################################################################ # ThreatFox IOCs: recent ip-port - CSV format # # Last updated: 2025-06-27 07:07:02 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-06-27 07:07:02", "1550069", "5.45.76.64:1462", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-06-27 07:05:04", "1549934", "47.94.138.125:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "None", "Meterpreter", "0", "abuse_ch" "2025-06-27 07:02:15", "1549930", "91.4.38.77:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-06-27 07:02:18", "50", "https://www.shodan.io/host/91.4.38.77#80", "c2,gh0st,shodan", "0", "juroots" "2025-06-27 07:02:04", "1549929", "196.251.69.46:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/196.251.69.46#1604", "c2,darkcomet,shodan", "0", "juroots" "2025-06-27 07:01:48", "1549928", "98.71.173.119:8089", "ip:port", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "50", "https://www.shodan.io/host/98.71.173.119#8089", "c2,ermac,shodan", "0", "juroots" "2025-06-27 07:01:21", "1549927", "124.221.31.155:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/124.221.31.155#8888", "c2,shodan,supershell", "0", "juroots" "2025-06-27 07:01:07", "1549926", "143.198.223.235:4443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/143.198.223.235#4443", "c2,shodan,villain", "0", "juroots" "2025-06-27 07:00:53", "1549925", "67.205.141.81:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/67.205.141.81#7443", "c2,mythic,shodan", "0", "juroots" "2025-06-27 07:00:39", "1549923", "59.184.55.190:50070", "ip:port", "botnet_cc", "elf.mozi", "None", "Mozi", "", "50", "https://www.shodan.io/host/59.184.55.190#50070", "c2,mozi,shodan", "0", "juroots" "2025-06-27 07:00:39", "1549924", "117.209.90.38:53400", "ip:port", "botnet_cc", "elf.mozi", "None", "Mozi", "", "50", "https://www.shodan.io/host/117.209.90.38#53400", "c2,mozi,shodan", "0", "juroots" "2025-06-27 07:00:20", "1549921", "196.251.88.108:9898", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/196.251.88.108#9898", "asyncrat,c2,shodan", "0", "juroots" "2025-06-27 07:00:20", "1549922", "196.251.88.110:9898", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/196.251.88.110#9898", "asyncrat,c2,shodan", "0", "juroots" "2025-06-27 07:00:07", "1549920", "31.131.18.50:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/31.131.18.50#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-27 07:00:06", "1549919", "185.112.146.121:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/185.112.146.121#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-27 06:59:45", "1549918", "34.222.14.1:593", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/34.222.14.1#593", "c2,netsupport,shodan", "0", "juroots" "2025-06-27 06:59:44", "1549915", "43.199.162.210:21025", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/43.199.162.210#21025", "c2,netsupport,shodan", "0", "juroots" "2025-06-27 06:59:44", "1549916", "13.245.30.86:55554", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/13.245.30.86#55554", "c2,netsupport,shodan", "0", "juroots" "2025-06-27 06:59:44", "1549917", "176.82.167.62:6001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/176.82.167.62#6001", "c2,netsupport,shodan", "0", "juroots" "2025-06-27 06:59:21", "1549911", "99.79.77.89:11", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/99.79.77.89#11", "c2,netbus,shodan", "0", "juroots" "2025-06-27 06:59:21", "1549912", "16.24.181.84:4063", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/16.24.181.84#4063", "c2,netbus,shodan", "0", "juroots" "2025-06-27 06:59:21", "1549913", "18.231.106.148:32764", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/18.231.106.148#32764", "c2,netbus,shodan", "0", "juroots" "2025-06-27 06:59:21", "1549914", "3.15.240.124:3306", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/3.15.240.124#3306", "c2,netbus,shodan", "0", "juroots" "2025-06-27 06:59:20", "1549910", "51.159.55.59:389", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/51.159.55.59#389", "c2,netbus,shodan", "0", "juroots" "2025-06-27 06:58:59", "1549909", "47.92.91.213:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.92.91.213#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-27 06:58:58", "1549905", "113.44.144.145:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 06:59:00", "50", "https://www.shodan.io/host/113.44.144.145#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-27 06:58:58", "1549906", "47.105.65.102:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 06:59:00", "50", "https://www.shodan.io/host/47.105.65.102#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-27 06:58:58", "1549907", "43.143.216.185:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 06:59:00", "50", "https://www.shodan.io/host/43.143.216.185#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-27 06:58:58", "1549908", "123.249.3.92:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 06:59:01", "50", "https://www.shodan.io/host/123.249.3.92#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-27 06:58:57", "1549904", "54.211.54.146:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/54.211.54.146#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-27 06:58:56", "1549902", "34.29.62.21:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/34.29.62.21#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-27 06:58:56", "1549903", "115.175.43.58:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/115.175.43.58#8081", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-27 06:58:55", "1549901", "217.154.212.25:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/217.154.212.25#80", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-27 06:58:21", "1549900", "192.140.188.178:9009", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 06:58:56", "50", "https://www.shodan.io/host/192.140.188.178#9009", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2025-06-27 06:58:02", "1549899", "47.245.61.75:444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 06:58:59", "50", "https://www.shodan.io/host/47.245.61.75#444", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-06-27 06:57:58", "1549897", "193.37.69.43:95", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 06:58:56", "50", "https://www.shodan.io/host/193.37.69.43#95", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-27 06:57:58", "1549898", "122.51.53.9:6633", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 06:58:57", "50", "https://www.shodan.io/host/122.51.53.9#6633", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-27 06:57:57", "1549896", "196.251.81.206:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 06:58:56", "50", "https://www.shodan.io/host/196.251.81.206#80", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-27 06:20:04", "1549895", "103.245.167.123:25565", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-06-27 06:03:00", "1549894", "47.109.205.192:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-06-27 06:02:59", "1549893", "47.109.205.192:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-06-27 06:02:02", "1549892", "113.45.147.54:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-06-27 06:01:56", "1549891", "47.103.36.44:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2025-06-27 06:01:53", "1549890", "38.181.219.93:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-06-27 05:51:20", "1549849", "185.239.84.210:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:41", "100", "https://search.censys.io/hosts/185.239.84.210", "AS55933,C2,censys", "0", "dyingbreeds_" "2025-06-27 05:51:19", "1549850", "121.43.197.69:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:42", "100", "https://search.censys.io/hosts/121.43.197.69", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-06-27 05:51:18", "1549851", "81.70.197.138:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:40", "100", "https://search.censys.io/hosts/81.70.197.138", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-06-27 05:51:18", "1549852", "47.111.139.151:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:41", "100", "https://search.censys.io/hosts/47.111.139.151", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-06-27 05:51:18", "1549853", "47.108.82.178:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:42", "100", "https://search.censys.io/hosts/47.108.82.178", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-06-27 05:51:17", "1549854", "111.119.200.33:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:44", "100", "https://search.censys.io/hosts/111.119.200.33", "AS136907,C2,censys", "0", "dyingbreeds_" "2025-06-27 05:51:17", "1549855", "124.70.190.31:1099", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:40", "100", "https://search.censys.io/hosts/124.70.190.31", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-06-27 05:51:17", "1549856", "34.172.236.77:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-27 04:01:02", "90", "https://search.censys.io/hosts/34.172.236.77", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM", "0", "dyingbreeds_" "2025-06-27 05:51:16", "1549857", "78.161.14.229:888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 04:01:12", "100", "https://search.censys.io/hosts/78.161.14.229", "AS9121,C2,censys,RAT,TTNET", "0", "dyingbreeds_" "2025-06-27 05:51:15", "1549858", "78.161.14.229:3000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 04:01:12", "100", "https://search.censys.io/hosts/78.161.14.229", "AS9121,C2,censys,RAT,TTNET", "0", "dyingbreeds_" "2025-06-27 05:51:14", "1549860", "3.27.190.234:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 04:01:17", "100", "https://search.censys.io/hosts/3.27.190.234", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "dyingbreeds_" "2025-06-27 05:51:14", "1549861", "159.223.195.83:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 