################################################################
# ThreatFox IOCs: recent ip-port - CSV format                  #
# Last updated: 2025-06-06 11:04:14 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2025-06-06 11:04:14", "1541531", "196.251.117.238:4488", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-06-06 11:02:55", "1541528", "89.23.97.34:9000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots"
"2025-06-06 11:00:26", "1541525", "34.46.0.79:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/34.46.0.79#3333", "c2,gophish,phishing,shodan", "0", "juroots"
"2025-06-06 11:00:04", "1541524", "16.26.41.189:8586", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/16.26.41.189#8586", "c2,netsupport,shodan", "0", "juroots"
"2025-06-06 11:00:00", "1541523", "195.82.147.40:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/195.82.147.40#31337", "c2,shodan,sliver", "0", "juroots"
"2025-06-06 10:59:59", "1541522", "85.209.156.6:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/85.209.156.6#31337", "c2,shodan,sliver", "0", "juroots"
"2025-06-06 08:01:15", "1541520", "128.90.113.219:1018", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-06 10:44:31", "100", "https://search.censys.io/hosts/128.90.113.219", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci"
"2025-06-06 08:01:15", "1541521", "31.57.33.26:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-06 10:51:33", "100", "https://search.censys.io/hosts/31.57.33.26", "AS210538,AsyncRAT,C2,censys,KEYUBU,RAT", "0", "DonPasci"
"2025-06-06 06:21:26", "1541513", "196.251.69.104:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-06-06 06:13:27", "1541492", "110.41.44.100:4433", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "50", "https://www.shodan.io/host/110.41.44.100#4433", "adaptixc2,c2,shodan", "0", "juroots"
"2025-06-06 06:13:09", "1541491", "109.123.243.148:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/109.123.243.148#3333", "c2,gophish,phishing,shodan", "0", "juroots"
"2025-06-06 06:12:43", "1541490", "45.77.154.115:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "50", "https://www.shodan.io/host/45.77.154.115#9000", "c2,sectop,shodan", "0", "juroots"
"2025-06-06 06:12:31", "1541489", "91.4.40.105:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "50", "https://www.shodan.io/host/91.4.40.105#80", "c2,gh0st,shodan", "0", "juroots"
"2025-06-06 06:12:16", "1541488", "37.27.249.115:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/37.27.249.115#1604", "c2,darkcomet,shodan", "0", "juroots"
"2025-06-06 06:11:47", "1541487", "143.244.136.94:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/143.244.136.94#31337", "c2,shodan,sliver", "0", "juroots"
"2025-06-06 06:11:35", "1541485", "108.137.71.89:4602", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/108.137.71.89#4602", "c2,netsupport,shodan", "0", "juroots"
"2025-06-06 06:11:35", "1541486", "13.212.248.223:12428", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/13.212.248.223#12428", "c2,netsupport,shodan", "0", "juroots"
"2025-06-06 06:11:17", "1541483", "34.176.10.48:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/34.176.10.48#443", "c2,mythic,shodan", "0", "juroots"
"2025-06-06 06:11:17", "1541484", "193.242.184.77:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/193.242.184.77#7443", "c2,mythic,shodan", "0", "juroots"
"2025-06-06 06:10:55", "1541482", "47.120.61.164:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.120.61.164#50050", "c2,cobaltstrike,shodan", "0", "juroots"
"2025-06-06 06:10:54", "1541481", "101.43.103.154:2083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/101.43.103.154#2083", "c2,cobaltstrike,shodan", "0", "juroots"
"2025-06-06 06:10:53", "1541480", "47.102.209.177:8899", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.102.209.177#8899", "c2,cobaltstrike,shodan", "0", "juroots"
"2025-06-06 06:10:23", "1541478", "194.87.10.101:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 06:10:54", "50", "https://www.shodan.io/host/194.87.10.101#80", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots"
"2025-06-06 06:10:23", "1541479", "158.247.193.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 06:10:55", "50", "https://www.shodan.io/host/158.247.193.230#443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots"
"2025-06-06 06:10:06", "1541477", "8.137.60.154:3333", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 06:10:55", "50", "https://www.shodan.io/host/8.137.60.154#3333", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots"
"2025-06-06 05:29:48", "1541390", "94.158.245.13:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://tria.ge/250605-wmydjasm15/behavioral1", "C2,NetSupport", "0", "Overkill1984zzz"
"2025-06-06 05:29:48", "1541394", "181.174.164.12:80", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://www.joesandbox.com/analysis/1707614/0/html", "None", "0", "tanner"
"2025-06-06 05:29:38", "1541418", "139.180.217.210:4433", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "75", "https://www.virustotal.com/gui/file/af1dd7ec87b9e6a5c203222685273298899cd916c8d4309c4244bd879e63c3ce/", "Metasploit,Meterpreter", "0", "Overkill1984zzz"
"2025-06-06 05:29:37", "1541420", "8.155.42.155:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic"
"2025-06-06 05:29:36", "1541421", "101.42.13.105:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic"
"2025-06-06 05:29:34", "1541451", "5.161.17.18:41333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/5.161.17.18", "AS213230,censys,GoPhish,HETZNER-CLOUD2-AS,Phishing", "0", "dyingbreeds_"
"2025-06-06 05:29:33", "1541449", "85.209.156.6:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-06 10:54:53", "90", "https://search.censys.io/hosts/85.209.156.6", "AS-GEOHOSTING,AS41111,C2,censys", "0", "dyingbreeds_"
