################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2025-08-21 16:01:28 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-08-21 16:01:28", "1572332", "85.236.49.84:666", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/85.236.49.84", "AS15456,C2,censys,INTERNETX-AS,PowershellEmpire", "0", "DonPasci" "2025-08-21 16:00:58", "1572331", "15.152.50.124:18246", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/15.152.50.124", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-21 16:00:56", "1572330", "43.226.17.43:8018", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/43.226.17.43", "AS64050,BGNL-HK,C2,censys,DcRAT,RAT", "0", "DonPasci" "2025-08-21 16:00:54", "1572328", "13.239.199.169:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/13.239.199.169", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-08-21 16:00:54", "1572329", "171.250.184.154:9999", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/171.250.184.154", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci" "2025-08-21 16:00:50", "1572327", "159.69.211.165:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/159.69.211.165", "AS24940,C2,censys,HETZNER-AS,Mythic", "0", "DonPasci" "2025-08-21 16:00:41", "1572326", "213.163.197.3:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/213.163.197.3", "AS202053,C2,censys,payload,Sliver,UPCLOUD", "0", "DonPasci" "2025-08-21 16:00:34", "1572325", "142.93.160.249:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/142.93.160.249", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-08-21 16:00:33", "1572324", "45.201.216.199:65535", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/45.201.216.199", "AS54801,C2,censys,Sliver,ZILLION-NETWORK", "0", "DonPasci" "2025-08-21 16:00:30", "1572323", "178.16.55.232:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/178.16.55.232", "AS209800,C2,censys,METASPINNER-ASN,RAT,Remcos", "0", "DonPasci" "2025-08-21 16:00:29", "1572322", "63.141.230.48:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/63.141.230.48", "AS33387,C2,censys,NOCIX,RAT,Remcos", "0", "DonPasci" "2025-08-21 16:00:15", "1572321", "74.48.75.59:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/74.48.75.59", "AS35916,C2,censys,CobaltStrike,MULTA-ASN1", "0", "DonPasci" "2025-08-21 16:00:09", "1572320", "182.92.125.117:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/182.92.125.117", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-21 15:35:15", "1572319", "91.202.233.17:7712", "ip:port", "botnet_cc", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "100", "None", "AurotunStealer", "0", "abuse_ch" "2025-08-21 14:59:59", "1572314", "193.161.193.99:24727", "ip:port", "botnet_cc", "win.xenorat", "None", "XenoRAT", "", "100", "https://netresec.com/?b=258f641", "None", "0", "netresec" "2025-08-21 14:59:58", "1572315", "https://raw.githubusercontent.com/NTCHuy/hack/refs/heads/main/Client.exe", "url", "payload_delivery", "win.xenorat", "None", "XenoRAT", "", "100", "https://netresec.com/?b=258f641", "GitHub", "0", "netresec" "2025-08-21 14:59:58", "1572317", "e0b465d3bd1ec5e95aee016951d55640", "md5_hash", "payload", "win.xenorat", "None", "XenoRAT", "", "100", "https://www.netresec.com/?page=Blog&month=2025-08&post=Define-Protocol-from-Traffic-XenoRAT", "None", "0", "netresec" "2025-08-21 14:59:58", "1572318", "5ab23ac79ede02166d6f5013d89738f9", "md5_hash", "payload", "win.xenorat", "None", "XenoRAT", "", "100", "https://www.netresec.com/?page=Blog&month=2025-08&post=Define-Protocol-from-Traffic-XenoRAT", "None", "0", "netresec" "2025-08-21 13:15:52", "1572316", "http://178.16.54.175/7d1ca61c169b4862.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250821-msjmwsaj6x", "AS40999,c2,Stealc,stealer,triage", "0", "DonPasci" "2025-08-21 13:01:10", "1572313", "196.251.88.245:2021", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/62b3b2c9bdfbd18bfbb8d74da69ddfd6dac58c44dc583dec756d5285f55c9b2b/", "asyncrat", "0", "abuse_ch" "2025-08-21 12:49:30", "1572312", "dakk5rnsax46s.cfc-execute.su.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:49:16", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-21 12:02:17", "1572311", "keepmasterr.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250821-jy9vgs1qs8", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2025-08-21 12:01:35", "1572310", "http://178.16.54.175", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250821-msjmwsaj6x", "AS40999,C2,stealc,stealer,triage", "0", "DonPasci" "2025-08-21 12:01:18", "1572309", "https://reschsc.top/zakj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250821-kz6d5asjs3", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-08-21 12:00:57", "1572308", "35.183.105.9:18082", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/35.183.105.9", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-21 12:00:56", "1572307", "3.96.221.134:17079", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/3.96.221.134", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-21 12:00:53", "1572306", "35.213.179.117:50666", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/35.213.179.117", "AS15169,C2,censys,GOOGLE,Havoc", "0", "DonPasci" "2025-08-21 12:00:52", "1572305", "2.56.246.175:7688", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/2.56.246.175", "AS203446,C2,censys,Quasar,RAT", "0", "DonPasci" "2025-08-21 12:00:43", "1572303", "47.99.193.179:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.99.193.179", "ALIBABA-CN-NET,AS37963,C2,censys,Supershell", "0", "DonPasci" "2025-08-21 12:00:43", "1572304", "107.172.87.130:12033", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/107.172.87.130", "AS-COLOCROSSING,AS36352,C2,censys,Supershell", "0", "DonPasci" "2025-08-21 12:00:30", "1572300", "66.63.187.232:8264", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250821-hrrjwszxev", "AS214943,C2,rat,remcos,triage", "0", "DonPasci" "2025-08-21 12:00:30", "1572301", "45.221.64.233:465", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/45.221.64.233", "AS207184,C2,censys,RAT,Remcos,TELCHAK-AS", "0", "DonPasci" "2025-08-21 12:00:30", "1572302", "193.26.115.190:7070", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/193.26.115.190", "AS23470,C2,censys,RAT,RELIABLESITE,Remcos", "0", "DonPasci" "2025-08-21 12:00:18", "1572299", "applications-designer.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250821-lt2z7a1xav", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-21 12:00:17", "1572295", "178.16.55.183:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-21 12:02:19", "100", "https://search.censys.io/hosts/178.16.55.183", "AS209800,C2,censys,Latrodectus,METASPINNER-ASN", "0", "DonPasci" "2025-08-21 12:00:17", "1572296", "heart-hunger.