04:01:16", "100", "https://search.censys.io/hosts/159.223.195.83", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "dyingbreeds_" "2025-06-27 05:51:13", "1549862", "5.193.223.21:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 04:01:17", "100", "https://search.censys.io/hosts/5.193.223.21", "AS5384,C2,censys,Mythic", "0", "dyingbreeds_" "2025-06-27 05:51:13", "1549863", "65.108.151.141:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 04:01:18", "100", "https://search.censys.io/hosts/65.108.151.141", "AS24940,C2,censys,HETZNER-AS,Mythic", "0", "dyingbreeds_" "2025-06-27 05:51:12", "1549864", "45.74.16.152:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-06-27 04:01:19", "100", "https://search.censys.io/hosts/45.74.16.152", "AS207184,C2,censys,Hookbot,TELCHAK-AS", "0", "dyingbreeds_" "2025-06-27 05:51:12", "1549865", "45.76.61.214:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-06-27 04:01:19", "100", "https://search.censys.io/hosts/45.76.61.214", "AS-VULTR,AS20473,C2,censys,Hookbot", "0", "dyingbreeds_" "2025-06-27 05:51:11", "1549866", "185.130.214.105:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-27 04:01:22", "100", "https://search.censys.io/hosts/185.130.214.105", "AS50867,C2,censys,ORG-LVA15-AS", "0", "dyingbreeds_" "2025-06-27 05:51:11", "1549867", "68.183.98.89:2222", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-06-27 04:01:23", "100", "https://search.censys.io/hosts/68.183.98.89", "AS14061,C2,censys,DIGITALOCEAN-ASN,RAT", "0", "dyingbreeds_" "2025-06-27 05:51:10", "1549868", "46.246.84.22:3000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-06-27 04:01:25", "100", "https://search.censys.io/hosts/46.246.84.22", "AS42708,C2,censys,RAT", "0", "dyingbreeds_" "2025-06-27 05:51:10", "1549869", "43.162.114.79:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/43.162.114.79", "AS132203,censys,Viper", "0", "dyingbreeds_" "2025-06-27 05:51:09", "1549870", "4.206.58.64:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/4.206.58.64", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:08", "1549871", "168.232.167.229:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/168.232.167.229", "AS52368,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:08", "1549872", "39.107.90.73:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/39.107.90.73", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:07", "1549873", "64.23.242.142:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/64.23.242.142", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:07", "1549875", "34.67.148.226:10443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.67.148.226", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:06", "1549874", "47.92.131.232:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.92.131.232", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:05", "1549876", "95.70.136.97:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/95.70.136.97", "AS12735,ASTURKNET,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:05", "1549877", "167.172.38.117:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/167.172.38.117", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:04", "1549878", "97.64.19.88:9999", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/97.64.19.88", "AS25820,censys,GoPhish,IT7NET,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:04", "1549879", "45.249.208.103:9205", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.249.208.103", "AS137702,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:04", "1549880", "144.126.159.244:3636", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/144.126.159.244", "AS40021,censys,GoPhish,NL-811-40021,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:04", "1549881", "35.220.181.130:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/35.220.181.130", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-27 05:51:03", "1549882", "18.219.34.38:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.219.34.38", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-27 05:50:53", "1549786", "185.163.45.30:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "tanner" "2025-06-27 05:50:12", "1549773", "66.63.187.190:80", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://app.any.run/tasks/72cdd97b-e9ec-4aa3-bff3-de7a86701f08", "None", "0", "pitachu" "2025-06-27 05:45:10", "1549888", "18.162.247.93:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-06-27 05:00:12", "1549887", "143.92.49.209:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-06-27 04:01:50", "1549886", "62.141.44.37:8001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/62.141.44.37", "AdaptixC2,AS24961,C2,censys,MYLOC-AS", "0", "DonPasci" "2025-06-27 04:01:49", "1549884", "103.171.35.150:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/103.171.35.150", "AdaptixC2,AS932,C2,censys,XNNET", "0", "DonPasci" "2025-06-27 04:01:49", "1549885", "193.5.65.114:43211", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/193.5.65.114", "AdaptixC2,AS395839,C2,censys,HOSTKEY-USA", "0", "DonPasci" "2025-06-27 04:01:28", "1549883", "38.54.93.22:443", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://search.censys.io/hosts/38.54.93.22", "AS138915,C2,censys,KAOPU-HK,redline,stealer", "0", "DonPasci" "2025-06-27 02:55:11", "1549848", "196.251.116.69:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:56:50", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-27 00:05:30", "1549846", "77.90.153.121:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-06-27 00:01:55", "1549844", "172.235.52.85:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-06-27 04:01:27", "100", "https://search.censys.io/hosts/172.235.52.85", "AKAMAI-LINODE-AP,AS63949,BianLian,C2,censys", "0", "DonPasci" "2025-06-27 00:01:55", "1549845", "45.77.122.146:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-06-27 04:01:28", "100", "https://search.censys.io/hosts/45.77.122.146", "AS-VULTR,AS20473,BianLian,C2,censys", "0", "DonPasci" "2025-06-27 00:01:54", "1549843", "172.235.52.85:8080", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-06-27 04:01:27", "100", "https://search.censys.io/hosts/172.235.52.85", "AKAMAI-LINODE-AP,AS63949,BianLian,C2,censys", "0", "DonPasci" "2025-06-27 00:01:28", "1549842", "174.138.184.252:1912", "ip:port", "botnet_cc", "win.crimson", "SEEDOOR,Scarimson", "Crimson RAT", "", "100", "https://search.censys.io/hosts/174.138.184.252", "AS19318,C2,censys,Crimson,IS-AS-1,RAT", "0", "DonPasci" "2025-06-27 00:01:24", "1549841", "177.198.123.177:8081", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-27 04:00:51", "100", "https://search.censys.io/hosts/177.198.123.177", "AS26599,C2,censys,Havoc,TELEFONICA", "0", "DonPasci" "2025-06-27 00:01:23", "1549840", "157.254.167.29:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-27 04:00:50", "100", "https://search.censys.io/hosts/157.254.167.29", "AS17378,C2,censys,Havoc", "0", "DonPasci" "2025-06-27 00:01:21", "1549839", "155.138.226.4:2404", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-06-27 04:00:41", "100", "https://search.censys.io/hosts/155.138.226.4", "AS-VULTR,AS20473,C2,censys,Quasar,RAT", "0", "DonPasci" "2025-06-27 00:01:20", "1549838", "45.74.16.118:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-06-27 04:00:38", "100", "https://search.censys.io/hosts/45.74.16.118", "AS207184,C2,censys,Hookbot,TELCHAK-AS", "0", "DonPasci" "2025-06-27 00:01:19", "1549835", "67.205.141.81:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 04:00:35", "100", "https://search.censys.io/hosts/67.205.141.81", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-06-27 00:01:19", "1549836", "68.168.222.249:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 04:00:36", "100", "https://search.censys.io/hosts/68.168.222.249", "AS19318,C2,censys,IS-AS-1,Mythic", "0", "DonPasci" "2025-06-27 00:01:19", "1549837", "68.168.222.249:3000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 04:00:36", "100", "https://search.censys.io/hosts/68.168.222.249", "AS19318,C2,censys,IS-AS-1,Mythic", "0", "DonPasci" "2025-06-27 00:01:18", "1549833", "91.242.229.83:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 04:00:31", "100", "https://search.censys.io/hosts/91.242.229.83", "AS44477,C2,censys,Mythic,PQHOSTING", "0", "DonPasci" "2025-06-27 00:01:18", "1549834", "34.176.213.31:8000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 04:00:37", "100", "https://search.censys.io/hosts/34.176.213.31", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Mythic", "0", "DonPasci" "2025-06-27 00:01:12", "1549831", "16.171.61.189:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 04:00:27", "100", "https://search.censys.io/hosts/16.171.61.189", "AMAZON-02,AS16509,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-06-27 00:01:12", "1549832", "128.90.106.191:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 04:00:28", "100", "https://search.censys.io/hosts/128.90.106.191", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-06-27 00:01:11", "1549830", "101.201.83.222:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 04:00:25", "100", "https://search.censys.io/hosts/101.201.83.222", "ALIBABA-CN-NET,AS37963,C2,censys,Supershell", "0", "DonPasci" "2025-06-27 00:00:40", "1549829", "117.72.102.110:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:16", "100", "https://search.censys.io/hosts/117.72.102.110", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2025-06-27 00:00:39", "1549828", "157.230.218.246:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:10", "100", "https://search.censys.io/hosts/157.230.218.246", "AS14061,C2,censys,CobaltStrike,cs-watermark-987654321,DIGITALOCEAN-ASN", "0", "DonPasci" "2025-06-26 22:55:35", "1549827", "38.55.199.245:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:57:05", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-26 