"2025-06-06 05:29:33", "1541452", "54.234.148.73:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.234.148.73", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-06 05:29:32", "1541453", "34.240.152.241:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.240.152.241", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-06 05:29:32", "1541454", "18.225.17.46:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.225.17.46", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-06 05:29:31", "1541455", "82.157.209.172:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/82.157.209.172", "AS45090,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-06 05:29:31", "1541456", "95.217.209.25:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/95.217.209.25", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_"
"2025-06-06 05:29:31", "1541457", "35.226.196.129:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/35.226.196.129", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-06 05:29:30", "1541458", "49.235.32.122:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/49.235.32.122", "AS45090,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-06 05:29:30", "1541459", "47.128.188.97:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.128.188.97", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-06 05:29:29", "1541460", "74.176.99.107:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/74.176.99.107", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_"
"2025-06-06 05:29:28", "1541461", "107.175.0.19:8083", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/107.175.0.19", "AS-COLOCROSSING,AS36352,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-06 05:29:28", "1541462", "68.232.175.95:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/68.232.175.95", "AS-VULTR,AS20473,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-06 04:01:49", "1541464", "116.202.22.233:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/116.202.22.233", "AS24940,C2,censys,cert,HETZNER-AS,rhadamanthys,stealer", "0", "DonPasci"
"2025-06-06 04:01:25", "1541463", "62.60.226.191:1911", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://search.censys.io/hosts/62.60.226.191", "AS214351,C2,censys,FEMOIT,redline,stealer", "0", "DonPasci"
"2025-06-06 04:01:01", "1541450", "108.165.237.188:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-06 10:43:46", "100", "https://search.censys.io/hosts/108.165.237.188", "AS19318,C2,censys,IS-AS-1,RAT,Remcos", "0", "DonPasci"
"2025-06-06 02:56:30", "1541448", "2.57.241.35:57428", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:58:48", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-06 02:55:47", "1541447", "154.219.108.248:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:58:10", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-06 02:50:12", "1541445", "77.91.66.24:7777", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch"
"2025-06-06 00:01:39", "1541444", "18.231.3.95:51005", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-06 10:48:16", "100", "https://search.censys.io/hosts/18.231.3.95", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-06-06 00:01:38", "1541443", "18.231.3.95:6005", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-06 10:48:16", "100", "https://search.censys.io/hosts/18.231.3.95", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-06-06 00:01:35", "1541442", "185.112.147.18:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-06 10:48:21", "100", "https://search.censys.io/hosts/185.112.147.18", "AS44925,C2,censys,Havoc,THE-1984-AS", "0", "DonPasci"
"2025-06-06 00:01:31", "1541441", "51.79.190.129:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-06-06 04:00:36", "100", "https://search.censys.io/hosts/51.79.190.129", "AS16276,C2,censys,Hookbot,OVH", "0", "DonPasci"
"2025-06-06 00:01:29", "1541439", "34.45.97.62:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 10:51:38", "100", "https://search.censys.io/hosts/34.45.97.62", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Mythic", "0", "DonPasci"
"2025-06-06 00:01:29", "1541440", "103.214.157.231:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 04:00:35", "100", "https://search.censys.io/hosts/103.214.157.231", "AS152177,C2,censys,FULKI-AS-AP,Mythic", "0", "DonPasci"
"2025-06-06 00:01:28", "1541438", "34.133.43.230:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 10:51:34", "100", "https://search.censys.io/hosts/34.133.43.230", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Mythic", "0", "DonPasci"
"2025-06-06 00:01:21", "1541437", "106.14.25.74:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 04:00:27", "100", "https://search.censys.io/hosts/106.14.25.74", "ALIBABA-CN-NET,AS37963,C2,censys,Supershell", "0", "DonPasci"
"2025-06-06 00:00:50", "1541435", "47.92.108.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:59:46", "100", "https://search.censys.io/hosts/47.92.108.149", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-06-06 00:00:50", "1541436", "39.107.90.187:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:59:04", "100", "https://search.censys.io/hosts/39.107.90.187", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-06-06 00:00:49", "1541434", "47.92.108.149:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:59:46", "100", "https://search.censys.io/hosts/47.92.108.149", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-06-06 00:00:46", "1541432", "8.130.190.155:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 04:00:12", "100", "https://search.censys.io/hosts/8.130.190.155", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-06-06 00:00:46", "1541433", "119.45.71.218:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:57:27", "100", "https://search.censys.io/hosts/119.45.71.218", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2025-06-06 00:00:45", "1541431", "193.104.75.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 04:00:08", "100", "https://search.censys.io/hosts/193.104.75.24", "AS62005,BV-EU-AS,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-06-05 23:11:58", "1541429", "60.205.183.232:55555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:59:58", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-05 23:09:08", "1541428", "185.208.159.224:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:58:36", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-05 21:40:35", "1541419", "89.23.98.243:32", "ip:port", "botnet_cc", "win.nworm", "nw0rm,NWorm", "N-W0rm", "", "100", "None", "N-W0rm", "0", "abuse_ch"
