sessions last 24 hours
recent activity last 15 sessions
top countries
live command feed auto-refresh 15s
shell commands typed by attackers after a successful login. tags are auto-classified from regex patterns. click a row for full session.
sessions
captured droppers
we don't store the binaries — only sha256 + metadata. enrichment via MalwareBazaar / VirusTotal.
C2 indicators
extracted from dropper URLs, shell commands, and proxy-abuse destinations. download CSV · JSON