22:53:43", "1549826", "104.223.120.202:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:54:58", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-26 21:01:57", "1549812", "103.176.197.6:1977", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250626-zp4vwahq6x", "AS152156,C2,NARUTO-AS-HK,rat,triage,valleyrat", "0", "DonPasci" "2025-06-26 21:01:57", "1549813", "103.176.197.6:1976", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250626-zp4vwahq6x", "AS152156,C2,NARUTO-AS-HK,rat,triage,valleyrat", "0", "DonPasci" "2025-06-26 21:01:57", "1549814", "103.176.197.6:1978", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250626-zp4vwahq6x", "AS152156,C2,NARUTO-AS-HK,rat,triage,valleyrat", "0", "DonPasci" "2025-06-26 21:01:56", "1549811", "103.199.100.130:8181", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250626-xj1j6azpx4", "AS138415,C2,rat,triage,valleyrat,YANCYLIMITED-AS-HK", "0", "DonPasci" "2025-06-26 21:01:10", "1549809", "94.180.178.106:3456", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250626-y3fvjacj71", "AS41668,asyncrat,C2,rat,triage", "0", "DonPasci" "2025-06-26 21:01:05", "1549808", "45.80.158.55:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250626-t2ehvsymv4", "AS210558,C2,rat,remcos,triage", "0", "DonPasci" "2025-06-26 21:00:57", "1549807", "154.38.180.2:3000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250626-wppt6swzft", "AS40021,C2,NL-811-40021,triage,xworm", "0", "DonPasci" "2025-06-26 21:00:56", "1549806", "94.154.173.151:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250626-w494naxsb1", "1GSERVERS,AS14315,C2,triage,xworm", "0", "DonPasci" "2025-06-26 20:52:45", "1549804", "74.104.205.212:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-27 07:52:29", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-26 20:49:36", "1549803", "213.13.207.107:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-27 07:49:18", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-26 20:45:35", "1549802", "154.246.3.228:22", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-27 07:45:43", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-26 20:44:20", "1549801", "124.222.111.244:7000", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-27 07:44:19", "75", "None", "drb-ra,Havoc", "0", "abuse_ch" "2025-06-26 20:01:56", "1549800", "45.77.122.146:9443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-06-27 07:51:12", "100", "https://search.censys.io/hosts/45.77.122.146", "AS-VULTR,AS20473,BianLian,C2,censys", "0", "DonPasci" "2025-06-26 20:01:50", "1549799", "166.88.61.58:1433", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/166.88.61.58", "AdaptixC2,AS149440,C2,censys,EVOXTENTERPRISE-AS-AP", "0", "DonPasci" "2025-06-26 20:01:47", "1549798", "94.237.58.211:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/94.237.58.211", "AS202053,C2,censys,hacktool,Mimikatz,open-dir,UPCLOUD", "0", "DonPasci" "2025-06-26 20:01:28", "1549797", "52.197.160.186:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "100", "https://search.censys.io/hosts/52.197.160.186", "AMAZON-02,AS16509,BRC4,C2,censys", "0", "DonPasci" "2025-06-26 20:01:26", "1549796", "40.177.103.163:46642", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/40.177.103.163", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-26 20:01:25", "1549795", "40.177.103.163:18642", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/40.177.103.163", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-26 20:01:23", "1549794", "107.150.0.5:2422", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/107.150.0.5", "AS214943,C2,censys,RAILNET,RAT,Venom", "0", "DonPasci" "2025-06-26 20:01:21", "1549793", "54.188.179.41:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-27 07:51:57", "100", "https://search.censys.io/hosts/54.188.179.41", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-06-26 20:01:18", "1549792", "45.76.61.214:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-06-27 07:51:12", "100", "https://search.censys.io/hosts/45.76.61.214", "AS-VULTR,AS20473,C2,censys,Hookbot", "0", "DonPasci" "2025-06-26 20:01:12", "1549790", "74.208.123.9:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 04:00:27", "100", "https://search.censys.io/hosts/74.208.123.9", "AS8560,AsyncRAT,C2,censys,IONOS-AS,RAT", "0", "DonPasci" "2025-06-26 20:01:12", "1549791", "104.250.169.197:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 07:43:26", "100", "https://search.censys.io/hosts/104.250.169.197", "AS212238,AsyncRAT,C2,CDNEXT,censys,RAT", "0", "DonPasci" "2025-06-26 20:01:08", "1549789", "209.94.56.16:4443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/209.94.56.16", "AS25697,C2,censys,payload,Sliver,UPCLOUDUSA", "0", "DonPasci" "2025-06-26 20:00:41", "1549788", "45.136.15.39:10001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:57:28", "100", "https://search.censys.io/hosts/45.136.15.39", "AS139659,C2,censys,CobaltStrike,cs-watermark-666666666,LUCID-AS-AP", "0", "DonPasci" "2025-06-26 20:00:40", "1549787", "142.171.220.152:2083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:17", "100", "https://search.censys.io/hosts/142.171.220.152", "AS35916,C2,censys,CobaltStrike,cs-watermark-666666666,MULTA-ASN1", "0", "DonPasci" "2025-06-26 16:54:27", "1549782", "1.94.183.238:18088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:54:41", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-26 16:17:16", "1549781", "166.1.209.188:8041", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://tria.ge/250626-tpggpahq8s", "AS8100,ASN-QUADRANET-GLOBAL,c2,ConnectWise,rat,screenconnect,triage", "0", "DonPasci" "2025-06-26 16:01:49", "1549780", "179.43.176.8:19000", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/179.43.176.8", "AS51852,C2,censys,PLI-AS,rhadamanthys,stealer", "0", "DonPasci" "2025-06-26 16:01:19", "1549778", "179.95.202.203:9990", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:47:25", "100", "https://search.censys.io/hosts/179.95.202.203", "AS18881,C2,censys,Netsupport,RAT,TELEFONICA", "0", "DonPasci" "2025-06-26 16:01:19", "1549779", "16.162.253.247:10001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:46:10", "100", "https://search.censys.io/hosts/16.162.253.247", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-26 16:01:13", "1549777", "3.143.108.51:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 07:49:49", "100", "https://search.censys.io/hosts/3.143.108.51", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2025-06-26 16:01:08", "1549776", "196.251.86.82:2004", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 07:48:48", "100", "https://search.censys.io/hosts/196.251.86.82", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-06-26 16:00:38", "1549775", "118.26.38.52:61521", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:55:35", "100", "https://search.censys.io/hosts/118.26.38.52", "AS135377,C2,censys,CobaltStrike,cs-watermark-391144938,UCLOUD-HK-AS-AP", "0", "DonPasci" "2025-06-26 16:00:36", "1549774", "38.49.53.149:10443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:57:03", "100", "https://search.censys.io/hosts/38.49.53.149", "AS8796,C2,censys,CobaltStrike,cs-watermark-987654321,FD-298-8796", "0", "DonPasci" "2025-06-26 14:37:53", "1549767", "206.238.196.177:55132", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250626-rr9vxaej7z", "AS399077,C2,rat,TERAEXCH,triage,valleyrat", "0", "DonPasci" "2025-06-26 14:37:53", "1549768", "206.238.115.30:55232", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250626-rr9vxaej7z", "AS399077,C2,rat,TERAEXCH,triage,valleyrat", "0", "DonPasci" "2025-06-26 14:37:52", "1549765", "206.238.196.177:55131", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250626-rr9vxaej7z", "AS399077,C2,rat,TERAEXCH,triage,valleyrat", "0", "DonPasci" "2025-06-26 14:37:52", "1549766", "8.217.38.238:8888", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250626-rr9vxaej7z", "ALIBABA-CN-NET,AS45102,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-06-26 14:36:21", "1549764", "38.240.33.97:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250626-pr8azacp5t", "AS-HYONIX-US,AS931,C2,rat,remcos,triage", "0", "DonPasci" "2025-06-26 14:35:56", "1549763", "185.156.175.35:42827", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250626-qngjhser5x", "AS9009,C2,M247,rat,remcos,triage", "0", "DonPasci" "2025-06-26 14:25:11", "1549762", "206.238.115.30:55231", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-06-26 14:00:17", "1549752", "45.194.36.156:8880", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-06-26 13:26:19", "1549549", "209.141.43.20:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-06-26 13:18:54", "1549701", "196.251.69.198:2721", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-06-26 13:18:54", "1549702", "216.9.225.163:25000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-06-26 13:18:08", "1549691", "133.201.65.30:8901", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots" "2025-06-26 13:15:09", "1549515", "193.222.96.48:3434", "ip:port", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "50", "", "c2,ermac", "0", "juroots" "2025-06-26 13:14:44", "1549514", "132.232.61.21:25000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,elknot", "0", "juroots" "2025-06-26 13:13:48", "1549510", "141.105.65.10:5784", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots" "2025-06-26 13:10:12", "1549491", "138.124.60.33:80", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://www.shodan.io/host/138.124.60.33#80", "c2,gremlin,shodan", "0", "juroots" "2025-06-26 13:09:56", "1549490", "117.209.24.243:50100", "ip:port", "botnet_cc", "elf.mozi", "None", "Mozi", "", "50", "https://www.shodan.io/host/117.209.24.243#50100", "c2,mozi,shodan", "0", "juroots" "2025-06-26 13:08:58", "1549489", "181.214.48.110:1177", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "https://www.shodan.io/host/181.214.48.110#1177", "c2,njrat,shodan", "0", "juroots" "2025-06-26 