"2025-06-05 21:01:08", "1541413", "8.142.19.203:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 10:54:24", "75", "None", "drb-ra,RAT", "0", "abuse_ch"
"2025-06-05 20:01:44", "1541404", "198.55.98.118:1911", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://search.censys.io/hosts/198.55.98.118", "AS214940,C2,censys,KPRONET,redline,stealer", "0", "DonPasci"
"2025-06-05 20:01:41", "1541403", "186.169.35.50:8010", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-06-06 10:48:53", "100", "https://search.censys.io/hosts/186.169.35.50", "AS3816,C2,censys,COLOMBIA,DcRAT,RAT", "0", "DonPasci"
"2025-06-05 20:01:34", "1541402", "176.97.117.128:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 04:00:32", "100", "https://search.censys.io/hosts/176.97.117.128", "AS43180,C2,censys,Mythic,TRUNKNETWORKS-AS", "0", "DonPasci"
"2025-06-05 20:01:29", "1541401", "115.76.200.35:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-06 10:44:01", "100", "https://search.censys.io/hosts/115.76.200.35", "AS7552,AsyncRAT,C2,censys,RAT,VIETEL-AS-AP", "0", "DonPasci"
"2025-06-05 20:01:07", "1541400", "43.240.12.185:8080", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-06-06 04:00:17", "100", "https://search.censys.io/hosts/43.240.12.185", "AS55933,C2,censys,CLOUDIE-AS-AP,Gh0st,RAT", "0", "DonPasci"
"2025-06-05 20:00:54", "1541399", "120.27.154.229:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 04:00:14", "100", "https://search.censys.io/hosts/120.27.154.229", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-305419896", "0", "DonPasci"
"2025-06-05 20:00:49", "1541398", "113.44.135.36:88", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:57:11", "100", "https://search.censys.io/hosts/113.44.135.36", "AS55990,C2,censys,CobaltStrike,cs-watermark-1234567890,HWCSNET", "0", "DonPasci"
"2025-06-05 20:00:45", "1541397", "45.192.98.219:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:59:24", "100", "https://search.censys.io/hosts/45.192.98.219", "AS137899,C2,censys,CobaltStrike,cs-watermark-987654321,ILAYERLIMITED-AS-AP", "0", "DonPasci"
"2025-06-05 20:00:44", "1541395", "121.37.168.152:4564", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:57:33", "100", "https://search.censys.io/hosts/121.37.168.152", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci"
"2025-06-05 20:00:44", "1541396", "8.130.190.155:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 11:00:13", "100", "https://search.censys.io/hosts/8.130.190.155", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-06-05 16:01:37", "1541389", "193.36.15.250:9000", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-06 10:49:22", "100", "https://search.censys.io/hosts/193.36.15.250", "AS6908,C2,censys,DATAHOP,Havoc", "0", "DonPasci"
"2025-06-05 16:01:34", "1541388", "35.202.0.75:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-06 10:51:45", "100", "https://search.censys.io/hosts/35.202.0.75", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Havoc", "0", "DonPasci"
"2025-06-05 16:01:06", "1541387", "45.141.215.14:8000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/45.141.215.14", "AS210558,C2,censys,open-dir,payload,SERVICES-1337-GMBH,Sliver", "0", "DonPasci"
"2025-06-05 16:01:04", "1541386", "143.244.136.94:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-06 10:44:58", "100", "https://search.censys.io/hosts/143.244.136.94", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci"
"2025-06-05 16:01:03", "1541385", "35.87.19.128:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-06 10:51:48", "100", "https://search.censys.io/hosts/35.87.19.128", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci"
"2025-06-05 15:44:38", "1541384", "116.202.7.162:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x"
"2025-06-05 14:30:29", "1541306", "38.60.203.20:443", "ip:port", "botnet_cc", "win.plugx", "Destroy RAT,Kaba,Korplug,Sogu,TIGERPLUG,RedDelta", "PlugX", "", "75", "", "None", "1", "Lordy2"
"2025-06-05 14:30:24", "1541364", "166.88.182.196:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "2025-06-05 14:50:58", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz"
"2025-06-05 14:10:59", "1541365", "45.227.252.251:34561", "ip:port", "botnet_cc", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "100", "None", "AurotunStealer", "0", "abuse_ch"
"2025-06-05 14:00:11", "1541359", "185.156.72.61:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "2025-06-06 11:24:03", "50", "https://tracker.viriback.com/index.php?q=185.156.72.61", "Amadey,ViriBack", "0", "abuse_ch"
"2025-06-05 14:00:06", "1541357", "179.43.176.26:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "2025-06-06 11:24:02", "50", "https://tracker.viriback.com/index.php?q=179.43.176.26", "Amadey,ViriBack", "0", "abuse_ch"