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250821-nwznyssrw4", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-21 12:00:17", "1572297", "authors-recall.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250821-nr1qfsstex", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-21 12:00:17", "1572298", "may-steering.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250821-nfqfcaspw3", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-21 12:00:12", "1572294", "202.155.152.136:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:50", "100", "https://search.censys.io/hosts/202.155.152.136", "AS215304,C2,censys,CobaltStrike,cs-watermark-1234567890,YUWAN", "0", "DonPasci" "2025-08-21 12:00:08", "1572293", "101.43.121.19:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.43.121.19", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-08-21 11:19:38", "1572291", "https://frozi.cc/Stb/Retev.php?bl=snCpakG7g9FWRE65PsLCW016.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://bazaar.abuse.ch/sample/0a941b63117c90c5f13e268a5aec78466302b788dc96aac784d1ca570ab61b11/", "None", "0", "burger" "2025-08-21 11:10:24", "1572292", "https://116.203.13.148", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-21 16:10:28", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-21 10:10:27", "1572289", "https://api.shipensburginvestmentgroup.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-21 16:10:32", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-21 10:10:27", "1572290", "api.shipensburginvestmentgroup.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-21 16:11:46", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-21 10:07:25", "1572288", "updates.highendmark.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "50", "", "gholoader", "0", "juroots" "2025-08-21 10:06:57", "1572287", "147.185.221.31:14757", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-21 10:06:25", "1572286", "friendly-mercy.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-21 10:06:24", "1572285", "therefore-nothing.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-21 10:05:57", "1572282", "https://pastebin.com/raw/1V5V0kt5", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-21 10:05:57", "1572283", "https://pastebin.com/raw/8bWyQrv5", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-21 10:05:57", "1572284", "https://pastebin.com/raw/YFCfHGQG", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-21 10:05:00", "1572281", "remcos.as.vip", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-08-21 10:04:29", "1572280", "vivepakx.ddns.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-08-21 10:04:11", "1572275", "allahbotnet.duckdns.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-08-21 10:04:11", "1572276", "cnc.9257.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-08-21 10:04:11", "1572277", "cnc.zinomc.com", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-08-21 10:04:11", "1572278", "codingvix.win", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-08-21 10:04:11", "1572279", "streamcodex.online", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-08-21 10:03:48", "1572274", "p6nnjzgxl.localto.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots" "2025-08-21 10:03:35", "1572273", "https://afip-aviso-wbe.kesug.com", "url", "botnet_cc", "apk.btmob", "None", "BTMOB RAT", "", "50", "", "btmob,c2", "0", "juroots" "2025-08-21 10:03:17", "1572272", "185.236.76.20:1553", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-08-21 10:03:02", "1572270", "4mxlrhcab.localto.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-08-21 10:03:02", "1572271", "jdpg1sudz.localto.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-08-21 10:02:32", "1572269", "https://raw.githubusercontent.com/yunus12343/sada-sada/refs/heads/main/ports", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-08-21 10:01:23", "1572268", "http://5.252.153.134/cvdfnaFJBmC0/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/0198cc13-71cc-761f-bfdc-ce2caff6d3b0", "amadey,c2,urlscan", "0", "juroots" "2025-08-21 10:00:54", "1572267", "http://167.179.104.126:8888/supershell/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0198cc13-0157-719d-8dc5-a01a01aab249", "c2,supershell,urlscan", "0", "juroots" "2025-08-21 10:00:32", "1572266", "http://110.164.93.43/attivita/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/0198cc12-ac24-7278-ad67-27ce8c786d48", "amadey,c2,urlscan", "0", "juroots" "2025-08-21 09:59:20", "1572265", "https://94.142.138.179/518893e599328c52.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/0198cc11-9212-755e-a5b7-d6a2f8be514b", "c2,stealc,urlscan", "0", "juroots" "2025-08-21 09:58:33", "1572264", "174.138.184.252:9109", "ip:port", "botnet_cc", "win.crimson", "SEEDOOR,Scarimson", "Crimson RAT", "", "50", "https://www.shodan.io/host/174.138.184.252#9109", "c2,crimson,shodan", "0", "juroots" "2025-08-21 09:58:02", "1572263", "95.172.113.169:2222", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/95.172.113.169#2222", "c2,darkcomet,shodan", "0", "juroots" "2025-08-21 09:57:47", "1572262", "147.50.253.22:1177", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "https://www.shodan.io/host/147.50.253.22#1177", "c2,njrat,shodan", "0", "juroots" "2025-08-21 09:57:33", "1572261", "118.40.6.133:80", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "https://www.shodan.io/host/118.40.6.133#80", "c2,nanocore,shodan", "0", "juroots" "2025-08-21 09:57:19", "1572260", "84.132.27.152:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "50", "https://www.shodan.io/host/84.132.27.152#80", "c2,gh0st,shodan", "0", "juroots" "2025-08-21 09:57:05", "1572259", "162.254.85.213:2087", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/162.254.85.213#2087", "bruteratel,c2,shodan", "0", "juroots" "2025-08-21 09:57:04", "1572258", "185.75.240.211:8085", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/185.75.240.211#8085", "bruteratel,c2,shodan", "0", "juroots" "2025-08-21 09:56:46", "1572256", "3.96.183.182:2087", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/3.96.183.182#2087", "c2,netsupport,shodan", "0", "juroots" "2025-08-21 09:56:46", "1572257", "120.210.205.62:9088", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/120.210.205.62#9088", "c2,netsupport,shodan", "0", "juroots" "2025-08-21 09:56:45", "1572251", "152.86.62.9:5914", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/152.86.62.9#5914", "c2,netsupport,shodan", "0", "juroots" "2025-08-21 09:56:45", "1572252", "18.60.226.102:8575", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/18.60.226.102#8575", "c2,netsupport,shodan", "0", "juroots" "2025-08-21 09:56:45", "1572253", "108.137.73.150:4063", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/108.137.73.150#4063", "c2,netsupport,shodan", "0", "juroots" "2025-08-21 