13:08:57", "1549488", "39.100.87.179:80", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "https://www.shodan.io/host/39.100.87.179#80", "c2,njrat,shodan", "0", "juroots" "2025-06-26 13:08:43", "1549487", "193.104.222.150:54984", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "https://www.shodan.io/host/193.104.222.150#54984", "c2,nanocore,shodan", "0", "juroots" "2025-06-26 13:08:26", "1549485", "43.138.157.213:8095", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/43.138.157.213#8095", "c2,shodan,StarKillerC2", "0", "juroots" "2025-06-26 13:08:08", "1549484", "212.69.167.73:10443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/212.69.167.73#10443", "bruteratel,c2,shodan", "0", "juroots" "2025-06-26 13:07:52", "1549482", "204.152.223.120:7080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/204.152.223.120#7080", "c2,mythic,shodan", "0", "juroots" "2025-06-26 13:07:52", "1549483", "148.135.101.111:444", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/148.135.101.111#444", "c2,mythic,shodan", "0", "juroots" "2025-06-26 13:07:40", "1549481", "18.181.213.216:8649", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/18.181.213.216#8649", "c2,netbus,shodan", "0", "juroots" "2025-06-26 13:07:39", "1549480", "43.205.228.162:14894", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/43.205.228.162#14894", "c2,netbus,shodan", "0", "juroots" "2025-06-26 13:07:29", "1549478", "47.109.44.195:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/47.109.44.195#80", "c2,redguard,shodan", "0", "juroots" "2025-06-26 13:07:29", "1549479", "103.136.150.48:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/103.136.150.48#80", "c2,redguard,shodan", "0", "juroots" "2025-06-26 13:07:14", "1549475", "16.63.221.35:20121", "ip:port", "botnet_cc", "win.blackshades", "None", "BlackShades", "", "50", "https://www.shodan.io/host/16.63.221.35#20121", "blackshades,c2,shodan", "0", "juroots" "2025-06-26 13:07:14", "1549476", "52.66.137.138:37", "ip:port", "botnet_cc", "win.blackshades", "None", "BlackShades", "", "50", "https://www.shodan.io/host/52.66.137.138#37", "blackshades,c2,shodan", "0", "juroots" "2025-06-26 13:06:59", "1549473", "103.130.215.202:27036", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/103.130.215.202#27036", "c2,extreme,shodan", "0", "juroots" "2025-06-26 13:06:59", "1549474", "103.130.215.202:20002", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/103.130.215.202#20002", "c2,extreme,shodan", "0", "juroots" "2025-06-26 13:06:43", "1549471", "35.230.2.143:4443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/35.230.2.143#4443", "c2,shodan,villain", "0", "juroots" "2025-06-26 13:06:43", "1549472", "146.190.239.152:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/146.190.239.152#8443", "c2,shodan,villain", "0", "juroots" "2025-06-26 13:06:08", "1549470", "102.46.109.60:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/102.46.109.60#443", "c2,shodan,unam", "0", "juroots" "2025-06-26 13:05:39", "1549468", "62.72.176.41:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/62.72.176.41#1604", "c2,darkcomet,shodan", "0", "juroots" "2025-06-26 13:05:39", "1549469", "62.72.176.41:12293", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/62.72.176.41#12293", "c2,darkcomet,shodan", "0", "juroots" "2025-06-26 13:05:38", "1549467", "217.112.13.211:3333", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/217.112.13.211#3333", "c2,darkcomet,shodan", "0", "juroots" "2025-06-26 13:05:18", "1549466", "34.41.146.20:10443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/34.41.146.20#10443", "c2,gophish,phishing,shodan", "0", "juroots" "2025-06-26 13:05:17", "1549464", "89.111.169.116:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/89.111.169.116#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2025-06-26 13:05:17", "1549465", "66.63.163.133:9205", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/66.63.163.133#9205", "c2,gophish,phishing,shodan", "0", "juroots" "2025-06-26 13:05:00", "1549461", "15.161.48.49:9998", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/15.161.48.49#9998", "c2,netsupport,shodan", "0", "juroots" "2025-06-26 13:05:00", "1549462", "16.62.128.106:9206", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/16.62.128.106#9206", "c2,netsupport,shodan", "0", "juroots" "2025-06-26 13:05:00", "1549463", "80.27.56.224:6001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/80.27.56.224#6001", "c2,netsupport,shodan", "0", "juroots" "2025-06-26 13:04:59", "1549458", "44.220.149.216:15", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/44.220.149.216#15", "c2,netsupport,shodan", "0", "juroots" "2025-06-26 13:04:59", "1549459", "35.177.59.45:17", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/35.177.59.45#17", "c2,netsupport,shodan", "0", "juroots" "2025-06-26 13:04:59", "1549460", "37.13.26.52:6000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/37.13.26.52#6000", "c2,netsupport,shodan", "0", "juroots" "2025-06-26 13:04:58", "1549454", "95.127.239.206:6000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/95.127.239.206#6000", "c2,netsupport,shodan", "0", "juroots" "2025-06-26 13:04:58", "1549455", "5.205.207.203:6001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/5.205.207.203#6001", "c2,netsupport,shodan", "0", "juroots" "2025-06-26 13:04:58", "1549456", "51.17.167.100:9999", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/51.17.167.100#9999", "c2,netsupport,shodan", "0", "juroots" "2025-06-26 13:04:58", "1549457", "3.97.14.41:9306", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/3.97.14.41#9306", "c2,netsupport,shodan", "0", "juroots" "2025-06-26 13:04:43", "1549452", "178.62.85.153:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/178.62.85.153#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:43", "1549453", "34.124.142.136:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/34.124.142.136#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:42", "1549448", "176.57.150.105:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/176.57.150.105#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:42", "1549449", "139.162.180.23:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/139.162.180.23#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:42", "1549450", "107.189.22.3:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/107.189.22.3#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:42", "1549451", "178.20.46.26:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/178.20.46.26#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:41", "1549445", "194.48.248.172:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/194.48.248.172#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:41", "1549446", "176.65.138.50:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/176.65.138.50#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:41", "1549447", "152.42.164.173:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/152.42.164.173#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:40", "1549443", "51.68.199.104:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/51.68.199.104#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:40", "1549444", "123.253.111.225:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/123.253.111.225#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:39", "1549439", "188.68.32.43:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/188.68.32.43#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:39", "1549440", "91.99.18.187:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/91.99.18.187#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:39", "1549441", "85.215.55.232:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/85.215.55.232#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:39", "1549442", "213.159.68.192:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/213.159.68.192#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:38", "1549436", "172.237.156.81:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/172.237.156.81#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:38", "1549437", "91.197.97.248:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/91.197.97.248#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:38", "1549438", "172.86.80.140:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/172.86.80.140#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:37", "1549434", "203.205.6.227:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/203.205.6.227#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:37", "1549435", "80.78.25.121:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/80.78.25.121#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:36", "1549433", "64.23.212.247:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/64.23.212.247#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-26 13:04:14", "1549432", "83.147.17.228:8789", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/83.147.17.228#8789", "c2,cobaltstrike,cs-watermark-100000,shodan", "0", "juroots" "2025-06-26 13:03:58", "1549431", "121.61.101.68:444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/121.61.101.68#444", "c2,cobaltstrike,cs-watermark-1234567890,shodan", "0", "juroots" "2025-06-26 13:03:57", "1549430", "47.93.216.2:9553", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.93.216.2#9553", "c2,cobaltstrike,cs-watermark-1234567890,shodan", "0", "juroots" "2025-06-26 13:03:47", "1549429", "14.103.238.166:50000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/14.103.238.166#50000", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-06-26 13:03:29", "1549428", "1.94.62.205:8056", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/1.94.62.205#8056", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-26 13:03:26", "1549427", "111.119.222.15:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/111.119.222.15#8080", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-26 13:03:23", "1549426", "217.154.212.25:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 06:57:57", "50", "https://www.shodan.io/host/217.154.212.25#8443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-26 13:03:21", "1549425", "101.133.148.66:18018", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/101.133.148.66#18018", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-26 13:03:18", "1549424", "117.72.211.