"2025-06-05 13:20:44", "1541355", "156.251.19.84:7777", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2025-06-05 13:09:31", "1541353", "111.229.187.190:9443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:57:06", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-05 12:01:35", "1541352", "54.219.75.80:32092", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-06 10:53:44", "100", "https://search.censys.io/hosts/54.219.75.80", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-06-05 12:01:32", "1541351", "146.59.156.28:4444", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-06-06 04:00:44", "100", "https://search.censys.io/hosts/146.59.156.28", "AS16276,C2,censys,DcRAT,OVH,RAT", "0", "DonPasci"
"2025-06-05 12:01:27", "1541350", "54.227.80.194:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-06 10:53:44", "100", "https://search.censys.io/hosts/54.227.80.194", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci"
"2025-06-05 12:01:24", "1541349", "188.93.233.232:4444", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-06-06 04:00:38", "100", "https://search.censys.io/hosts/188.93.233.232", "AS47674,C2,censys,NETSOLUTIONS,Quasar,RAT", "0", "DonPasci"
"2025-06-05 12:01:04", "1541348", "141.98.11.112:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-06 10:44:53", "100", "https://search.censys.io/hosts/141.98.11.112", "AS209605,C2,censys,HOSTBALTIC,RAT,Remcos", "0", "DonPasci"
"2025-06-05 12:00:43", "1541347", "161.97.138.238:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 04:00:15", "100", "https://search.censys.io/hosts/161.97.138.238", "AS51167,C2,censys,CobaltStrike,CONTABO,cs-watermark-987654321", "0", "DonPasci"
"2025-06-05 10:22:58", "1541341", "94.156.112.223:55566", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-06-05 10:22:03", "1541337", "154.223.132.91:23001", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,elknot", "0", "juroots"
"2025-06-05 10:21:32", "1541336", "51.195.211.236:9728", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-06 10:53:30", "50", "", "asyncrat,c2", "0", "juroots"
"2025-06-05 10:15:53", "1541326", "195.158.82.221:4433", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://www.shodan.io/host/195.158.82.221#4433", "c2,havoc,shodan", "0", "juroots"
"2025-06-05 10:15:39", "1541325", "45.94.47.164:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "50", "https://www.shodan.io/host/45.94.47.164#9000", "c2,sectop,shodan", "0", "juroots"
"2025-06-05 10:15:24", "1541324", "194.38.20.80:54984", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "https://www.shodan.io/host/194.38.20.80#54984", "c2,nanocore,shodan", "0", "juroots"
"2025-06-05 10:15:06", "1541323", "52.143.175.222:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 10:53:34", "50", "https://www.shodan.io/host/52.143.175.222#1337", "c2,mythic,shodan", "0", "juroots"
"2025-06-05 10:14:51", "1541322", "43.143.216.41:9205", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/43.143.216.41#9205", "c2,gophish,phishing,shodan", "0", "juroots"
"2025-06-05 10:14:50", "1541321", "43.240.113.10:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 04:01:06", "50", "https://www.shodan.io/host/43.240.113.10#8443", "c2,gophish,phishing,shodan", "0", "juroots"
"2025-06-05 10:14:32", "1541320", "15.185.200.33:5435", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/15.185.200.33#5435", "c2,netsupport,shodan", "0", "juroots"
"2025-06-05 10:14:31", "1541319", "51.44.163.128:8144", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/51.44.163.128#8144", "c2,netsupport,shodan", "0", "juroots"
"2025-06-05 10:14:09", "1541316", "77.73.39.176:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "50", "https://www.shodan.io/host/77.73.39.176#4444", "adaptixc2,c2,shodan", "0", "juroots"
"2025-06-05 10:14:09", "1541317", "154.223.21.252:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "50", "https://www.shodan.io/host/154.223.21.252#4444", "adaptixc2,c2,shodan", "0", "juroots"
"2025-06-05 10:14:09", "1541318", "43.156.64.185:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "50", "https://www.shodan.io/host/43.156.64.185#4444", "adaptixc2,c2,shodan", "0", "juroots"
"2025-06-05 10:13:47", "1541315", "37.27.243.83:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/37.27.243.83#31337", "c2,shodan,sliver", "0", "juroots"
"2025-06-05 10:13:45", "1541314", "159.89.17.182:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/159.89.17.182#31337", "c2,shodan,sliver", "0", "juroots"
"2025-06-05 10:13:39", "1541313", "35.92.206.30:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/35.92.206.30#31337", "c2,shodan,sliver", "0", "juroots"
"2025-06-05 10:13:15", "1541312", "121.61.97.95:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/121.61.97.95#50050", "c2,cobaltstrike,shodan", "0", "juroots"
"2025-06-05 10:12:43", "1541311", "80.87.199.167:8030", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-05 10:13:14", "50", "https://www.shodan.io/host/80.87.199.167#8030", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots"
"2025-06-05 10:12:27", "1541310", "183.6.20.32:4449", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-05 10:13:13", "50", "https://www.shodan.io/host/183.6.20.32#4449", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots"
"2025-06-05 10:12:15", "1541309", "167.179.87.189:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-05 10:13:14", "50", "https://www.shodan.io/host/167.179.87.189#8888", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots"
"2025-06-05 10:12:11", "1541307", "119.91.130.241:8828", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-05 10:13:14", "50", "https://www.shodan.io/host/119.91.130.241#8828", "c2,cobaltstrike,cs-watermark-305419896,shodan", "0", "juroots"
"2025-06-05 10:12:11", "1541308", "47.102.209.177:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 06:10:40", "50", "https://www.shodan.io/host/47.102.209.177#80", "c2,cobaltstrike,cs-watermark-305419896,shodan", "0", "juroots"
