AS-CHOOPA,CobaltStrike,cs-watermark-668694132", "0", "drb_ra"
"2023-03-16 16:25:27", "1091275", "http://turkie.ac.ug/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:29", "100", "False", "None", "AZORult", "0", "abuse_ch"
"2023-03-13 04:47:12", "1087542", "devoinnanote.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:24", "100", "False", "None", "CobaltStrike,cs-watermark-2130772225,SHARKTECH", "0", "drb_ra"
"2023-03-07 21:49:32", "1086187", "marduk.top", "domain", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2026-06-08 05:44:02", "75", "False", "", "Redline", "0", "crep1x"
"2023-03-01 18:10:00", "1084848", "http://45.12.253.74/pineapple.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "2026-06-08 05:44:45", "100", "False", "https://twitter.com/crep1x/status/1630992258584518656", "GCleaner", "0", "crep1x"
"2023-03-01 18:09:59", "1084846", "http://45.12.253.56/advertisting/plus.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "2026-06-08 05:44:45", "100", "False", "https://twitter.com/crep1x/status/1630992258584518656", "GCleaner", "0", "crep1x"
"2023-03-01 18:09:58", "1084845", "http://45.12.253.72/default/puk.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "2026-06-08 05:44:44", "100", "False", "https://twitter.com/crep1x/status/1630992258584518656", "GCleaner", "0", "crep1x"
"2023-02-26 09:03:09", "1082976", "ponzinivek.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-02-26 09:03:09", "1082977", "ruplearben.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-02-26 09:03:09", "1082978", "talonbilling.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-02-26 09:03:09", "1082979", "gorillagaz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-02-26 09:03:09", "1082980", "chanimoblie.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-02-25 14:42:02", "1082871", "kbnexc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-02-25 14:42:01", "1082870", "jquerysslx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-02-25 13:15:07", "1082838", "e-servicesolutions.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:25", "100", "False", "None", "AEZA GROUP Ltd,CobaltStrike,cs-watermark-674054486", "0", "drb_ra"
"2023-02-24 02:30:56", "1082591", "devsecurityservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:26", "100", "False", "None", "CobaltStrike,cs-watermark-674054486,Flyservers S.A.", "0", "drb_ra"
"2023-02-23 13:06:07", "1082417", "www.vmware.rest", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:28", "100", "False", "None", "AS-CHOOPA,CobaltStrike,cs-watermark-1234567890", "0", "drb_ra"
"2023-02-22 07:55:15", "1081877", "http://45.12.253.72/default/stuk.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "2026-06-08 05:44:44", "100", "False", "https://twitter.com/wwp96/status/1628273497708326912", "GCleaner", "0", "abuse_ch"
"2023-02-22 07:55:15", "1081878", "http://45.12.253.75/dll.php", "url", "botnet_cc", "win.gcleaner", "None", "GCleaner", "2026-06-08 05:44:45", "100", "False", "https://twitter.com/wwp96/status/1628273497708326912", "GCleaner", "0", "abuse_ch"
"2023-02-17 18:25:01", "1081018", "galspost.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:26", "100", "False", "None", "CobaltStrike,cs-watermark-1101991775,Microsoft Corporation", "0", "drb_ra"
"2023-02-16 14:54:22", "1080735", "imvcatool.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:26", "100", "False", "None", "AEZA-AS,CobaltStrike,cs-watermark-674054486", "0", "drb_ra"
"2023-02-04 19:39:46", "1078198", "aspnetcenter.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:28", "100", "False", "None", "CobaltStrike,Web Gostaran Bandar Company PJS", "0", "drb_ra"
"2023-02-04 18:42:02", "1078172", "audelr.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-02-04 18:42:02", "1078173", "csou.link", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-02-04 18:42:02", "1078174", "integrated-security.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-02-04 18:42:02", "1078175", "uranustechsolution.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-02-03 17:24:39", "1078062", "getsafeblog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:28", "100", "False", "None", "CobaltStrike,PLI-AS", "0", "drb_ra"
"2023-02-03 00:16:03", "1077913", "39.107.242.125:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:20", "75", "False", "https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-39-107-242-125-port-80/", "CobaltStrike,RedPacketSecurity", "0", "abuse_ch"
"2023-02-02 19:40:26", "1076907", "qw.svcshosvt.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:27", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra"
"2023-02-02 19:39:18", "1076896", "nxsimdevelop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:26", "100", "False", "None", "AEZA-AS,CobaltStrike", "0", "drb_ra"
"2023-02-01 02:21:19", "1075651", "appdevtechnology.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:25", "100", "False", "None", "AEZA-AS,CobaltStrike", "0", "drb_ra"
"2023-01-31 15:09:13", "1075540", "dbx.formsift.io", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:26", "100", "False", "None", "Amazon.com Inc.,CobaltStrike", "0", "drb_ra"
"2023-01-29 11:29:55", "1075020", "devcloudpro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:29", "100", "False", "None", "CobaltStrike,FLYSERVERS-ENDCLIENTS", "0", "drb_ra"
"2023-01-28 09:40:24", "1074894", "164.90.158.199:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:44", "50", "False", "https://search.censys.io/hosts/164.90.158.199", "DIGITALOCEAN-ASN,Mythic", "0", "drb_ra"
"2023-01-28 09:40:10", "1074890", "145.131.8.169:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:27", "50", "False", "https://search.censys.io/hosts/145.131.8.169", "Mythic,SENTIA", "0", "drb_ra"
"2023-01-28 09:26:29", "1074833", "130.61.124.23:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-09 05:43:19", "50", "False", "https://search.censys.io/hosts/130.61.124.23", "Covenant,ORACLE-BMC-31898", "0", "drb_ra"
"2023-01-25 19:42:03", "1074144", "support-wellsfargovis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-01-25 19:42:02", "1074141", "recoverporta1.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-01-25 19:42:02", "1074142", "recoverportal2.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-01-25 19:42:02", "1074143", "recoveryweb2.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:30", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-01-23 20:33:42", "1073670", "vd-ntds.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:28", "100", "False", "None", "CobaltStrike,PROSPERO-AS", "0", "drb_ra"
"2023-01-20 14:21:02", "1070164", "hnsxpharm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-01-20 14:21:02", "1070165", "myjqueryss.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-01-20 14:21:02", "1070167", "telusmobility-billed.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-01-20 14:21:02", "1070168", "thenbkgroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2023-01-20 11:23:14", "1070137", "avdev.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:29", "100", "False", "None", "CobaltStrike,Flyservers S.A.", "0", "drb_ra"
"2023-01-19 19:53:20", "1069980", "qw.execsvct.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:30", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra"
"2023-01-19 14:15:53", "1069895", "azurecloudfire.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:30", "100", "False", "None", "CobaltStrike,ITRESHENIYA-AS", "0", "drb_ra"
"2023-01-19 11:23:42", "1069868", "goupdatemic.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:30", "100", "False", "None", "CobaltStrike,GOOGLE", "0", "drb_ra"
"2023-01-18 02:29:29", "1069579", "mwg-update.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:31", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra"
"2023-01-13 17:37:32", "1068206", "goodsport2023.win", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:31", "100", "False", "None", "CobaltStrike,VOM", "0", "drb_ra"
"2023-01-12 21:56:23", "1068079", "blackandwhiteshoose.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:30", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra"
"2023-01-12 20:55:06", "1068045", "qw.svcrencst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:31", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra"
"2023-01-12 14:45:18", "1067954", "realsecuritystore.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:31", "100", "False", "None", "CobaltStrike,Private Layer INC", "0", "drb_ra"
"2023-01-12 13:04:56", "1067924", "fixx.sbs", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:27", "100", "False", "None", "CobaltStrike,SNEL", "0", "drb_ra"
"2023-01-11 10:59:45", "1067646", "allowedcloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:28", "100", "False", "None", "CobaltStrike,HIVELOCITY Inc.", "0", "drb_ra"
"2022-12-31 19:48:39", "1064196", "freegaysnews.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:32", "100", "False", "None", "CHERRYSERVERS2-AS,CobaltStrike", "0", "drb_ra"
"2022-12-31 18:58:09", "1064176", "topgamenetwork.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:32", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra"