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/117.72.211.24#443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-26 12:40:14", "1549423", "87.120.93.254:7712", "ip:port", "botnet_cc", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "100", "None", "AurotunStealer", "0", "abuse_ch" "2025-06-26 12:35:11", "1549422", "109.120.137.128:7712", "ip:port", "botnet_cc", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "100", "None", "AurotunStealer", "0", "abuse_ch" "2025-06-26 12:32:44", "1549421", "47.238.146.37:8002", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250626-k6cqdszygs", "ALIBABA-CN-NET,AS45102,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-06-26 12:32:43", "1549420", "47.238.146.37:8001", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250626-k6cqdszygs", "ALIBABA-CN-NET,AS45102,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-06-26 12:29:49", "1549419", "160.202.133.143:5713", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250626-peatyael8s", "AS60781,C2,LEASEWEB-NL-AMS-01,quasar,rat,triage", "0", "DonPasci" "2025-06-26 12:29:35", "1549418", "38.255.49.23:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250626-pfrtvael9w", "AS-HYONIX-US,AS931,C2,rat,remcos,triage", "0", "DonPasci" "2025-06-26 12:01:56", "1549410", "94.237.84.161:8081", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/94.237.84.161", "AS202053,C2,censys,hacktool,Mimikatz,open-dir,UPCLOUD", "0", "DonPasci" "2025-06-26 12:01:36", "1549408", "79.241.100.4:82", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:52:37", "100", "https://search.censys.io/hosts/79.241.100.4", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci" "2025-06-26 12:01:36", "1549409", "16.62.126.222:41795", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:46:14", "100", "https://search.censys.io/hosts/16.62.126.222", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-26 12:01:35", "1549407", "43.208.75.92:12210", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:50:50", "100", "https://search.censys.io/hosts/43.208.75.92", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-26 12:01:32", "1549406", "44.251.164.0:10080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-27 07:50:53", "100", "https://search.censys.io/hosts/44.251.164.0", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-06-26 12:01:31", "1549405", "27.255.75.137:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-27 07:49:46", "100", "https://search.censys.io/hosts/27.255.75.137", "AS45382,C2,censys,EHOSTIDC-AS-KR,Havoc", "0", "DonPasci" "2025-06-26 12:01:28", "1549404", "54.252.241.158:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 07:52:00", "100", "https://search.censys.io/hosts/54.252.241.158", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2025-06-26 12:01:27", "1549403", "139.59.181.253:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 07:44:49", "100", "https://search.censys.io/hosts/139.59.181.253", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-06-26 12:01:20", "1549402", "108.181.218.61:3333", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 07:43:37", "100", "https://search.censys.io/hosts/108.181.218.61", "AS40676,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-06-26 12:01:18", "1549401", "175.27.224.166:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 04:00:25", "100", "https://search.censys.io/hosts/175.27.224.166", "AS45090,C2,censys,Supershell,TENCENT-NET-AP", "0", "DonPasci" "2025-06-26 12:01:06", "1549400", "173.225.99.206:6217", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-27 07:46:59", "100", "https://search.censys.io/hosts/173.225.99.206", "AS19318,C2,censys,IS-AS-1,RAT,Remcos", "0", "DonPasci" "2025-06-26 12:01:03", "1549399", "181.131.216.154:1906", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-27 07:47:34", "100", "https://search.censys.io/hosts/181.131.216.154", "AS13489,C2,censys,RAT,Remcos,UNE", "0", "DonPasci" "2025-06-26 12:00:42", "1549398", "113.44.176.164:20000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:55:19", "100", "https://search.censys.io/hosts/113.44.176.164", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-06-26 12:00:40", "1549397", "1.94.183.238:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:13", "100", "https://search.censys.io/hosts/1.94.183.238", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-06-26 12:00:39", "1549396", "115.29.241.139:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:13", "100", "https://search.censys.io/hosts/115.29.241.139", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-26 12:00:37", "1549395", "182.92.116.91:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:14", "100", "https://search.censys.io/hosts/182.92.116.91", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-26 12:00:36", "1549394", "43.153.60.198:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:57:21", "100", "https://search.censys.io/hosts/43.153.60.198", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-06-26 12:00:09", "1549393", "8.213.236.2:8888", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-06-26 11:12:45", "1549391", "8.138.233.120:8443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-06-27 07:58:10", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-06-26 11:10:43", "1549390", "196.251.71.39:6374", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/8be521d630b1c7285e4e2074443ba82175636714302b975bd27da3e0cb6fc270/", "remcos", "0", "abuse_ch" "2025-06-26 11:08:14", "1549389", "45.137.22.114:55615", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://tria.ge/250626-htem4sbq7y", "AS51447,C2,RedLine,RedlineStealer,ROOTLAYERNET,stealer,triage", "0", "DonPasci" "2025-06-26 11:07:06", "1549388", "77.93.152.4:9548", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250626-kbr7lazwet", "AS401479,C2,DBM-ASN-KC,quasar,rat,triage", "0", "DonPasci" "2025-06-26 11:06:43", "1549384", "88.198.24.82:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250626-kqmweszxft", "AS24940,C2,HETZNER-AS,rat,remcos,triage", "0", "DonPasci" "2025-06-26 11:06:33", "1549382", "196.251.66.225:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250626-l24tratmv2", "AS401116,C2,NYBULA,triage,xworm", "0", "DonPasci" "2025-06-26 11:04:38", "1549381", "101.200.137.237:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:54:46", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-26 10:55:51", "1549380", "185.156.72.25:6565", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/07845fcc83f3b490b9f6b80cb8ebde0be46507395d6cbad8bc57857762f7213a/", "asyncrat", "0", "abuse_ch" "2025-06-26 09:55:03", "1549375", "196.251.84.181:5610", "ip:port", "botnet_cc", "jar.strrat", "None", "STRRAT", "", "100", "None", "STRRAT", "0", "abuse_ch" "2025-06-26 09:50:49", "1549374", "185.241.208.254:9863", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/afaa94f74bc92314092321e200a3f455545b47035ca44d10800e646d752509e6/", "remcos", "0", "abuse_ch" "2025-06-26 09:35:03", "1549373", "134.122.128.241:27989", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-06-26 09:01:58", "1549372", "70.31.125.78:2078", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-27 07:52:26", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-26 08:40:03", "1549371", "27.124.44.137:1080", "ip:port", "botnet_cc", "win.fatal_rat", "Sainbox RAT", "FatalRat", "", "100", "None", "FatalRAT", "0", "abuse_ch" "2025-06-26 08:20:32", "1549369", "104.37.4.115:5012", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/1c27fe41bd75981b092376cbb88a63baaae8cfe8c4ef18ab5201e6ff272ae2db/", "remcos", "0", "abuse_ch" "2025-06-26 08:20:32", "1549370", "104.37.4.115:5013", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/1c27fe41bd75981b092376cbb88a63baaae8cfe8c4ef18ab5201e6ff272ae2db/", "remcos", "0", "abuse_ch" "2025-06-26 08:20:30", "1549368", "104.37.4.115:5011", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/1c27fe41bd75981b092376cbb88a63baaae8cfe8c4ef18ab5201e6ff272ae2db/", "remcos", "0", "abuse_ch" "2025-06-26 08:02:14", "1549366", "77.90.153.46:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-06-26 08:01:59", "1549365", "194.48.142.120:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-06-27 07:48:28", "100", "https://search.censys.io/hosts/194.48.142.120", "AS400992,BianLian,C2,censys,ZHOUYISAT-COMMUNICATIONS", "0", "DonPasci" "2025-06-26 08:01:29", "1549363", "16.51.71.248:2087", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:46:13", "100", "https://search.censys.io/hosts/16.51.71.248", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-26 08:01:29", "1549364", "18.226.52.101:9090", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:47:31", "100", "https://search.censys.io/hosts/18.226.52.101", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-26 08:01:28", "1549362", "98.130.124.136:30005", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:53:48", "100", "https://search.censys.io/hosts/98.130.124.136", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-26 08:01:27", "1549361", "3.35.206.79:20001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:49:55", "100", "https://search.censys.io/hosts/3.35.206.79", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-26 08:01:21", "1549359", "172.111.131.227:4785", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-06-27 04:00:41", "100", "https://search.censys.io/hosts/172.111.131.227", "AS3223,C2,censys,Quasar,RAT,VOXILITY", "0", "DonPasci" "2025-06-26 