"2025-06-05 09:18:42", "1541305", "8.138.96.41:50010", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-06 10:54:22", "75", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2025-06-05 09:16:41", "1541304", "47.122.27.78:54321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-06 10:53:10", "75", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2025-06-05 09:14:56", "1541303", "43.140.221.154:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-06 10:52:21", "75", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2025-06-05 09:14:54", "1541302", "43.138.186.236:80", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-06 10:52:20", "75", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2025-06-05 09:13:38", "1541301", "3.88.14.227:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-06 10:51:29", "75", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2025-06-05 09:11:30", "1541300", "212.192.15.213:60000", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-06 10:50:37", "75", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2025-06-05 09:07:28", "1541299", "123.249.20.20:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:57:41", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-05 09:04:48", "1541298", "164.92.253.61:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-06 10:46:52", "75", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2025-06-05 09:02:00", "1541296", "144.172.106.67:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-06 10:45:01", "75", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2025-06-05 09:00:30", "1541295", "124.70.144.47:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-06 10:44:26", "75", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2025-06-05 08:59:48", "1541294", "69.157.7.21:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-06 10:54:07", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch"
"2025-06-05 08:59:47", "1541293", "69.157.7.21:2078", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-06 10:54:07", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch"
"2025-06-05 08:58:30", "1541292", "103.106.230.53:5900", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-06 10:43:13", "75", "None", "AdaptixC2,drb-ra", "0", "abuse_ch"
"2025-06-05 08:52:49", "1541291", "195.58.34.174:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-06 10:49:34", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-06-05 08:52:44", "1541290", "195.206.234.15:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-06-06 10:49:31", "75", "None", "Bianlian,drb-ra", "0", "abuse_ch"
"2025-06-05 08:13:36", "1541289", "85.234.100.245:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-06 10:54:55", "75", "", "AdaptixC2", "0", "abuse_ch"
"2025-06-05 08:11:04", "1541288", "85.203.4.56:3434", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch"
"2025-06-05 08:03:34", "1541287", "116.202.3.169:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x"
"2025-06-05 08:01:48", "1541286", "104.248.117.30:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 10:43:30", "100", "https://search.censys.io/hosts/104.248.117.30", "AS14061,censys,DIGITALOCEAN-ASN,EvilGoPhish,panel,Phishing", "0", "DonPasci"
"2025-06-05 08:01:45", "1541285", "8.139.6.64:47486", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-06-06 10:54:22", "100", "https://search.censys.io/hosts/8.139.6.64", "ALIBABA-CN-NET,AS37963,censys,Chaos,panel", "0", "DonPasci"
"2025-06-05 08:01:32", "1541284", "51.95.114.161:4839", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-06 10:53:33", "100", "https://search.censys.io/hosts/51.95.114.161", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-06-05 08:01:30", "1541283", "196.120.22.122:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-06 10:49:34", "100", "https://search.censys.io/hosts/196.120.22.122", "AS36925,ASMedi,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-06-05 08:01:28", "1541281", "141.8.199.79:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-06-06 04:00:44", "100", "https://search.censys.io/hosts/141.8.199.79", "AS35278,C2,censys,DcRAT,RAT,SPRINTHOST", "0", "DonPasci"
"2025-06-05 08:01:28", "1541282", "78.135.82.65:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-06-06 04:00:45", "100", "https://search.censys.io/hosts/78.135.82.65", "AS207326,C2,censys,DcRAT,HOSTLAB,RAT", "0", "DonPasci"
"2025-06-05 08:01:25", "1541280", "154.8.231.43:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-06 10:46:03", "100", "https://search.censys.io/hosts/154.8.231.43", "AS45090,C2,censys,Havoc,TENCENT-NET-AP", "0", "DonPasci"
"2025-06-05 08:01:15", "1541279", "47.237.97.169:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 04:00:26", "100", "https://search.censys.io/hosts/47.237.97.169", "ALIBABA-CN-NET,AS45102,C2,censys,Supershell", "0", "DonPasci"
"2025-06-05 08:01:02", "1541278", "77.83.207.163:5000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-06 10:54:15", "100", "https://search.censys.io/hosts/77.83.207.163", "AS216341,C2,censys,OPTIMA-AS,RAT,Remcos", "0", "DonPasci"
"2025-06-05 08:00:48", "1541277", "49.235.113.177:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 04:00:09", "100", "https://search.censys.io/hosts/49.235.113.177", "AS45090,C2,censys,CobaltStrike,cs-watermark-0,TENCENT-NET-AP", "0", "DonPasci"
"2025-06-05 08:00:46", "1541276", "123.60.142.31:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 04:00:07", "100", "https://search.censys.io/hosts/123.60.142.31", "AS55990,C2,censys,CobaltStrike,cs-watermark-666666666,HWCSNET", "0", "DonPasci"
"2025-06-05 08:00:44", "1541275", "113.45.225.150:6666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:57:12", "100", "https://search.censys.io/hosts/113.45.225.150", "AS55990,C2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci"