"2022-12-31 16:21:02", "1064173", "zfuxwvouqvnttpsrxe.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:52", "1064075", "cloudyspaces.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:52", "1064076", "666621.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:51", "1064069", "144.217.207.19:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:51", "1064070", "allsdone.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:51", "1064071", "ipsandwich.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:51", "1064072", "cookieholder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:51", "1064073", "pingcheker.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:51", "1064074", "wagonovk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:43", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:50", "1064062", "microsoftupdateassist.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:50", "1064063", "qvibova.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:50", "1064064", "cloudwebpictures.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:50", "1064065", "metalkost.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:50", "1064066", "m7r4r2i2.stackpathcdn.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:50", "1064067", "online.cloudwebpictures.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:49", "1064057", "bartiba.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:49", "1064058", "varnart.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:49", "1064059", "nsfdfdfdf.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:49", "1064060", "micorsoft.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:49", "1064061", "aigouing.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:48", "1064046", "ksplsoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:48", "1064047", "lastinsuranceteam.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:48", "1064048", "msdnsservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:48", "1064049", "securequoteme.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:48", "1064050", "techdevcorp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:48", "1064051", "syncorporation.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:48", "1064052", "visualstudioapp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:48", "1064053", "altreeservicellc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:48", "1064054", "discountshadesdirect.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:48", "1064055", "setechnowork.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:48", "1064056", "technicollit.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:47", "1064038", "shiyicaster.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:47", "1064039", "cdn-top.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:47", "1064040", "onesecondservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:47", "1064041", "vpnupdaters.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:47", "1064042", "rodinscoldly.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:47", "1064043", "antariscapital.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:47", "1064044", "ftwealthmgt.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:47", "1064045", "iconiq-capitel.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:46", "1064031", "asset-trades.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:46", "1064032", "telemetrin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:46", "1064033", "secupdate4win.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:46", "1064034", "cdn-start.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:46", "1064035", "capitalmanagementdata.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:46", "1064036", "lawsolutions.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:45", "1064024", "diegomaster.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:45", "1064025", "dp-test1.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:45", "1064026", "cloudkey.digital", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:45", "1064027", "updatevpncitrix.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:45", "1064028", "classgum.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:45", "1064029", "edgeupdater.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:45", "1064030", "gfcbm.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:44", "1064016", "barmnava.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:44", "1064017", "firewallwithadvancedserurity.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:44", "1064018", "lgbtqplusfriendlydomain.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:44", "1064019", "market-stats.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:31", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:44", "1064020", "apabfs.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:44", "1064021", "fziomerof.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:44", "1064022", "fserd.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:44", "1064023", "verofes.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:43", "1064015", "postofficeltdc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:42", "1064006", "jarvcza.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:42", "1064007", "teystyjeem.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:42", "1064008", "faceupfinder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:42", "1064009", "costacancordia.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:42", "1064010", "lapsusareskids.world", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:42", "1064011", "msupdater.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:28", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:42", "1064012", "dwordname.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:42", "1064013", "trademot.finance", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:42", "1064014", "agreminj.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:41", "1063998", "exchangeallltd.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:26", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:41", "1063999", "guggenheimpartners-survey.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:26", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:41", "1064000", "caresalonservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:26", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:41", "1064001", "just-findncall.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:26", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:41", "1064002", "fluoxi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:26", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:41", "1064003", "buynet.digital", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:41", "1064004", "everythingchecker.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:41", "1064005", "dezword.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:40", "1063995", "goksearch.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:25", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:40", "1063996", "polyhaz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:26", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:40", "1063997", "data-protection-test.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:26", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:39", "1063992", "update04.microsoft-essentials.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:38", "1063991", "akaluij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:36", "1063989", "43.129.7.189:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:18", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:36", "1063990", "82.156.241.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:24", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:33", "1063985", "donormix.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:33", "1063986", "hardicki.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:33", "1063987", "stfconnect.onthewifi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:26", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:33", "1063988", "agsdef.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:22", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:32", "1063978", "observerinfo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:32", "1063979", "dehikz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:32", "1063980", "cocanewline.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:32", "1063981", "rainqor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:32", "1063982", "axelkim.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:29", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:32", "1063983", "azimurs.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:27", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:32", "1063984", "innovativesitecreations.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:12", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:31", "1063972", "creditscore.usbankcreditcards.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:31", "1063975", "megumin.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:31", "1063976", "loanhelp.support", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:11", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:31", "1063977", "volsecure.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:30", "1063966", "domtern.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:30", "1063968", "drakr.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:30", "1063969", "devcisco.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:09", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:30", "1063971", "web-news-blog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:10", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:29", "1063963", "bankafrika.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:29", "1063964", "mssfr.