08:01:15", "1549358", "185.125.50.92:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/185.125.50.92", "AS215730,C2,censys,H2NEXUS-AS,RAT,Sectop", "0", "DonPasci" "2025-06-26 08:01:12", "1549357", "83.222.191.195:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/83.222.191.195", "AS204428,C2,censys,RAT,Sectop,SS-NET", "0", "DonPasci" "2025-06-26 08:00:35", "1549356", "182.254.138.198:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:18", "100", "https://search.censys.io/hosts/182.254.138.198", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-06-26 07:26:42", "1549355", "116.202.178.100:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-06-26 05:28:06", "1549339", "15.168.37.141:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-06-26 05:28:05", "1549338", "81.70.172.120:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-06-26 05:27:56", "1549337", "47.121.122.68:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 04:00:12", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-06-26 05:26:13", "1549336", "85.159.231.61:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-06-26 04:19:03", "1549300", "1.94.145.116:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-26 04:00:33", "100", "https://search.censys.io/hosts/1.94.145.116", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-06-26 04:19:03", "1549303", "35.220.187.0:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:57:00", "100", "https://search.censys.io/hosts/35.220.187.0", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM", "0", "dyingbreeds_" "2025-06-26 04:19:02", "1549302", "88.214.25.195:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:58:28", "100", "https://search.censys.io/hosts/88.214.25.195", "AS35042,C2,censys,LAYER7-NETWORKS-", "0", "dyingbreeds_" "2025-06-26 04:19:01", "1549301", "101.200.137.237:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:54:46", "100", "https://search.censys.io/hosts/101.200.137.237", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-06-26 04:19:00", "1549304", "139.185.52.242:10001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:56:09", "100", "https://search.censys.io/hosts/139.185.52.242", "AS31898,C2,censys,ORACLE-BMC-31898", "0", "dyingbreeds_" "2025-06-26 04:19:00", "1549305", "23.249.28.153:14994", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-06-26 04:00:51", "75", "https://search.censys.io/hosts/23.249.28.153", "AS152156,C2,censys,RAT", "0", "dyingbreeds_" "2025-06-26 04:18:59", "1549306", "3.135.34.124:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-27 07:49:49", "90", "https://search.censys.io/hosts/3.135.34.124", "AMAZON-02,AS16509,C2,censys", "0", "dyingbreeds_" "2025-06-26 04:18:59", "1549307", "23.111.147.162:8088", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 07:49:34", "100", "https://search.censys.io/hosts/23.111.147.162", "AS29802,C2,censys,HVC-AS,RAT", "0", "dyingbreeds_" "2025-06-26 04:18:57", "1549310", "45.8.145.113:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-06-26 04:01:12", "100", "https://search.censys.io/hosts/45.8.145.113", "AS44477,C2,censys,Hookbot,THE-HOSTING", "0", "dyingbreeds_" "2025-06-26 04:18:57", "1549311", "98.71.173.119:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-06-26 04:01:12", "100", "https://search.censys.io/hosts/98.71.173.119", "AS8075,C2,censys,Hookbot,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "dyingbreeds_" "2025-06-26 04:18:56", "1549309", "81.181.111.41:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 07:52:56", "100", "https://search.censys.io/hosts/81.181.111.41", "AS9009,C2,censys,M247,Mythic", "0", "dyingbreeds_" "2025-06-26 04:18:55", "1549312", "31.57.219.46:5938", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-06-26 04:01:13", "100", "https://search.censys.io/hosts/31.57.219.46", "AS399486,C2,censys,RAT,VIRTUO", "0", "dyingbreeds_" "2025-06-26 04:18:55", "1549313", "45.138.16.34:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-06-26 04:01:14", "100", "https://search.censys.io/hosts/45.138.16.34", "AS210558,C2,censys,RAT", "0", "dyingbreeds_" "2025-06-26 04:18:54", "1549314", "167.172.63.184:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-27 07:46:36", "100", "https://search.censys.io/hosts/167.172.63.184", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2025-06-26 04:18:54", "1549315", "54.235.2.186:4444", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-06-26 04:01:17", "100", "https://search.censys.io/hosts/54.235.2.186", "AMAZON-AES,AS14618,C2,censys,RAT", "0", "dyingbreeds_" "2025-06-26 04:18:53", "1549316", "46.246.4.7:5000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-06-27 07:51:21", "100", "https://search.censys.io/hosts/46.246.4.7", "AS42708,C2,censys,RAT", "0", "dyingbreeds_" "2025-06-26 04:18:53", "1549317", "34.19.15.84:5000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.19.15.84", "AS396982,Botnet,byob,C2,censys,GOOGLE-CLOUD-PLATFORM", "0", "dyingbreeds_" "2025-06-26 04:18:52", "1549318", "66.63.187.70:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-26 04:01:30", "100", "https://search.censys.io/hosts/66.63.187.70", "AS214943,C2,censys,RAILNET,Unam", "0", "dyingbreeds_" "2025-06-26 04:18:52", "1549320", "8.137.113.57:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.137.113.57", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:51", "1549319", "64.23.242.142:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/64.23.242.142", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:51", "1549321", "47.122.113.29:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.122.113.29", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:50", "1549322", "3.7.200.239:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.7.200.239", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:50", "1549323", "89.169.181.136:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/89.169.181.136", "AS200350,censys,GoPhish,Phishing,YANDEXCLOUD", "0", "dyingbreeds_" "2025-06-26 04:18:49", "1549324", "147.182.138.100:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/147.182.138.100", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:49", "1549325", "31.97.8.97:2083", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/31.97.8.97", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:49", "1549326", "35.236.105.134:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/35.236.105.134", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:48", "1549327", "13.39.82.249:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.39.82.249", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:48", "1549328", "103.215.82.109:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.215.82.109", "AS55933,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:47", "1549329", "167.71.89.247:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/167.71.89.247", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:47", "1549330", "104.194.144.13:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/104.194.144.13", "AS198983,censys,GoPhish,Phishing,TORNADODATACENTER", "0", "dyingbreeds_" "2025-06-26 04:18:46", "1549331", "15.207.1.43:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/15.207.1.43", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:46", "1549332", "3.140.123.244:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.140.123.244", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:18:45", "1549333", "3.130.155.71:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.130.155.71", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-26 04:07:02", "1549335", "77.90.153.73:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-06-26 04:01:48", "1549334", "45.74.10.208:8888", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/45.74.10.208", "AS207184,C2,censys,cert,rhadamanthys,stealer,TELCHAK-AS", "0", "DonPasci" "2025-06-26 02:56:23", "1549299", "23.226.54.25:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:56:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-26 02:42:22", "1549297", "196.251.116.140:2004", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/84c868874f298528ad5c30d50d7d3ad53abfd401d95ef14d1e7ef14fef639971/", "remcos", "0", "abuse_ch" "2025-06-26 02:42:22", "1549298", "196.251.116.140:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/84c868874f298528ad5c30d50d7d3ad53abfd401d95ef14d1e7ef14fef639971/", "remcos", "0", "abuse_ch" "2025-06-26 00:01:30", "1549296", "186.169.36.120:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-06-27 07:47:59", "100", "https://search.censys.io/hosts/186.169.36.120", "AS3816,C2,censys,COLOMBIA,DcRAT,RAT", "0", "DonPasci" "2025-06-26 00:01:29", "1549295", "194.26.192.76:10134", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "2025-06-26 04:01:02", "100", "https://search.censys.io/hosts/194.26.192.76", "AS210558,C2,censys,Orcus,RAT,SERVICES-1337-GMBH", "0", "DonPasci" "2025-06-26 00:01:26", "1549294", "3.145.32.11:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-27 07:49:50", "100", "https://search.censys.io/hosts/3.145.32.11", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-06-26 00:01:24", "1549293", "177.60.19.72:5000", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-06-26 04:00:53", "100", "https://search.censys.io/hosts/177.60.19.72", "AS26599,C2,censys,Quasar,RAT,TELEFONICA", "0", "DonPasci" "2025-06-26 00:01:21", "1549291", "154.83.92.128:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 07:45:47", "100", "https://search.censys.io/hosts/154.83.92.128", "AkileCloud,AS61112,C2,censys,Mythic", "0", "DonPasci" "2025-06-26 00:01:06", "1549290", "140.238.178.68:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/140.238.178.68", "AS31898,C2,censys,open-dir,ORACLE-BMC-31898,payload,Sliver", "0", "DonPasci" "2025-06-26 