"2025-06-05 08:00:43", "1541274", "195.179.226.253:2096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:58:44", "100", "https://search.censys.io/hosts/195.179.226.253", "AS51167,C2,censys,CobaltStrike,CONTABO,cs-watermark-987654321", "0", "DonPasci"
"2025-06-05 08:00:41", "1541273", "40.233.84.75:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 04:00:15", "100", "https://search.censys.io/hosts/40.233.84.75", "AS31898,C2,censys,CobaltStrike,cs-watermark-987654321,ORACLE-BMC-31898", "0", "DonPasci"
"2025-06-05 08:00:40", "1541272", "119.45.71.218:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:57:27", "100", "https://search.censys.io/hosts/119.45.71.218", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2025-06-05 07:45:48", "1541269", "107.163.56.240:18963", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "https://tria.ge/250605-bnpskayyhv", "AS395776,c2,FEDERAL-ONLINE-GROUP-LLC,Gh0st,RAT", "0", "DonPasci"
"2025-06-05 07:45:48", "1541270", "107.163.56.241:18530", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "https://tria.ge/250605-bnpskayyhv", "AS395776,c2,FEDERAL-ONLINE-GROUP-LLC,Gh0st,RAT", "0", "DonPasci"
"2025-06-05 07:45:48", "1541271", "107.163.56.251:6658", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "https://tria.ge/250605-bnpskayyhv", "AS395776,c2,FEDERAL-ONLINE-GROUP-LLC,Gh0st,RAT", "0", "DonPasci"
"2025-06-05 07:35:57", "1541268", "202.162.99.65:1523", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "https://tria.ge/250605-h4hgradq3w/behavioral1", "AS152194,c2,CTGSERVERLIMITED-AS-AP,Gh0st,RAT", "0", "DonPasci"
"2025-06-05 07:33:30", "1541267", "96.45.244.194:5129", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250605-h9kjasdr6s", "AS7106,c2,INDEPENDENTSFIBERNETWORK,office04,Quasar,RAT", "0", "DonPasci"
"2025-06-05 07:27:19", "1541264", "107.163.43.144:12388", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "https://tria.ge/250605-h4v3vadq31/behavioral1", "AS395776,c2,FEDERAL-ONLINE-GROUP-LLC,Gh0st,RAT", "0", "DonPasci"
"2025-06-05 07:27:19", "1541265", "107.163.241.193:6520", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "https://tria.ge/250605-h4v3vadq31/behavioral1", "AS395776,c2,FEDERAL-ONLINE-GROUP-LLC,Gh0st,RAT", "0", "DonPasci"
"2025-06-05 07:27:19", "1541266", "107.163.241.181:16300", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "https://tria.ge/250605-h4v3vadq31/behavioral1", "AS18978,c2,ENZUINC,Gh0st,RAT", "0", "DonPasci"
"2025-06-05 07:14:19", "1541263", "38.247.14.167:1337", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250604-z1qgmabk6t/behavioral1", "AS8796,AsyncRAT,c2,FD-298-8796,xbi", "0", "DonPasci"
"2025-06-05 07:03:17", "1541261", "154.53.41.5:1144", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2025-06-05 09:30:54", "100", "https://tria.ge/250605-hshy5sbp8s/behavioral1", "AS40021,c2,NL-811-40021,xworm", "0", "DonPasci"
"2025-06-05 05:38:09", "1541251", "113.45.225.150:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:57:12", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2025-06-05 05:38:04", "1541250", "194.156.99.187:82", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-06-05 05:24:17", "1541244", "68.232.175.95:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/68.232.175.95", "AS-VULTR,AS20473,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-05 05:24:16", "1541243", "178.205.105.94:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/178.205.105.94", "AS28840,censys,GoPhish,Phishing,TATTELECOM-AS", "0", "dyingbreeds_"
"2025-06-05 05:24:15", "1541242", "35.168.219.78:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/35.168.219.78", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-05 05:24:13", "1541241", "34.30.160.123:10443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.30.160.123", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-05 05:24:11", "1541240", "210.245.86.150:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/210.245.86.150", "AS18403,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-05 05:24:10", "1541239", "13.203.154.150:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.203.154.150", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-05 05:24:08", "1541238", "152.136.154.234:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/152.136.154.234", "AS45090,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-06-05 05:24:07", "1541237", "47.103.60.249:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 10:53:07", "100", "https://search.censys.io/hosts/47.103.60.249", "AS37963,censys,Viper", "0", "dyingbreeds_"
"2025-06-05 05:24:06", "1541236", "192.159.99.140:4449", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-06-05 04:01:17", "100", "https://search.censys.io/hosts/192.159.99.140", "AS210558,C2,censys,RAT", "0", "dyingbreeds_"
"2025-06-05 05:24:05", "1541235", "185.224.128.90:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-06 10:48:45", "100", "https://search.censys.io/hosts/185.224.128.90", "AS49870,AS49870-BV,C2,censys,RAT", "0", "dyingbreeds_"
"2025-06-05 05:24:04", "1541234", "198.12.120.209:60101", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:58:47", "100", "https://search.censys.io/hosts/198.12.120.209", "AS-COLOCROSSING,AS36352,C2,censys", "0", "dyingbreeds_"
"2025-06-05 05:23:59", "1541221", "44.203.208.169:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-05 22:02:34", "75", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic"
"2025-06-05 05:23:58", "1541220", "47.95.31.143:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-05 22:02:39", "75", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic"
"2025-06-05 05:23:57", "1541219", "120.26.98.120:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-05 22:02:25", "75", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic"