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:29", "1063965", "edgekey.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:08", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:28", "1063955", "webyoutubeshop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:28", "1063956", "extic.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:28", "1063957", "reykh.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:28", "1063959", "propertynewsclub.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:28", "1063960", "afindisc.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:28", "1063961", "propertyinfogroup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:28", "1063962", "topnewscompany.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:07", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:27", "1063950", "baidenfree.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:03", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:27", "1063951", "directoryupdate.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:27", "1063952", "azmnetwork.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:27", "1063953", "onevisioncommunications.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:04", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:27", "1063954", "campioni-imam.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:05", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:26", "1063943", "serviceapp1.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:00", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:26", "1063944", "softcloud.digital", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:01", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:26", "1063945", "appmind.center", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:01", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:26", "1063946", "ms-data.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:01", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:26", "1063947", "oracleup.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:01", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:26", "1063948", "topinfocompany.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:01", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:26", "1063949", "blockchainstartups-crypto.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:03", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:25", "1063934", "expresssmash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:25", "1063935", "vgroz.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:02", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:25", "1063936", "baidengop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:25", "1063937", "ofilopex.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:25", "1063938", "aabancaa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:00", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:25", "1063939", "shermango.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:00", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:25", "1063940", "nongxinyin.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:00", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:25", "1063941", "a6m1n.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:00", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:25", "1063942", "emailbox.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:00", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:24", "1063926", "wxtencent.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:24", "1063927", "emergeno.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:24", "1063928", "browngreeer.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:24", "1063929", "processdec.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:24", "1063931", "sndm-sndm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:24", "1063932", "sinergil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:24", "1063933", "vinergil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:59", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:23", "1063918", "westtherr.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:57", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:23", "1063919", "quickaccestwo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:57", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:23", "1063920", "usgrim.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:57", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:23", "1063921", "onelivemusicshop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:57", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:23", "1063922", "zomerax.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:57", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:23", "1063923", "fsamon.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:57", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:23", "1063924", "sscimails.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:23", "1063925", "agentrecovery.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:06", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:22", "1063909", "entertainok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:22", "1063910", "jatafatuna.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:22", "1063911", "pluyk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:22", "1063912", "affinm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:22", "1063913", "gijoxupe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:22", "1063914", "vangshares.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:58", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:22", "1063915", "fudupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:22", "1063917", "contemporaryto.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:21", "1063902", "ziono.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:21", "1063903", "lolutow.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:21", "1063904", "niht12.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:21", "1063905", "slfcorporate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:21", "1063906", "baidu-cdn-10.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:21", "1063907", "jandoz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:21", "1063908", "casevor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:55", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:20", "1063897", "gotroops.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:20", "1063898", "wtxservice.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:20", "1063899", "xevayuhace.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:20", "1063900", "suppcat.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:20", "1063901", "softloadup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:54", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:19", "1063889", "asbetysh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:19", "1063890", "ascagliarinish.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:19", "1063891", "ascasdsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:19", "1063892", "aschamp79sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:19", "1063893", "aschnurmansh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:19", "1063894", "aseleeeksh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:19", "1063895", "asensvsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:18", "1063880", "artist2actresssh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:18", "1063881", "arturprikhodkosh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:18", "1063882", "arvin78sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:18", "1063883", "arvind567shahsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:18", "1063884", "arvindkkumsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:18", "1063885", "arvosash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:18", "1063886", "arwalsersh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:18", "1063887", "aryaarieash.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:18", "1063888", "aryalalexsh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:51", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:17", "1063870", "dovaxanil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:17", "1063871", "hehegahu.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:17", "1063872", "agriculturemachineries.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:17", "1063873", "arhipenkolenagenesh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:17", "1063874", "aritmiagenesh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:17", "1063875", "artes911sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:17", "1063876", "arthas89sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:17", "1063877", "arthurstevens62sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:17", "1063878", "arthurtaylor13sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:17", "1063879", "artis214sh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:50", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:16", "1063864", "zipo-cons.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:16", "1063865", "fazehotafa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:16", "1063866", "zendriol.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:16", "1063867", "sezezapa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:16", "1063868", "sorekipe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:16", "1063869", "zezinuwe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:49", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:15", "1063858", "shrekf.art", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:15", "1063859", "amaniza.