00:01:05", "1549289", "213.139.50.179:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/213.139.50.179", "AS8697,C2,censys,JTC-AS8697,open-dir,payload,Sliver", "0", "DonPasci" "2025-06-26 00:01:04", "1549288", "140.238.178.68:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-27 07:44:51", "100", "https://search.censys.io/hosts/140.238.178.68", "AS31898,C2,censys,ORACLE-BMC-31898,Sliver", "0", "DonPasci" "2025-06-26 00:01:03", "1549287", "144.172.114.220:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-27 07:45:00", "100", "https://search.censys.io/hosts/144.172.114.220", "AS14956,C2,censys,ROUTERHOSTING,Sliver", "0", "DonPasci" "2025-06-26 00:00:59", "1549286", "104.243.254.99:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-27 07:43:25", "100", "https://search.censys.io/hosts/104.243.254.99", "AS7040,C2,censys,NETMINDERS,RAT,Remcos", "0", "DonPasci" "2025-06-26 00:00:58", "1549285", "94.72.109.180:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-27 07:53:43", "100", "https://search.censys.io/hosts/94.72.109.180", "AS51167,C2,censys,CONTABO,RAT,Remcos", "0", "DonPasci" "2025-06-26 00:00:57", "1549284", "45.88.186.161:6606", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-27 07:51:17", "100", "https://search.censys.io/hosts/45.88.186.161", "AS23470,C2,censys,RAT,RELIABLESITE,Remcos", "0", "DonPasci" "2025-06-26 00:00:35", "1549283", "121.36.73.30:12345", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:55:49", "100", "https://search.censys.io/hosts/121.36.73.30", "AS55990,C2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2025-06-26 00:00:34", "1549282", "121.41.91.64:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-26 05:28:04", "100", "https://search.censys.io/hosts/121.41.91.64", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-06-26 00:00:32", "1549281", "176.126.85.26:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 06:03:01", "100", "https://search.censys.io/hosts/176.126.85.26", "AS63473,C2,censys,CobaltStrike,cs-watermark-987654321,HOSTHATCH", "0", "DonPasci" "2025-06-25 23:02:47", "1549280", "180.97.220.91:7849", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-06-27 07:56:40", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-06-25 21:33:57", "1549275", "5.253.247.131:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250625-yn3qracj5z", "AS58087,C2,FLORIANKOLB,quasar,rat,triage", "0", "DonPasci" "2025-06-25 21:33:57", "1549276", "3.80.189.98:8080", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-06-26 04:00:53", "100", "https://tria.ge/250625-zty57as1bw", "AMAZON-AES,AS14618,C2,quasar,rat,triage", "0", "DonPasci" "2025-06-25 21:33:51", "1549272", "185.196.9.158:4503", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250625-ydcrkscj8x", "AS42624,asyncrat,C2,rat,SWISSNETWORK02,triage", "0", "DonPasci" "2025-06-25 21:33:50", "1549270", "185.196.9.158:4501", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250625-ydcrkscj8x", "AS42624,asyncrat,C2,rat,SWISSNETWORK02,triage", "0", "DonPasci" "2025-06-25 21:33:50", "1549271", "185.196.9.158:4502", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250625-ydcrkscj8x", "AS42624,asyncrat,C2,rat,SWISSNETWORK02,triage", "0", "DonPasci" "2025-06-25 21:33:30", "1549268", "67.21.33.92:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250625-t9g9qabm4v", "AS397373,C2,H4Y-TECHNOLOGIES,triage,xworm", "0", "DonPasci" "2025-06-25 21:33:29", "1549266", "211.211.45.214:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250625-zjw8vaej61", "AS9318,C2,SKB-AS,triage,xworm", "0", "DonPasci" "2025-06-25 20:54:37", "1549262", "51.211.213.23:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-27 07:51:48", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-25 20:54:25", "1549261", "49.88.156.34:8928", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-27 07:51:36", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-06-25 20:53:27", "1549260", "39.40.151.109:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-27 07:50:38", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-25 20:53:21", "1549259", "38.179.64.207:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 07:50:30", "75", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-06-25 20:52:51", "1549258", "3.250.194.11:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2025-06-27 07:49:53", "75", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2025-06-25 20:50:54", "1549257", "189.140.14.39:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-27 07:48:05", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-25 20:50:35", "1549256", "185.208.158.168:10100", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-27 07:47:50", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-06-25 20:50:20", "1549255", "182.30.78.72:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-27 07:47:36", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-06-25 20:50:16", "1549254", "18.254.159.159:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-27 07:47:32", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-06-25 20:48:52", "1549253", "16.64.20.11:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-27 07:46:15", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-06-25 20:44:34", "1549251", "83.172.136.121:443", "ip:port", "botnet_cc", "win.warmcookie", "Badspace,Carrotstick,QUICKBIND", "WarmCookie", "", "100", "None", "warmcookie", "0", "Rony" "2025-06-25 20:44:34", "1549252", "45.153.126.129:443", "ip:port", "botnet_cc", "win.warmcookie", "Badspace,Carrotstick,QUICKBIND", "WarmCookie", "", "100", "None", "warmcookie", "0", "Rony" "2025-06-25 20:01:53", "1549245", "23.95.32.229:19000", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/23.95.32.229", "AS-COLOCROSSING,AS36352,C2,censys,rhadamanthys,stealer", "0", "DonPasci" "2025-06-25 20:01:46", "1549244", "77.90.153.79:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-06-25 20:01:33", "1549243", "94.126.204.179:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-06-26 04:01:15", "100", "https://search.censys.io/hosts/94.126.204.179", "AS210656,C2,censys,moobot,YACLOUDBMS", "0", "DonPasci" "2025-06-25 20:01:21", "1549241", "13.239.251.147:2", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:44:33", "100", "https://search.censys.io/hosts/13.239.251.147", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-25 20:01:19", "1549240", "118.68.4.147:4444", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "2025-06-26 04:01:01", "100", "https://search.censys.io/hosts/118.68.4.147", "AS18403,C2,censys,FPT-AS-AP,Orcus,RAT", "0", "DonPasci" "2025-06-25 20:01:14", "1549239", "64.137.9.118:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 07:52:13", "100", "https://search.censys.io/hosts/64.137.9.118", "AS-3HCLOUD,AS49791,C2,censys,Mythic", "0", "DonPasci" "2025-06-25 20:01:13", "1549238", "188.245.200.133:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 07:48:04", "100", "https://search.censys.io/hosts/188.245.200.133", "AS24940,C2,censys,HETZNER-AS,Mythic", "0", "DonPasci" "2025-06-25 20:01:07", "1549237", "128.90.113.126:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 07:44:24", "100", "https://search.censys.io/hosts/128.90.113.126", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-06-25 20:00:36", "1549235", "47.109.93.252:50051", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:57:41", "100", "https://search.censys.io/hosts/47.109.93.252", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-0", "0", "DonPasci" "2025-06-25 20:00:35", "1549234", "111.119.200.33:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:55:11", "100", "https://search.censys.io/hosts/111.119.200.33", "AS136907,C2,censys,CobaltStrike,cs-watermark-666666666,HWCLOUDS-AS-AP", "0", "DonPasci" "2025-06-25 20:00:32", "1549233", "139.185.52.242:10002", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:56:10", "100", "https://search.censys.io/hosts/139.185.52.242", "AS31898,C2,censys,CobaltStrike,cs-watermark-987654321,ORACLE-BMC-31898", "0", "DonPasci" "2025-06-25 16:01:34", "1549226", "185.236.203.114:4521", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-26 04:01:16", "100", "https://search.censys.io/hosts/185.236.203.114", "AS9009,C2,censys,M247,panel,Unam", "0", "DonPasci" "2025-06-25 16:01:23", "1549225", "51.84.175.149:6006", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:51:49", "100", "https://search.censys.io/hosts/51.84.175.149", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-25 16:01:22", "1549224", "51.44.221.26:2004", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:51:48", "100", "https://search.censys.io/hosts/51.44.221.26", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-25 16:01:17", "1549223", "185.169.252.240:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 07:47:44", "100", "https://search.censys.io/hosts/185.169.252.240", "AS51167,C2,censys,CONTABO,Mythic", "0", "DonPasci" "2025-06-25 16:01:10", "1549222", "128.90.113.126:2000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 07:44:23", "100", "https://search.censys.io/hosts/128.90.113.126", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-06-25 16:01:09", "1549221", "175.27.134.232:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-26 04:00:37", "100", "https://search.censys.io/hosts/175.27.134.232", "AS45090,C2,censys,Supershell,TENCENT-NET-AP", "0", "DonPasci" "2025-06-25 16:01:00", "1549220", "18.188.62.216:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-27 07:47:30", "100", "https://search.censys.io/hosts/18.188.62.216", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci" "2025-06-25 16:00:59", "1549218", "47.117.130.138:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-27 07:51:27", "100", "https://search.censys.io/hosts/47.117.130.138", "ALIBABA-CN-NET,AS37963,C2,censys,Sliver", "0", "DonPasci" "2025-06-25 16:00:59", "1549219", "23.137.255.85:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-27 