09:56:45", "1572254", "222.220.144.250:2000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/222.220.144.250#2000", "c2,netsupport,shodan", "0", "juroots" "2025-08-21 09:56:45", "1572255", "3.96.162.81:12019", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/3.96.162.81#12019", "c2,netsupport,shodan", "0", "juroots" "2025-08-21 09:56:44", "1572249", "211.217.97.89:6001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/211.217.97.89#6001", "c2,netsupport,shodan", "0", "juroots" "2025-08-21 09:56:44", "1572250", "3.29.231.101:7171", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/3.29.231.101#7171", "c2,netsupport,shodan", "0", "juroots" "2025-08-21 09:56:37", "1572248", "204.188.228.199:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/204.188.228.199#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:36", "1572243", "178.128.204.213:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/178.128.204.213#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:36", "1572244", "144.208.127.35:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/144.208.127.35#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:36", "1572245", "45.137.99.53:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/45.137.99.53#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:36", "1572246", "47.79.84.118:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/47.79.84.118#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:36", "1572247", "146.19.128.63:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/146.19.128.63#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:35", "1572237", "66.78.40.237:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/66.78.40.237#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:35", "1572238", "146.190.20.46:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/146.190.20.46#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:35", "1572239", "31.57.109.4:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/31.57.109.4#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:35", "1572240", "195.246.230.92:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/195.246.230.92#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:35", "1572241", "75.119.146.156:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/75.119.146.156#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:35", "1572242", "206.189.156.238:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/206.189.156.238#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:34", "1572232", "66.78.40.90:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/66.78.40.90#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:34", "1572233", "193.180.212.140:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/193.180.212.140#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:34", "1572234", "217.154.212.25:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/217.154.212.25#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:34", "1572235", "84.21.171.168:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/84.21.171.168#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:34", "1572236", "74.48.170.150:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/74.48.170.150#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:33", "1572230", "113.192.6.34:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/113.192.6.34#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:33", "1572231", "192.144.232.209:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/192.144.232.209#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-21 09:56:29", "1572228", "94.99.103.174:12583", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12583", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:29", "1572229", "94.99.103.174:9943", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9943", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:28", "1572223", "94.99.103.174:8443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8443", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:28", "1572224", "94.99.103.174:16033", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#16033", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:28", "1572225", "94.99.103.174:16044", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#16044", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:28", "1572226", "94.99.103.174:4436", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#4436", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:28", "1572227", "94.99.103.174:21293", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#21293", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:27", "1572217", "94.99.103.174:992", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#992", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:27", "1572218", "94.99.103.174:18023", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#18023", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:27", "1572219", "94.99.103.174:20256", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#20256", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:27", "1572220", "94.99.103.174:16403", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#16403", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:27", "1572221", "94.99.103.174:3792", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#3792", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:27", "1572222", "94.99.103.174:4064", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#4064", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:26", "1572213", "94.99.103.174:777", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#777", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:26", "1572214", "94.99.103.174:5000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5000", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:26", "1572215", "94.99.103.174:18108", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#18108", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:26", "1572216", "94.99.103.174:20018", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#20018", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:25", "1572208", "94.99.103.174:9253", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9253", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:25", "1572209", "94.99.103.174:1964", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#1964", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:25", "1572210", "94.99.103.174:7079", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#7079", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:25", "1572211", "94.99.103.174:3580", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#3580", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