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:15", "1063860", "microcloud.pro", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:15", "1063861", "anexuss.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:15", "1063862", "edictsoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:15", "1063863", "out1etshops.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:14", "1063851", "stepnbayac.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:14", "1063852", "chickenpoken.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:14", "1063853", "hockeysmall.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:14", "1063854", "orthodoxok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:14", "1063855", "cocesovo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:14", "1063856", "familyinsurancepartner.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:14", "1063857", "senebuvuyi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:13", "1063848", "fincheck.site", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:44", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:13", "1063849", "svchosst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:13", "1063850", "conhosst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:12", "1063843", "maximumservers.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:12", "1063844", "conferencedesk.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:12", "1063845", "bluetechsupply.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:12", "1063846", "allgroupservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:46", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:12", "1063847", "acitopram.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:13", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:11", "1063838", "businessservicesolution.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:56", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:11", "1063839", "gravyblicus.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:32", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:11", "1063840", "firmwarekey.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:11", "1063841", "updateraccount.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:11", "1063842", "mvnetworking.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:10", "1063832", "avasecurityservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:47", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:10", "1063833", "extranetserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:48", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:10", "1063834", "clacem.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:10", "1063835", "eonline-cdn.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:10", "1063836", "cagohufe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:41", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:10", "1063837", "vezawahoy.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:42", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:09", "1063826", "tetafup.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:39", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:09", "1063827", "api-trend-micro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:40", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:09", "1063828", "digital-hardware.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:52", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:09", "1063829", "aboutdatabasesoftware.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:09", "1063830", "high-control.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:09", "1063831", "soft-base.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:53", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:08", "1063821", "iptvr.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:08", "1063823", "mingw.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:08", "1063824", "transfercloud.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:08", "1063825", "flashcom.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:45", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:07", "1063818", "sciencelifedata.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:07", "1063819", "bookingsupport.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:37", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:07", "1063820", "ateyakima.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:38", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:06", "1063813", "buy1walmart.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:06", "1063816", "drbeat.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:06", "1063817", "aialadin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:36", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:05", "1063810", "hhkj222.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:34", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:05", "1063811", "yw2204.shop", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:05", "1063812", "nordicqlobal.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:35", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:04", "1063806", "favls.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:04", "1063807", "linkkedin.life", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:04", "1063808", "magellanfit.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:48:03", "1063805", "afspd.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:46:51", "1063804", "164.92.70.225:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:14", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-30 19:44:07", "1063802", "abritrum-bridges.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:33", "75", "False", "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_platforms.txt", "CobaltStrike,threatview-io", "0", "abuse_ch"
"2022-12-28 19:56:09", "1063208", "a.wv2022.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:32", "100", "False", "None", "CobaltStrike,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra"
"2022-12-28 02:22:09", "1063123", "apacheorg.wiki", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:32", "100", "False", "None", "CLOUDIE-AS-AP Cloudie Limited,CobaltStrike", "0", "drb_ra"
"2022-12-24 19:00:50", "1062406", "updatemicrotok.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:32", "100", "False", "None", "AS-SERVERION,CobaltStrike", "0", "drb_ra"
"2022-12-19 21:43:42", "1053949", "eserverx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:33", "100", "False", "None", "AEZA-AS,CobaltStrike", "0", "drb_ra"
"2022-12-19 11:41:44", "1050306", "cmdatabase.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:28", "100", "False", "None", "ADM Service Ltd.,CobaltStrike", "0", "drb_ra"
"2022-12-17 12:12:59", "1050198", "cloudmane.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:33", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra"
"2022-12-13 11:43:38", "1036758", "8.212.49.116:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:06", "100", "False", "None", "Alibaba (US) Technology Co. Ltd.,CobaltStrike", "0", "drb_ra"
"2022-12-12 01:38:31", "1036111", "qw.conhoosst.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:34", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra"
"2022-12-08 20:45:56", "1035723", "expoglobalservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:34", "100", "False", "None", "CobaltStrike,TIER-NET", "0", "drb_ra"
"2022-12-07 20:05:59", "1035558", "www.microsofer.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:38", "100", "False", "None", "CobaltStrike,Tencent Building Kejizhongyi Avenue", "0", "drb_ra"
"2022-12-05 20:03:53", "1031731", "googlecontentuser.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:34", "100", "False", "https://twitter.com/TheDFIRReport/status/1599780643222654976", "CobaltStrike", "0", "abuse_ch"
"2022-12-05 19:27:32", "1031726", "test.227api.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:21", "100", "False", "None", "CobaltStrike,YISUCLOUDLTD-HK YISU CLOUD LTD", "0", "drb_ra"
"2022-12-05 11:42:38", "1029025", "palalto.live", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:35", "100", "False", "None", "CobaltStrike,Private Layer INC", "0", "drb_ra"
"2022-12-04 20:18:27", "1028963", "esoftwareupdates.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:34", "100", "False", "None", "ASGHOSTNET,CobaltStrike", "0", "drb_ra"
"2022-12-02 21:28:11", "1028767", "globalplayservices.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:34", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra"
"2022-12-02 20:50:52", "1028737", "rapidfinact.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:35", "100", "False", "None", "CobaltStrike,SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd", "0", "drb_ra"
"2022-12-02 20:38:18", "1028720", "globalsteamclub.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:34", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra"
"2022-12-01 20:32:20", "1028501", "get-music-online.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:34", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra"
"2022-11-27 16:10:54", "1024554", "msndla.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:34", "100", "False", "None", "CobaltStrike,PONYNET", "0", "drb_ra"