07:49:35", "100", "https://search.censys.io/hosts/23.137.255.85", "AS210630,C2,censys,INTERNET-SPEECH-AND-PRIVACY,Sliver", "0", "DonPasci" "2025-06-25 16:00:58", "1549217", "13.39.85.9:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-27 07:44:35", "100", "https://search.censys.io/hosts/13.39.85.9", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci" "2025-06-25 16:00:55", "1549216", "88.119.171.163:5050", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-26 19:52:24", "100", "https://search.censys.io/hosts/88.119.171.163", "AS61272,C2,censys,IST-AS,RAT,Remcos", "0", "DonPasci" "2025-06-25 16:00:54", "1549214", "93.152.217.141:40000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-26 19:52:40", "100", "https://search.censys.io/hosts/93.152.217.141", "AS215540,C2,censys,GCS-AS,RAT,Remcos", "0", "DonPasci" "2025-06-25 16:00:54", "1549215", "155.133.26.179:48791", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-27 07:45:48", "100", "https://search.censys.io/hosts/155.133.26.179", "AS51167,C2,censys,CONTABO,RAT,Remcos", "0", "DonPasci" "2025-06-25 16:00:53", "1549212", "78.159.131.98:40482", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-27 07:52:35", "100", "https://search.censys.io/hosts/78.159.131.98", "AS215540,C2,censys,GCS-AS,RAT,Remcos", "0", "DonPasci" "2025-06-25 16:00:53", "1549213", "80.79.6.185:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-27 07:52:55", "100", "https://search.censys.io/hosts/80.79.6.185", "AS49981,C2,censys,RAT,Remcos,WORLDSTREAM", "0", "DonPasci" "2025-06-25 16:00:52", "1549211", "79.22.134.238:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-27 07:52:37", "100", "https://search.censys.io/hosts/79.22.134.238", "AS3269,ASN-IBSNAZ,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-06-25 16:00:37", "1549210", "47.96.255.66:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:57:53", "100", "https://search.censys.io/hosts/47.96.255.66", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-305419896", "0", "DonPasci" "2025-06-25 16:00:34", "1549208", "124.220.56.139:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:55:59", "100", "https://search.censys.io/hosts/124.220.56.139", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-06-25 16:00:34", "1549209", "1.94.102.145:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-26 04:00:18", "100", "https://search.censys.io/hosts/1.94.102.145", "AS55990,C2,censys,CobaltStrike,cs-watermark-666666666,HWCSNET", "0", "DonPasci" "2025-06-25 16:00:31", "1549207", "107.172.204.51:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:55:07", "100", "https://search.censys.io/hosts/107.172.204.51", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-25 16:00:30", "1549206", "176.124.222.100:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-26 04:00:13", "100", "https://search.censys.io/hosts/176.124.222.100", "AS216246,C2,censys,CobaltStrike,cs-watermark-987654321,RU-AEZA-AS", "0", "DonPasci" "2025-06-25 15:11:19", "1549204", "185.174.103.4:81", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://tria.ge/250625-dvwkssbk9s", "AS-COLOCROSSING,AS36352,C2,RedLine,RedlineStealer,stealer,triage", "0", "DonPasci" "2025-06-25 14:28:50", "1549192", "192.30.240.103:55919", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250625-rqvdtszpz8", "AS396073,C2,MAJESTIC-HOSTING-01,rat,remcos,triage", "0", "DonPasci" "2025-06-25 14:28:39", "1549189", "103.97.128.77:8808", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250625-n4wbhawsg1", "AS55933,C2,CLOUDIE-AS-AP,triage,xworm", "0", "DonPasci" "2025-06-25 14:28:39", "1549190", "185.196.10.251:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250625-jf78yahr4y", "AS42624,C2,SWISSNETWORK02,triage,xworm", "0", "DonPasci" "2025-06-25 14:28:39", "1549191", "104.194.147.14:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250625-hxzsfshn2y", "AS198983,C2,TORNADODATACENTER,triage,xworm", "0", "DonPasci" "2025-06-25 13:57:20", "1549187", "166.88.182.124:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-06-25 12:54:37", "1549184", "123.56.6.7:2052", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:55:56", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-25 12:53:47", "1549183", "104.223.120.202:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:54:58", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-25 12:01:39", "1549182", "18.177.205.251:80", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/18.177.205.251", "AMAZON-02,AS16509,C2,censys,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-06-25 12:01:36", "1549181", "196.251.117.162:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/196.251.117.162", "AS401116,C2,censys,Gafgyt,NYBULA,open-dir", "0", "DonPasci" "2025-06-25 12:01:31", "1549180", "43.162.116.186:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 07:50:47", "100", "https://search.censys.io/hosts/43.162.116.186", "AS132203,censys,EvilGinx,panel,Phishing,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-06-25 12:01:19", "1549179", "54.87.56.61:48141", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:52:04", "100", "https://search.censys.io/hosts/54.87.56.61", "AMAZON-AES,AS14618,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-25 12:01:16", "1549178", "54.165.195.193:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-27 07:51:56", "100", "https://search.censys.io/hosts/54.165.195.193", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci" "2025-06-25 12:01:08", "1549177", "172.94.96.143:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 07:46:54", "100", "https://search.censys.io/hosts/172.94.96.143", "AS207184,AsyncRAT,C2,censys,RAT,TELCHAK-AS", "0", "DonPasci" "2025-06-25 12:01:07", "1549176", "172.94.96.209:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 07:46:56", "100", "https://search.censys.io/hosts/172.94.96.209", "AS207184,AsyncRAT,C2,censys,RAT,TELCHAK-AS", "0", "DonPasci" "2025-06-25 12:00:54", "1549175", "45.153.125.232:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://search.censys.io/hosts/45.153.125.232", "AS57169,C2,censys,EDIS-AS-EU,RAT,SpiceRAT", "0", "DonPasci" "2025-06-25 12:00:37", "1549174", "121.37.128.221:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-26 04:00:16", "100", "https://search.censys.io/hosts/121.37.128.221", "AS55990,C2,censys,CobaltStrike,cs-watermark-305419896,HWCSNET", "0", "DonPasci" "2025-06-25 12:00:33", "1549173", "47.100.16.83:11112", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-26 04:00:20", "100", "https://search.censys.io/hosts/47.100.16.83", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-06-25 12:00:32", "1549172", "117.72.215.64:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-26 04:00:08", "100", "https://search.censys.io/hosts/117.72.215.64", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-06-25 12:00:31", "1549171", "38.55.129.94:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-26 04:00:20", "100", "https://search.censys.io/hosts/38.55.129.94", "AS54600,C2,censys,CobaltStrike,cs-watermark-987654321,PEG-SV", "0", "DonPasci" "2025-06-25 12:00:30", "1549170", "38.49.53.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-27 07:57:03", "100", "https://search.censys.io/hosts/38.49.53.149", "AS8796,C2,censys,CobaltStrike,cs-watermark-987654321,FD-298-8796", "0", "DonPasci" "2025-06-25 08:49:31", "1549161", "217.165.152.49:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-27 07:49:29", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-25 08:01:56", "1549145", "77.90.153.47:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-06-25 08:01:33", "1549144", "113.45.177.81:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-27 07:43:47", "100", "https://search.censys.io/hosts/113.45.177.81", "AdaptixC2,AS55990,C2,censys,HWCSNET", "0", "DonPasci" "2025-06-25 08:01:18", "1549143", "111.180.147.145:808", "ip:port", "botnet_cc", "elf.kaiji", "None", "Kaiji", "2025-06-26 04:01:14", "100", "https://search.censys.io/hosts/111.180.147.145", "AS148981,C2,censys,CHINANET-HUBEI-SHIYAN-IDC", "0", "DonPasci" "2025-06-25 08:01:10", "1549142", "18.237.76.155:17777", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-27 07:47:32", "100", "https://search.censys.io/hosts/18.237.76.155", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-25 08:01:03", "1549140", "136.24.173.189:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-27 07:44:41", "100", "https://search.censys.io/hosts/136.24.173.189", "AS19165,C2,censys,Mythic,WEBPASS", "0", "DonPasci" "2025-06-25 08:01:03", "1549141", "37.59.116.79:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-26 04:00:47", "100", "https://search.censys.io/hosts/37.59.116.79", "AS16276,C2,censys,Mythic,OVH", "0", "DonPasci" "2025-06-25 08:00:58", "1549139", "128.90.113.126:4000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-27 07:44:24", "100", "https://search.censys.io/hosts/128.90.113.126", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-06-25 08:00:55", "1549138", "194.15.112.204:443", "ip:port", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "2025-06-26 04:00:35", "90", "https://search.censys.io/hosts/194.15.112.204", "AS213354,C2,censys,INTERNATIONAL-HOSTING-SOLUTIONS-AS,RAT,ShadowPad", "0", "DonPasci" "2025-06-25 08:00:32", "1549136", "111.229.80.204:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-26 04:00:22", "100", "https://search.censys.io/hosts/111.229.80.204", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-06-25 08:00:32", "1549137", "111.229.80.204:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-26 04:00:22", "100", "https://search.censys.io/hosts/111.229.80.204", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-06-25 08:00:29", "1549135", "182.92.133.129:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-26 04:00:21", "100", "https://search.censys.io/hosts/182.92.133.129", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" # Number of entries: 415