:25", "1572212", "94.99.103.174:33060", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#33060", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:24", "1572202", "94.99.103.174:3524", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#3524", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:24", "1572203", "94.99.103.174:5267", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5267", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:24", "1572204", "94.99.103.174:50998", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#50998", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:24", "1572205", "94.99.103.174:15504", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#15504", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:24", "1572206", "94.99.103.174:5494", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5494", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:24", "1572207", "94.99.103.174:6080", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#6080", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:23", "1572197", "94.99.103.174:40892", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#40892", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:23", "1572198", "94.99.103.174:50122", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#50122", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:23", "1572199", "94.99.103.174:12565", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12565", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:23", "1572200", "94.99.103.174:14265", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#14265", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:23", "1572201", "94.99.103.174:5630", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5630", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:22", "1572192", "94.99.103.174:7015", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#7015", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:22", "1572193", "94.99.103.174:37215", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#37215", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:22", "1572194", "94.99.103.174:3014", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#3014", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:22", "1572195", "94.99.103.174:2555", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#2555", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:22", "1572196", "94.99.103.174:175", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#175", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:21", "1572186", "94.99.103.174:9050", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9050", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:21", "1572187", "94.99.103.174:7171", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#7171", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:21", "1572188", "94.99.103.174:12241", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12241", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:21", "1572189", "94.99.103.174:6379", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#6379", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:21", "1572190", "94.99.103.174:444", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#444", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:21", "1572191", "94.99.103.174:9600", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9600", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:20", "1572182", "94.99.103.174:465", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#465", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:20", "1572183", "94.99.103.174:12195", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12195", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:20", "1572184", "94.99.103.174:5432", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5432", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:20", "1572185", "94.99.103.174:41800", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#41800", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:19", "1572177", "94.99.103.174:8001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8001", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:19", "1572178", "94.99.103.174:55000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#55000", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:19", "1572179", "94.99.103.174:5011", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5011", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:19", "1572180", "94.99.103.174:16074", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#16074", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:19", "1572181", "94.99.103.174:3129", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#3129", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:18", "1572171", "94.99.103.174:25082", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#25082", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:18", "1572172", "94.99.103.174:37443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#37443", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:18", "1572173", "94.99.103.174:5190", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5190", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:18", "1572174", "94.99.103.174:20892", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#20892", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:18", "1572175", "94.99.103.174:12193", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12193", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:18", "1572176", "94.99.103.174:3156", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#3156", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:17", "1572165", "94.99.103.174:11601", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#11601", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:17", "1572166", "94.99.103.174:2081", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#2081", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:17", "1572167", "94.99.103.174:3066", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#3066", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:17", "1572168", "94.99.103.174:53", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#53", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:17", "1572169", "94.99.103.174:24084", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#24084", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:17", "1572170", "94.99.103.174:5613", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5613", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:16", "1572160", "94.99.103.174:5172", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5172", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