"2022-11-24 11:54:46", "1023854", "childhealthresources.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:01", "100", "False", "None", "AMAZON-02,CobaltStrike", "0", "drb_ra"
"2022-11-24 11:50:52", "1023821", "360safeupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:33", "100", "False", "None", "CobaltStrike,Tencent Building Kejizhongyi Avenue", "0", "drb_ra"
"2022-11-20 10:32:06", "1021044", "aksaholdings.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:35", "100", "False", "None", "Amazon.com Inc.,CobaltStrike", "0", "drb_ra"
"2022-11-15 06:56:25", "1012628", "msisfx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:36", "100", "False", "https://twitter.com/malware_traffic/status/1592262598195646464", "CobaltStrike", "0", "abuse_ch"
"2022-11-12 17:46:46", "1009773", "get-smartbuyer.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:36", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra"
"2022-11-10 11:51:33", "1000509", "qw.stakcl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:35", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra"
"2022-11-08 20:20:30", "991420", "sogouupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:33", "100", "False", "None", "CobaltStrike,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra"
"2022-11-07 20:10:29", "985010", "dnsupdatecheck.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:35", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra"
"2022-11-04 11:23:08", "973832", "ipulsecloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:39", "100", "False", "None", "CobaltStrike,FLYSERVERS-ENDCLIENTS", "0", "drb_ra"
"2022-11-03 12:12:17", "964538", "zadiguser.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:40", "50", "False", "", "None", "1", "_ik_"
"2022-11-03 12:12:17", "964540", "wasazokiwo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:48", "50", "False", "", "None", "1", "_ik_"
"2022-11-03 12:12:17", "964541", "yuwajeni.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:41", "50", "False", "", "None", "1", "_ik_"
"2022-11-03 12:12:17", "964542", "yavahiyil.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:40", "50", "False", "", "None", "1", "_ik_"
"2022-11-03 12:12:17", "964543", "rabihino.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:53", "50", "False", "", "None", "1", "_ik_"
"2022-11-03 12:12:17", "964545", "nokevohoh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:55", "50", "False", "", "None", "1", "_ik_"
"2022-11-03 12:12:17", "964546", "rawocav.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:54", "50", "False", "", "None", "1", "_ik_"
"2022-11-03 12:12:17", "964548", "deyikurihe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:54", "50", "False", "", "None", "1", "_ik_"
"2022-10-30 19:51:44", "952862", "freshuper.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:36", "100", "False", "None", "CobaltStrike,tzulo inc.", "0", "drb_ra"
"2022-10-29 12:32:13", "952596", "reebons.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:37", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra"
"2022-10-29 12:23:49", "952587", "gaswert.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:37", "100", "False", "None", "CobaltStrike,GLOBAL INTERNET SOLUTIONS LLC", "0", "drb_ra"
"2022-10-29 11:54:42", "952582", "sajij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:37", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra"
"2022-10-29 10:14:36", "952555", "asasyz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:36", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra"
"2022-10-29 10:12:26", "952552", "agazud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:36", "100", "False", "None", "CobaltStrike,LLC Baxet", "0", "drb_ra"
"2022-10-29 09:57:36", "952534", "tuuik.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:37", "100", "False", "None", "CobaltStrike,GLOBAL INTERNET SOLUTIONS LLC", "0", "drb_ra"
"2022-10-29 09:56:46", "952528", "alfuhin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:38", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra"
"2022-10-27 23:43:27", "950974", "amaladin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:36", "100", "False", "None", "CobaltStrike,HOSTKEY-USA", "0", "drb_ra"
"2022-10-26 10:09:11", "949937", "aualadin.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:36", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra"
"2022-10-23 13:42:10", "916136", "bthserv.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:37", "100", "False", "None", "CobaltStrike,Internet Solutions & Innovations LTD.", "0", "drb_ra"
"2022-10-23 13:37:35", "916115", "nuesro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:37", "100", "False", "None", "CobaltStrike,Partner LLC", "0", "drb_ra"
"2022-10-23 13:36:50", "916100", "pasadonline.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:35", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra"
"2022-10-22 19:40:40", "915911", "worldsgates.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:38", "100", "False", "None", "CobaltStrike,LUCIDACLOUD LIMITED", "0", "drb_ra"
"2022-10-22 19:39:30", "915908", "protramal.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:39", "100", "False", "None", "CobaltStrike,Perviy TSOD LLC", "0", "drb_ra"
"2022-10-22 01:11:02", "915846", "spltst.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:37", "100", "False", "None", "CobaltStrike,combahton GmbH", "0", "drb_ra"
"2022-10-16 13:10:54", "891477", "cehocihit.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:49", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-PHX", "0", "drb_ra"
"2022-10-16 12:38:04", "891461", "cloudmicro.pro", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:47", "100", "False", "None", "CobaltStrike,PLI-AS", "0", "drb_ra"
"2022-10-13 21:41:28", "887212", "keycloud.live", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:39", "100", "False", "None", "CobaltStrike,PARTNER-AS", "0", "drb_ra"
"2022-10-13 21:13:41", "886703", "activeservers.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:53", "100", "False", "None", "Amati Foundation,CobaltStrike", "0", "drb_ra"
"2022-10-13 21:12:51", "886693", "newyearbalance.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:38", "100", "False", "None", "CHERRYSERVERS3-AS,CobaltStrike", "0", "drb_ra"
"2022-10-13 21:02:36", "886516", "xamayojir.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:41", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-PHX", "0", "drb_ra"
"2022-10-13 20:58:25", "886499", "xicefoga.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:57", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-WDC", "0", "drb_ra"
"2022-10-13 19:51:56", "884091", "ams-prd-cob.nl", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:43", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-10-13 19:35:22", "883488", "tagujog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:41", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-PHX", "0", "drb_ra"
"2022-10-13 19:32:23", "883412", "mysqlserver.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:52", "100", "False", "None", "CobaltStrike,ICME", "0", "drb_ra"
"2022-10-13 19:23:44", "883142", "xuluxetas.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:41", "100", "False", "None", "CobaltStrike,LEASEWEB-USA-NYC", "0", "drb_ra"
"2022-10-12 17:16:11", "880419", "hadujaza.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:45", "100", "False", "https://www.trendmicro.com/en_us/research/22/j/black-basta-infiltrates-networks-via-qakbot-brute-ratel-and-coba.html", "CobaltStrike", "0", "abuse_ch"
"2022-10-05 18:54:33", "871733", "softsupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:39", "100", "False", "https://twitter.com/1ZRR4H/status/1577718910652129280", "CobaltStrike", "0", "abuse_ch"
"2022-10-05 18:54:33", "871734", "anushl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:39", "100", "False", "https://twitter.com/1ZRR4H/status/1577718910652129280", "CobaltStrike", "0", "abuse_ch"
"2022-09-29 08:45:45", "858399", "anbush.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:42", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch"
"2022-09-29 08:45:45", "858402", "get-topservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:40", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch"
"2022-09-29 08:45:45", "858403", "msoftupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:39", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch"
"2022-09-29 08:45:45", "858404", "pregabas.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:39", "100", "False", "https://twitter.com/1ZRR4H/status/1575364140285267970", "CobaltStrike", "0", "abuse_ch"
"2022-09-22 11:26:18", "851096", "34.92.131.12:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:44", "100", "False", "None", "CobaltStrike,Google LLC", "0", "drb_ra"
"2022-09-20 16:58:14", "850706", "87.246.7.38:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:45", "75", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch"
"2022-09-20 16:57:02", "850701", "cloudmicro.tech", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:42", "100", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch"
"2022-09-20 16:57:02", "850702", "fregiyu.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:43", "100", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch"
"2022-09-20 16:57:02", "850704", "microcloud.live", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:42", "100", "False", "https://twitter.com/1ZRR4H/status/1572261285139714051", "CobaltStrike", "0", "abuse_ch"
"2022-09-17 21:24:41", "850260", "154.22.117.31:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:44", "100", "False", "None", "CobaltStrike,Cogent Communications", "0", "drb_ra"