"2025-06-05 05:23:54", "1541218", "47.105.120.230:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-05 22:01:14", "75", "https://x.com/abodovic1", "c2,censys,CobaltStrike", "0", "Abodovic"
"2025-06-05 05:23:43", "1541199", "79.141.160.153:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch"
"2025-06-05 04:01:41", "1541247", "154.53.41.5:80", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://search.censys.io/hosts/154.53.41.5", "AS40021,C2,censys,NL-811-40021,open-dir,Xworm", "0", "DonPasci"
"2025-06-05 04:01:41", "1541248", "154.53.41.5:443", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://search.censys.io/hosts/154.53.41.5", "AS40021,C2,censys,NL-811-40021,open-dir,Xworm", "0", "DonPasci"
"2025-06-05 04:01:22", "1541246", "125.25.102.161:7443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-06 10:44:27", "100", "https://search.censys.io/hosts/125.25.102.161", "AS23969,C2,censys,Netsupport,RAT,TOT-NET", "0", "DonPasci"
"2025-06-05 02:55:23", "1541231", "191.101.131.227:1177", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch"
"2025-06-05 00:01:14", "1541228", "188.153.68.162:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-06 10:48:57", "100", "https://search.censys.io/hosts/188.153.68.162", "AS30722,AsyncRAT,C2,censys,RAT,VODAFONE-IT-ASN", "0", "DonPasci"
"2025-06-05 00:01:03", "1541227", "38.46.221.61:34613", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-06 10:52:09", "100", "https://search.censys.io/hosts/38.46.221.61", "AS26042,C2,censys,FIBERSTATE,Sliver", "0", "DonPasci"
"2025-06-05 00:01:02", "1541226", "154.247.135.60:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-06 10:45:59", "100", "https://search.censys.io/hosts/154.247.135.60", "ALGTEL-AS,AS36947,C2,censys,Sliver", "0", "DonPasci"
"2025-06-05 00:00:58", "1541225", "179.43.176.3:3397", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-06 07:47:43", "100", "https://search.censys.io/hosts/179.43.176.3", "AS51852,C2,censys,PLI-AS,RAT,Remcos", "0", "DonPasci"
"2025-06-05 00:00:42", "1541224", "43.100.9.138:20298", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:59:07", "100", "https://search.censys.io/hosts/43.100.9.138", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-06-05 00:00:39", "1541223", "47.111.154.80:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:59:35", "100", "https://search.censys.io/hosts/47.111.154.80", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2025-06-04 20:56:24", "1541217", "43.141.131.97:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-06 10:52:22", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-06-04 20:56:09", "1541216", "39.40.166.133:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-06 10:52:13", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch"
"2025-06-04 20:50:26", "1541215", "140.82.54.223:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://app.any.run/tasks/93115a01-8c9a-4365-818c-f55a9d5eddfb", "c2", "0", "juroots"
"2025-06-04 20:43:21", "1541214", "102.164.96.223:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-06 10:43:12", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-06-04 20:01:13", "1541204", "196.251.84.63:8088", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-06 10:49:44", "100", "https://search.censys.io/hosts/196.251.84.63", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci"
"2025-06-04 20:01:03", "1541203", "195.58.34.174:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-06 10:49:34", "100", "https://search.censys.io/hosts/195.58.34.174", "AS9123,C2,censys,Sliver,TIMEWEB-AS", "0", "DonPasci"
"2025-06-04 20:00:59", "1541202", "46.246.82.11:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-06 10:53:04", "100", "https://search.censys.io/hosts/46.246.82.11", "AS42708,C2,censys,GLESYS,RAT,Remcos", "0", "DonPasci"
"2025-06-04 20:00:42", "1541201", "47.105.120.230:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:59:29", "100", "https://search.censys.io/hosts/47.105.120.230", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2025-06-04 20:00:39", "1541200", "195.179.226.253:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:58:44", "100", "https://search.censys.io/hosts/195.179.226.253", "AS51167,C2,censys,CobaltStrike,CONTABO,cs-watermark-987654321", "0", "DonPasci"
"2025-06-04 19:54:09", "1541198", "144.172.101.45:1224", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://any.run/cybersecurity-blog/ottercookie-malware-analysis/", "ottercookie", "0", "juroots"
"2025-06-04 19:41:24", "1541187", "154.198.50.7:14747", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2025-06-04 19:03:53", "1541185", "119.121.202.111:2012", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "https://tria.ge/250604-w7vs5stvgy/behavioral2", "AS4134,c2,CHINANET-BACKBONE,Gh0st,RAT", "0", "DonPasci"
"2025-06-04 18:55:35", "1541184", "155.94.155.21:1992", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250604-t3dyqask15", "AS214943,asyncrat,c2,domain,mayo29,RAILNET,rat", "0", "DonPasci"
"2025-06-04 18:38:57", "1541179", "105.97.89.151:35679", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots"
"2025-06-04 18:37:32", "1541172", "109.120.137.229:7737", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-06-04 18:37:32", "1541173", "109.120.137.229:7795", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-06-04 18:33:09", "1541159", "13.79.135.16:2222", "ip:port", "botnet_cc", "apk.ahmyth", "None", "AhMyth", "", "50", "", "ahmyth,c2", "0", "juroots"
"2025-06-04 17:57:28", "1541150", "3.101.74.141:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/3.101.74.141#3333", "c2,gophish,phishing,shodan", "0", "juroots"
"2025-06-04 17:57:12", "1541149", "38.246.253.146:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/38.246.253.146#8888", "c2,shodan,supershell", "0", "juroots"