:16", "1572161", "94.99.103.174:5123", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5123", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:16", "1572162", "94.99.103.174:9119", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9119", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:16", "1572163", "94.99.103.174:5357", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5357", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:16", "1572164", "94.99.103.174:4449", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#4449", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:15", "1572155", "94.99.103.174:12575", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12575", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:15", "1572156", "94.99.103.174:8589", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8589", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:15", "1572157", "94.99.103.174:5005", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5005", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:15", "1572158", "94.99.103.174:8005", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8005", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:15", "1572159", "94.99.103.174:9800", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9800", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:14", "1572150", "94.99.103.174:9144", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9144", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:14", "1572151", "94.99.103.174:8820", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8820", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:14", "1572152", "94.99.103.174:9094", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9094", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:14", "1572153", "94.99.103.174:12211", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12211", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:14", "1572154", "94.99.103.174:12282", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12282", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:13", "1572144", "94.99.103.174:2003", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#2003", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:13", "1572145", "94.99.103.174:10250", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#10250", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:13", "1572146", "94.99.103.174:12297", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12297", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:13", "1572147", "94.99.103.174:5009", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5009", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:13", "1572148", "94.99.103.174:8181", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8181", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:13", "1572149", "94.99.103.174:18443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#18443", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:12", "1572138", "94.99.103.174:104", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#104", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:12", "1572139", "94.99.103.174:8069", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8069", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:12", "1572140", "94.99.103.174:12572", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12572", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:12", "1572141", "94.99.103.174:7005", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#7005", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:12", "1572142", "94.99.103.174:12358", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12358", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:12", "1572143", "94.99.103.174:14406", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#14406", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:11", "1572133", "94.99.103.174:5089", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5089", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:11", "1572134", "94.99.103.174:9530", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9530", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:11", "1572135", "94.99.103.174:6550", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#6550", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:11", "1572136", "94.99.103.174:8282", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8282", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:11", "1572137", "94.99.103.174:12199", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12199", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:10", "1572128", "94.99.103.174:12460", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12460", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:10", "1572129", "94.99.103.174:5901", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5901", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:10", "1572130", "94.99.103.174:6008", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#6008", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:10", "1572131", "94.99.103.174:8649", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8649", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:10", "1572132", "94.99.103.174:122", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#122", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:09", "1572122", "94.99.103.174:4899", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#4899", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:09", "1572123", "94.99.103.174:8482", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8482", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:09", "1572124", "94.99.103.174:16030", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#16030", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:09", "1572125", "94.99.103.174:15001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#15001", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:09", "1572126", "94.99.103.174:4282", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#4282", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:09", "1572127", "94.99.103.174:21234", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#21234", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:08", "1572117", "94.99.103.174:51106", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#51106", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:08", "1572118", "94.99.103.174:2082", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#2082", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:08", "1572119", "94.99.103.174:12509", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12509", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