"2022-09-14 22:07:14", "849761", "198.98.53.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:44", "100", "False", "None", "CobaltStrike,PONYNET", "0", "drb_ra"
"2022-09-05 19:10:52", "847988", "globallookclub.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:05", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:50", "847986", "realfunsolutions.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:07", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:48", "847972", "www.service1app.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:04", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:48", "847975", "youronlinesports.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:04", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:48", "847976", "yourinfosolutions.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:04", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:48", "847978", "login.onemusic24.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:06", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:48", "847981", "zx.jacollans.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:05", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:47", "847942", "satorkar.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:54", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:47", "847943", "er.theinfoinc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:56", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:47", "847957", "realmacnow.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:59", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:47", "847958", "onemusicllc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:59", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:47", "847959", "ateliernow.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:59", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:47", "847960", "er.dropklant.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:58", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:46", "847929", "sprinthunter.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:47", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:46", "847930", "newstamagavk.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:47", "100", "False", "", "None", "0", "_ik_"
"2022-09-05 19:10:46", "847934", "www.onestepstar.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:52", "100", "False", "", "None", "0", "_ik_"
"2022-09-01 06:45:17", "847124", "115.75.66.68:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:16", "75", "False", "https://bazaar.abuse.ch/sample/8f7649bc068b21404fe08229026859aaa468634963eca11cc64b661fa64a6880/", "asyncrat", "0", "abuse_ch"
"2022-09-01 06:45:16", "847123", "115.75.66.68:6821", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:16", "75", "False", "https://bazaar.abuse.ch/sample/8f7649bc068b21404fe08229026859aaa468634963eca11cc64b661fa64a6880/", "asyncrat", "0", "abuse_ch"
"2022-09-01 06:45:14", "847122", "115.75.66.68:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:16", "75", "False", "https://bazaar.abuse.ch/sample/8f7649bc068b21404fe08229026859aaa468634963eca11cc64b661fa64a6880/", "asyncrat", "0", "abuse_ch"
"2022-09-01 06:40:24", "847121", "115.75.66.68:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-06-09 05:43:16", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch"
"2022-08-31 18:29:19", "847028", "barabezo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:49", "100", "False", "https://bazaar.abuse.ch/sample/08ec3f13e8637a08dd763af6ccb46ff8516bc46efaacb1e5f052ada634a90c0e/", "CobaltStrike", "0", "abuse_ch"
"2022-08-31 16:32:01", "847018", "alojun.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:46", "100", "False", "", "None", "0", "_ik_"
"2022-08-31 16:32:01", "847019", "asdder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:46", "100", "False", "", "None", "0", "_ik_"
"2022-08-31 16:32:01", "847020", "www.zominoz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:48", "100", "False", "", "None", "0", "_ik_"
"2022-08-30 14:06:50", "846483", "asorock0011.ddns.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2026-06-08 05:46:38", "75", "False", "https://medium.com/@the_abjuri5t/nanocore-rat-hunting-guide-cb185473c1e0", "NanoCore,RAT", "0", "abuse_ch"
"2022-08-30 14:06:38", "846369", "office365update.duckdns.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2026-06-07 15:18:17", "75", "False", "https://medium.com/@the_abjuri5t/nanocore-rat-hunting-guide-cb185473c1e0", "NanoCore,RAT", "0", "abuse_ch"
"2022-08-30 06:22:11", "846258", "jevomukif.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:53", "100", "False", "https://raw.githubusercontent.com/pan-unit42/tweets/master/2022-08-29-IOCs-for-Monster-Libra-TA551-IcedID-with-Cobalt-Stike.txt", "CobaltStrike", "0", "abuse_ch"
"2022-08-20 06:53:07", "844214", "msdnupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:53", "100", "False", "", "CobaltStrike", "0", "abuse_ch"
"2022-08-20 06:53:07", "844215", "msdupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:55", "100", "False", "", "CobaltStrike", "0", "abuse_ch"
"2022-08-18 12:15:06", "843958", "caxoxc.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:56", "100", "False", "", "CobaltStrike", "0", "abuse_ch"
"2022-08-16 11:38:21", "843546", "47.108.180.121:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:04", "100", "False", "None", "CobaltStrike,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra"
"2022-08-11 06:03:19", "842464", "jahojahi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:48", "100", "False", "https://raw.githubusercontent.com/pan-unit42/tweets/master/2022-08-10-IOCs-for-IcedID-and-Cobalt-Strike.txt", "CobaltStrike", "0", "abuse_ch"
"2022-08-06 07:00:06", "841613", "zambeziz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:57", "100", "False", "", "CobaltSrike", "0", "abuse_ch"
"2022-07-27 08:49:04", "839793", "zuyonijobo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:57", "100", "False", "https://isc.sans.edu/diary/28884", "Cobalt Strike", "0", "abuse_ch"
"2022-07-06 05:36:04", "802793", "digerm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:00", "100", "False", "", "None", "0", "abuse_ch"
"2022-07-05 05:12:06", "796822", "chitozx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:00", "100", "False", "", "None", "0", "abuse_ch"
"2022-07-02 13:06:49", "750750", "42.192.21.181:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:44", "100", "False", "None", "CobaltStrike", "0", "drb_ra"
"2022-06-28 08:57:21", "730561", "18.117.254.165:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:16", "100", "False", "None", "Amazon.com Inc.,CobaltStrike", "0", "drb_ra"
"2022-06-26 10:56:33", "729038", "blinkinuf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:01", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-26 10:56:32", "729037", "malrok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:02", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 17:11:58", "720823", "trumpiko.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:04", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 17:11:58", "720824", "freygor.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:03", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 17:11:58", "720826", "sinjoan.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:07", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 17:11:58", "720827", "afluix.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:07", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:20", "720273", "www.edge-chrome.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:25", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:20", "720276", "www.hellomrsone.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:40", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:19", "720260", "we.topsmartservice.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:09", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:19", "720263", "wpsserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:11", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:18", "720248", "thedaily-news.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:08", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:17", "720239", "sevenhungredbucks.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:05", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:17", "720241", "snccoupr-int.cf", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:05", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:17", "720247", "telembank.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:26", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:16", "720230", "ppew.au", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:23", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:16", "720231", "pretunz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:09", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:16", "720236", "rss.top-business-blog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:09", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:16", "720237", "scarfaceserver.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:07", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:15", "720226", "outlet-studio.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:06", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:14", "720208", "js.msedgeupdate.