"2025-06-04 17:56:57", "1541148", "172.86.72.81:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "50", "https://www.shodan.io/host/172.86.72.81#9000", "c2,sectop,shodan", "0", "juroots"
"2025-06-04 17:56:41", "1541147", "47.79.87.210:993", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/47.79.87.210#993", "c2,netsupport,shodan", "0", "juroots"
"2025-06-04 17:56:27", "1541146", "146.70.213.35:2087", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/146.70.213.35#2087", "bruteratel,c2,shodan", "0", "juroots"
"2025-06-04 17:56:14", "1541145", "182.92.159.149:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/182.92.159.149#31337", "c2,shodan,sliver", "0", "juroots"
"2025-06-04 17:56:02", "1541144", "47.101.33.97:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.101.33.97#9999", "c2,cobaltstrike,cs-watermark-1873433027,shodan", "0", "juroots"
"2025-06-04 17:55:57", "1541143", "119.27.173.104:6666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/119.27.173.104#6666", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots"
"2025-06-04 17:55:51", "1541142", "113.45.232.73:9443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/113.45.232.73#9443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots"
"2025-06-04 17:28:08", "1541139", "80.76.49.209:8041", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://app.any.run/tasks/dfc5f29f-b299-483e-84de-377ba8a718d7", "c2,connectwise,screenconnect", "0", "juroots"
"2025-06-04 17:14:44", "1541137", "172.67.144.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:58:28", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-04 17:14:43", "1541136", "172.67.144.201:2053", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:58:27", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-04 17:11:56", "1541135", "120.27.154.229:2053", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:57:28", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-04 17:11:05", "1541134", "104.21.81.161:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:56:55", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-06-04 16:05:39", "1541132", "3.8.127.11:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch"
"2025-06-04 16:02:02", "1541131", "91.219.150.100:8098", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-06-06 10:55:26", "100", "https://search.censys.io/hosts/91.219.150.100", "AS56694,BianLian,C2,censys,SMARTAPE", "0", "DonPasci"
"2025-06-04 16:01:54", "1541130", "94.237.91.193:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/94.237.91.193", "AS202053,C2,censys,hacktool,Mimikatz,open-dir,UPCLOUD", "0", "DonPasci"
"2025-06-04 16:01:32", "1541129", "51.17.225.103:6002", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-06 10:53:29", "100", "https://search.censys.io/hosts/51.17.225.103", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-06-04 16:01:31", "1541128", "51.17.225.103:5902", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-06 10:53:29", "100", "https://search.censys.io/hosts/51.17.225.103", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-06-04 16:01:27", "1541127", "84.154.191.72:82", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-06 10:54:45", "100", "https://search.censys.io/hosts/84.154.191.72", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci"
"2025-06-04 16:01:25", "1541126", "176.65.137.186:5000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-06-06 10:47:40", "100", "https://search.censys.io/hosts/176.65.137.186", "AS215462,BUGGZ-HOSTING,C2,censys,DcRAT,RAT", "0", "DonPasci"
"2025-06-04 16:01:20", "1541125", "103.195.190.49:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-06-06 10:43:19", "100", "https://search.censys.io/hosts/103.195.190.49", "AS134677,C2,censys,Hookbot,IDC-AS-AP", "0", "DonPasci"
"2025-06-04 16:01:00", "1541124", "52.15.145.73:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-06 10:53:34", "100", "https://search.censys.io/hosts/52.15.145.73", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci"
"2025-06-04 16:00:37", "1541123", "149.104.28.101:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-06 10:58:02", "100", "https://search.censys.io/hosts/149.104.28.101", "AS139659,C2,censys,CobaltStrike,cs-watermark-391144938,LUCID-AS-AP", "0", "DonPasci"
"2025-06-04 14:46:00", "1541120", "156.241.144.66:52139", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2025-06-04 14:36:38", "1541119", "3.78.28.71:18858", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch"
"2025-06-04 14:36:16", "1541118", "18.192.31.30:18858", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch"
"2025-06-04 12:38:53", "1541115", "51.68.154.125:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch"
"2025-06-04 12:01:39", "1541114", "94.237.82.179:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/94.237.82.179", "AS202053,C2,censys,hacktool,Mimikatz,open-dir,UPCLOUD", "0", "DonPasci"
"2025-06-04 12:01:23", "1541113", "51.20.75.173:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-06 10:53:30", "100", "https://search.censys.io/hosts/51.20.75.173", "AMAZON-02,AS16509,C2,censys,Covenant", "0", "DonPasci"
"2025-06-04 12:01:15", "1541112", "196.251.80.17:6004", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-06-05 04:00:44", "100", "https://search.censys.io/hosts/196.251.80.17", "AS401120,C2,censys,CHEAPY-HOST,RAT,Venom", "0", "DonPasci"
"2025-06-04 12:01:11", "1541111", "63.33.82.34:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-05 04:00:33", "100", "https://search.censys.io/hosts/63.33.82.34", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci"
"2025-06-04 11:25:21", "1541110", "31.56.36.144:39653", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "None", "RedLineStealer", "0", "abuse_ch"
# Number of entries: 240