:08", "1572120", "94.99.103.174:8126", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8126", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:08", "1572121", "94.99.103.174:10443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#10443", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:07", "1572112", "94.99.103.174:49686", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#49686", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:07", "1572113", "94.99.103.174:9215", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9215", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:07", "1572114", "94.99.103.174:55553", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#55553", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:07", "1572115", "94.99.103.174:2351", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#2351", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:07", "1572116", "94.99.103.174:5858", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5858", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:06", "1572107", "94.99.103.174:12353", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12353", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:06", "1572108", "94.99.103.174:37777", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#37777", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:06", "1572109", "94.99.103.174:9056", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9056", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:06", "1572110", "94.99.103.174:12475", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12475", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:06", "1572111", "94.99.103.174:12336", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12336", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:05", "1572102", "94.99.103.174:4567", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#4567", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:05", "1572103", "94.99.103.174:19233", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#19233", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:05", "1572104", "94.99.103.174:8048", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8048", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:05", "1572105", "94.99.103.174:12424", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12424", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:05", "1572106", "94.99.103.174:52311", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#52311", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:04", "1572098", "94.99.103.174:12435", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12435", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:04", "1572099", "94.99.103.174:1400", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#1400", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:04", "1572100", "94.99.103.174:12453", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12453", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:04", "1572101", "94.99.103.174:902", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#902", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:03", "1572093", "94.99.103.174:10225", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#10225", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:03", "1572094", "94.99.103.174:8543", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8543", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:03", "1572095", "94.99.103.174:8485", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8485", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:03", "1572096", "94.99.103.174:3075", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#3075", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:03", "1572097", "94.99.103.174:1364", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#1364", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:02", "1572091", "94.99.103.174:9098", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9098", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:02", "1572092", "94.99.103.174:8092", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8092", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:01", "1572087", "94.99.103.174:64671", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#64671", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:01", "1572088", "94.99.103.174:49", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#49", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:01", "1572089", "94.99.103.174:57781", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#57781", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:01", "1572090", "94.99.103.174:6602", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#6602", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:00", "1572082", "94.99.103.174:16019", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#16019", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:00", "1572083", "94.99.103.174:16004", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#16004", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:00", "1572084", "94.99.103.174:9030", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9030", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:00", "1572085", "94.99.103.174:35559", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#35559", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:56:00", "1572086", "94.99.103.174:25005", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#25005", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:59", "1572076", "94.99.103.174:12578", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12578", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:59", "1572077", "94.99.103.174:8434", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8434", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:59", "1572078", "94.99.103.174:3405", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#3405", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:59", "1572079", "94.99.103.174:2087", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#2087", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:59", "1572080", "94.99.103.174:8475", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8475", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:59", "1572081", "94.99.103.174:5222", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5222", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:58", "1572072", "94.99.103.174:22705", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#22705", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:58", "1572073", "94.99.103.174:2506", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#2506", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:58", "1572074", "94.99.103.174:8152", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8152", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:58", "1572075", "94.99.103.174:9104", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9104", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:57", "1572067", "94.99.103.174:16078", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#16078", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:57", "1572068", "94.99.103.174:50000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#50000", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:57", "1572069", "94.99.103.174:9153", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9153", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:57", "1572070", "94.99.103.174:8449", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8449", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:57", "1572071", "94.99.103.174:7989", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#7989", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:56", "1572063", "94.99.103.174:8143", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8143", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:56", "1572064", "94.99.103.174:9156", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9156", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:56", "1572065", "94.99.103.174:2455", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#2455", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:56", "1572066", "94.99.103.174:9088", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9088", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:55", "1572058", "94.99.103.174:50100", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#50100", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:55", "1572059", "94.99.103.174:4300", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#4300", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:55", "1572060", "94.99.103.174:6887", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#6887", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:55", "1572061", "94.99.103.174:7100", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#7100", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:55", "1572062", "94.99.103.174:12366", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12366", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:54", "1572054", "94.99.103.174:9052", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9052", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:54", "1572055", "94.99.103.174:1099", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#1099", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:54", "1572056", "94.99.103.174:9333", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9333", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:54", "1572057", "94.99.103.174:9000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9000", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:53", "1572049", "45.93.171.182:53", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/45.93.171.182#53", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:53", "1572050", "94.99.103.174:8140", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8140", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:53", "1572051", "94.99.103.174:12492", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12492", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:53", "1572052", "94.99.103.174:8526", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8526", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:53", "1572053", "94.99.103.174:8284", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8284", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:52", "1572044", "94.99.103.174:10081", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#10081", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:52", "1572045", "94.99.103.174:9091", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9091", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:52", "1572046", "94.99.103.174:8826", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8826", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:52", "1572047", "94.99.103.174:2086", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#2086", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:52", "1572048", "94.99.103.174:12272", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12272", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:51", "1572039", "94.99.103.174:21237", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#21237", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:51", "1572040", "94.99.103.174:12124", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12124", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:51", "1572041", "94.99.103.174:44158", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#44158", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:51", "1572042", "94.99.103.174:9869", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9869", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:51", "1572043", "94.99.103.174:8852", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#8852", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:50", "1572035", "94.99.103.174:3000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#3000", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:50", "1572036", "94.99.103.174:7001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#7001", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:50", "1572037", "94.99.103.174:9116", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#9116", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:50", "1572038", "94.99.103.174:2064", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#2064", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:49", "1572030", "94.99.103.174:1741", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#1741", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:49", "1572031", "94.99.103.174:5594", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#5594", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:49", "1572032", "94.99.103.174:12238", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12238", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:49", "1572033", "94.99.103.174:12262", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#12262", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:49", "1572034", "94.99.103.174:3550", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#3550", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:48", "1572029", "94.99.103.174:2559", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.99.103.174#2559", "c2,extreme,shodan", "0", "juroots" "2025-08-21 