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:07", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:13", "720198", "harborfreight.delivery", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:38", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:13", "720201", "hityok.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:09", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:13", "720203", "jiguz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:07", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:13", "720204", "jijuanjo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:06", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:13", "720206", "jqueryupdatenow.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:08", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:13", "720207", "jqueryupneed.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:08", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:12", "720188", "fifacud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:06", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:12", "720189", "filaspo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:10", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:12", "720193", "gasienda.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:10", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:11", "720185", "dreamkoks.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:05", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:54:10", "720176", "democrazzy.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:01:52", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:53:31", "720156", "cloud.sovarermscloud.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:10", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:53:28", "720136", "backupcreds.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:11", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:53:28", "720140", "biohazzzard.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:09", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:53:28", "720141", "bksfinance.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:28", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:53:28", "720143", "boronab.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:07", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:53:27", "720132", "araizx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:04", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-23 10:53:27", "720133", "arminext.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:10", "50", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-22 18:35:13", "719898", "aginij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:05", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-06-15 20:53:40", "710534", "85.175.101.203:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 05:47:38", "100", "False", "None", "CobaltStrike,STC-AS", "0", "drb_ra"
"2022-05-19 18:01:58", "606362", "criobob.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:11", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1"
"2022-05-19 18:01:58", "606363", "prozakx.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:10", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1"
"2022-05-19 18:01:58", "606364", "terroklo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:10", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1"
"2022-05-19 18:01:57", "606360", "microdozz.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:10", "75", "False", "None", "cobaltstrike,emotet", "0", "Cryptolaemus1"
"2022-05-10 18:53:07", "549372", "us189-hpgsgae5dva9fzch.z01.azurefd.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:22", "75", "False", "None", "cobaltstrike,threatview.io", "0", "Malwar3Ninja"
"2022-05-08 16:20:03", "548951", "artidomain.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:13", "100", "False", "https://twitter.com/ian_kenefick/status/1523288477559062529", "Cobalt Strike", "0", "abuse_ch"
"2022-04-30 19:45:18", "544836", "116.62.185.223:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:14", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra"
"2022-04-29 19:30:18", "540702", "165.227.180.6:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:20", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-04-25 12:31:07", "532916", "120.26.240.21:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:24", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra"
"2022-04-23 16:42:50", "530098", "193.29.13.216:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:25", "100", "False", "None", "***************************************,CobaltStrike", "0", "drb_ra"
"2022-04-21 16:54:57", "523516", "45.8.158.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:15", "100", "False", "None", "ASBAXETN,CobaltStrike", "0", "drb_ra"
"2022-04-19 13:44:33", "521565", "115.29.171.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:24", "100", "False", "None", "CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra"
"2022-04-18 18:01:52", "521083", "84.32.188.190:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:14", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra"
"2022-04-15 22:57:51", "520317", "137.184.42.85:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:22", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-04-14 16:59:25", "519914", "84.32.188.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:16", "100", "False", "None", "CobaltStrike,UAB Cherry Servers", "0", "drb_ra"
"2022-04-14 10:30:57", "519792", "furfen.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:12", "100", "False", "None", "BumbleBee,Cobalt Strike", "0", "abuse_ch"
"2022-04-13 16:57:52", "519116", "175.41.21.29:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:19", "100", "False", "None", "CobaltStrike,XLC-AS-AP XLC GLOBAL", "0", "drb_ra"
"2022-04-12 16:50:58", "518853", "175.41.16.98:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:25", "100", "False", "None", "CobaltStrike,XLC-AS-AP XLC GLOBAL", "0", "drb_ra"
"2022-04-10 17:05:31", "518404", "138.68.110.227:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:20", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-04-06 22:59:35", "516676", "13.55.118.253:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:16", "100", "False", "None", "AMAZON-02,CobaltStrike", "0", "drb_ra"
"2022-04-05 22:55:20", "493695", "185.186.143.111:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:15", "100", "False", "None", "ASKONTEL,CobaltStrike", "0", "drb_ra"
"2022-04-05 16:53:16", "492845", "194.37.97.153:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:41", "100", "False", "None", "CobaltStrike,M247 Ltd", "0", "drb_ra"
"2022-03-30 09:51:36", "466600", "blopik.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:28", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-03-29 08:36:59", "461231", "borizhog.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:28", "100", "False", "None", "None", "0", "stoerchl"
"2022-03-24 22:55:12", "448027", "37.72.172.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:17", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra"
"2022-03-24 10:56:07", "446029", "1.14.76.111:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:21", "100", "False", "None", "CobaltStrike", "0", "drb_ra"
"2022-03-23 20:44:05", "443786", "139.60.160.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:17", "100", "False", "None", "CobaltStrike,HOSTKEY-USA", "0", "drb_ra"
"2022-03-23 16:44:21", "443190", "apeduze.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:13", "100", "False", "None", "None", "0", "stoerchl"
"2022-03-22 10:51:28", "438442", "drimzis.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:32", "100", "False", "None", "None", "0", "stoerchl"
"2022-03-22 10:51:28", "438443", "blinkij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:27", "100", "False", "None", "None", "0", "stoerchl"
"2022-03-17 22:47:07", "398650", "152.136.178.142:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:25", "100", "False", "None", "CobaltStrike", "0", "drb_ra"
"2022-03-17 12:19:46", "396104", "dunclikf.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:35", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-03-10 15:29:52", "393426", "sifgu.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:27", "100", "False", "None", "None", "0", "stoerchl"
"2022-03-10 15:29:52", "393427", "gfsert.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:27", "100", "False", "None", "None", "0", "stoerchl"
"2022-03-10 15:29:52", "393429", "shizij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:34", "100", "False", "None", "None", "0", "stoerchl"
"2022-03-10 15:29:52", "393430", "zxerm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:34", "100", "False", "None", "None", "0", "stoerchl"
"2022-03-10 15:29:52", "393431", "korunder.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:35", "100", "False", "None", "None", "0", "stoerchl"
"2022-03-10 15:29:51", "393424", "chesft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:32", "100", "False", "None", "None", "0", "stoerchl"
"2022-03-10 15:29:51", "393425", "uktyl.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:27", "100", "False", "None", "None", "0", "stoerchl"
"2022-03-09 17:18:35", "393312", "defenr.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:32", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-03-09 17:18:35", "393313", "fedij.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:33", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-03-09 17:18:35", "393314", "kejimn.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:33", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-03-09 17:18:34", "393311", "brikeb.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:32", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-03-08 17:09:32", "393046", "kapuleti.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:33", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-03-06 16:43:33", "392705", "45.12.1.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:23", "100", "False", "None", "CobaltStrike,YURTEH-AS", "0", "drb_ra"
"2022-03-05 16:45:53", "392630", "45.12.1.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:15", "100", "False", "None", "CobaltStrike,YURTEH-AS", "0", "drb_ra"
"2022-03-05 16:43:28", "392595", "45.12.1.26:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:15", "100", "False", "None", "CLOUDNETWORKS-AS,CobaltStrike", "0", "drb_ra"
"2022-03-01 07:06:28", "391528", "defegh.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:34", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-03-01 07:06:28", "391530", "klycnmik.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:34", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-03-01 07:06:28", "391531", "ngrety.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:34", "100", "False", "None", "Cobalt Strike", "0", "abuse_ch"
"2022-02-27 06:03:58", "391111", "lifegothistory.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:35", "100", "False", "https://twitter.com/1ZRR4H/status/1497771037718724612", "Cobalt Strike", "0", "abuse_ch"
"2022-02-22 16:44:41", "390123", "192.241.133.130:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:31", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-22 16:42:29", "390104", "159.65.246.188:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:31", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-21 16:58:18", "389873", "68.183.200.63:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:30", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-21 16:57:13", "389866", "138.68.227.71:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:30", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-21 16:56:32", "389865", "165.227.219.211:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:30", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-21 16:55:44", "389864", "165.232.154.73:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:30", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-21 16:54:53", "389861", "143.198.110.248:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:29", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-21 16:54:15", "389860", "178.128.171.206:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:31", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-21 16:53:10", "389853", "165.227.23.218:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:29", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-21 16:52:19", "389850", "161.35.137.163:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:30", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-21 16:51:26", "389847", "64.227.0.177:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:31", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-20 16:42:59", "389656", "45.55.36.143:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:30", "100", "False", "None", "CobaltStrike,DIGITALOCEAN-ASN", "0", "drb_ra"
"2022-02-09 22:36:37", "384626", "168.61.180.98:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:41", "100", "False", "None", "CobaltStrike,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra"
"2022-02-01 10:45:03", "373668", "bornometa.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:36", "100", "False", "https://twitter.com/1ZRR4H/status/1488311508652204037", "Cobalt Strike", "0", "abuse_ch"
"2022-02-01 10:45:03", "373671", "jenevabaiden.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:43", "100", "False", "https://twitter.com/1ZRR4H/status/1488311508652204037", "Cobalt Strike", "0", "abuse_ch"
"2022-02-01 10:45:03", "373673", "sbronm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:36", "100", "False", "https://twitter.com/1ZRR4H/status/1488311508652204037", "Cobalt Strike", "0", "abuse_ch"
"2022-01-29 22:33:30", "362296", "101.34.182.130:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:25", "100", "False", "None", "CobaltStrike", "0", "drb_ra"
"2022-01-25 22:30:16", "332687", "192.227.155.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:18", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike", "0", "drb_ra"
"2022-01-25 22:29:00", "332653", "146.70.29.233:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:18", "100", "False", "None", "CobaltStrike,M247", "0", "drb_ra"
"2022-01-22 22:25:42", "313943", "107.172.219.129:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:19", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike", "0", "drb_ra"
"2022-01-19 17:42:10", "303029", "http://appwebstat.biz/info.php", "url", "botnet_cc", "win.ccleaner_backdoor", "DIRTCLEANER", "CCleaner Backdoor", "2026-06-08 05:44:46", "100", "False", "None", "GCleaner", "0", "abuse_ch"
"2022-01-18 22:32:52", "299262", "193.201.9.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:42", "100", "False", "None", "CobaltStrike,SELECTEL", "0", "drb_ra"
"2022-01-18 13:51:16", "298501", "citrixseruritys.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:40", "100", "False", "https://twitter.com/MichalKoczwara/status/1483137082465865729", "Cobalt Strike", "0", "abuse_ch"
"2022-01-18 13:51:16", "298505", "milanvar.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:43", "100", "False", "https://twitter.com/MichalKoczwara/status/1483137082465865729", "Cobalt Strike", "0", "abuse_ch"
"2022-01-15 22:26:20", "295525", "23.227.198.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:41", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra"
"2022-01-15 10:32:22", "295436", "217.79.243.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:41", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra"
"2022-01-14 22:28:25", "295353", "149.255.35.131:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:42", "100", "False", "None", "CobaltStrike,HVC-AS", "0", "drb_ra"
"2022-01-13 22:28:33", "294999", "81.68.225.136:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:17", "100", "False", "None", "CobaltStrike", "0", "drb_ra"
"2022-01-10 16:24:49", "292303", "39.98.48.153:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:00:22", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra"
"2022-01-07 10:30:52", "291740", "39.104.25.164:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:21", "100", "False", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra"
"2021-12-16 10:42:30", "276593", "77.83.36.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:24", "100", "False", "None", "CobaltStrike,ISI-ASN", "0", "drb_ra"
"2021-12-13 10:06:28", "275144", "101.32.204.81:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:23", "100", "False", "None", "CobaltStrike,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra"
"2021-11-22 16:01:01", "252110", "62.113.255.12:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:20", "100", "False", "None", "CobaltStrike,TTM", "0", "drb_ra"
"2021-11-04 17:48:48", "242948", "107.173.89.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:21", "100", "False", "None", "AS-COLOCROSSING,CobaltStrike", "0", "drb_ra"
"2021-10-31 17:43:37", "240983", "104.128.92.144:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:42", "100", "False", "None", "CobaltStrike,IT7NET", "0", "drb_ra"
"2021-10-27 09:58:20", "238207", "fivepointschiro.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:36", "100", "False", "https://twitter.com/mojoesec/status/1453040284686770185", "CobaltStrike", "0", "abuse_ch"
"2021-10-22 12:07:15", "236436", "111.230.196.200:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:21", "100", "False", "None", "CobaltStrike", "0", "drb_ra"
"2021-10-13 17:43:22", "233476", "23.224.152.139:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:18", "100", "False", "None", "CNSERVERS,CobaltStrike", "0", "drb_ra"
"2021-10-11 23:27:10", "232821", "139.198.183.44:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:20", "100", "False", "None", "CobaltStrike,YUNIFY-NET Yunify Technologies Inc.", "0", "drb_ra"
"2021-10-09 23:36:53", "232263", "121.37.255.60:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:25", "100", "False", "None", "CobaltStrike,HWCSNET Huawei Cloud Service data center", "0", "drb_ra"
"2021-09-18 17:39:24", "223357", "47.95.207.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-06-09 06:02:22", "100", "False", "None", "CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike", "0", "drb_ra"
"2021-07-28 15:50:56", "163409", "azuredocs.org", "domain", "botnet_cc", "win.dridex", "None", "Dridex", "2026-06-08 10:23:17", "100", "False", "https://urlhaus.abuse.ch/url/1487667/", "22201,Dridex", "0", "abuse_ch"
"2021-04-01 18:56:44", "6441", "sweyblidian.com", "domain", "botnet_cc", "win.hancitor", "Chanitor", "Hancitor", "2026-06-08 05:42:57", "100", "False", "https://twitter.com/James_inthe_box/status/1377638592495955974", "Hancitor", "0", "abuse_ch"
"2021-03-22 20:20:21", "4514", "lukkeze.club", "domain", "botnet_cc", "win.fickerstealer", "None", "Ficker Stealer", "2026-06-08 05:42:57", "100", "False", "None", "FickerStealer", "0", "abuse_ch"
"2021-02-18 18:45:21", "2421", "http://kvaka.li/1210776429.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "2026-06-08 10:21:28", "75", "False", "https://bazaar.abuse.ch/sample/95d91febc45d03c1ee477c127bcbd332cd6fbce1e91105004af723594e6f0199/", "azorult", "0", "abuse_ch"
# Number of entries: 4386