09:55:18", "1572028", "167.160.184.122:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/167.160.184.122#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:13", "1572025", "20.206.138.78:9091", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/20.206.138.78#9091", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:13", "1572026", "24.199.124.37:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/24.199.124.37#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:13", "1572027", "172.208.108.15:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 09:55:16", "50", "https://www.shodan.io/host/172.208.108.15#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:12", "1572024", "202.95.9.238:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.238#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:11", "1572020", "202.95.9.215:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.215#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:11", "1572021", "202.95.9.153:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.153#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:11", "1572022", "202.95.9.231:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.231#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:11", "1572023", "202.95.9.243:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.243#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:10", "1572016", "202.95.9.151:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.151#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:10", "1572017", "202.95.9.169:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.169#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:10", "1572018", "202.95.9.185:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.185#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:10", "1572019", "113.44.89.87:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/113.44.89.87#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:09", "1572013", "202.95.9.227:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.227#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:09", "1572014", "202.95.9.219:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.219#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:09", "1572015", "202.95.9.190:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.190#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:08", "1572011", "202.95.9.164:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.164#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:55:08", "1572012", "202.95.9.165:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.165#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-21 09:54:49", "1572010", "14.103.181.103:10080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 09:55:12", "50", "https://www.shodan.io/host/14.103.181.103#10080", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2025-08-21 09:54:32", "1572007", "110.41.77.122:9998", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 09:55:12", "50", "https://www.shodan.io/host/110.41.77.122#9998", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-08-21 09:54:32", "1572008", "38.181.44.241:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 09:55:13", "50", "https://www.shodan.io/host/38.181.44.241#8880", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-08-21 09:54:32", "1572009", "209.54.105.38:6666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 09:55:15", "50", "https://www.shodan.io/host/209.54.105.38#6666", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-08-21 09:54:28", "1572005", "45.192.201.93:6000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 09:55:12", "50", "https://www.shodan.io/host/45.192.201.93#6000", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-08-21 09:54:28", "1572006", "8.140.239.13:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 09:55:12", "50", "https://www.shodan.io/host/8.140.239.13#801", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-08-21 08:49:09", "1572004", "76.223.31.86:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-21 15:48:28", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-21 08:49:08", "1572003", "75.119.186.119:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-08-21 15:48:27", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-08-21 08:49:04", "1572002", "69.157.7.165:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-08-21 15:48:23", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-08-21 08:47:56", "1572001", "44.215.31.49:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-21 15:47:23", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-21 08:45:23", "1572000", "176.44.118.62:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-08-21 15:45:05", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-08-21 08:44:57", "1571999", "168.75.102.205:8880", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-21 15:44:50", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-21 08:15:32", "1571998", "206.238.40.106:8880", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-08-21 08:00:08", "1571997", "188.239.19.190:2095", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/188.239.19.190", "AS136907,C2,censys,CobaltStrike,cs-watermark-987654321,HWCLOUDS-AS-AP", "0", "DonPasci" "2025-08-21 07:26:09", "1571996", "43.132.244.201:3306", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/43.132.244.201", "AS132203,C2,censys,hacktool,Mimikatz,open-dir,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-08-21 07:25:40", "1571995", "178.16.55.194:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/178.16.55.194", "AS209800,C2,censys,METASPINNER-ASN,RAT,Sectop", "0", "DonPasci" "2025-08-21 07:25:39", "1571994", "185.208.159.71:1000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-21 15:45:38", "100", "https://search.censys.io/hosts/185.208.159.71", "AS42624,AsyncRAT,C2,censys,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-08-21 07:25:29", "1571993", "35.180.126.139:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:47:05", "100", "https://search.censys.io/hosts/35.180.126.139", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci" "2025-08-21 07:25:26", "1571992", "109.234.37.53:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 15:43:28", "100", "https://search.censys.io/hosts/109.234.37.53", "AS216071,C2,censys,RAT,Remcos,VDSINA", "0", "DonPasci" "2025-08-21 07:25:07", "1571991", "47.121.209.49:22222", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.121.209.49", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-21 07:21:06", "1571990", "213.209.150.111:24680", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/8dacb47c69a35a199894f29a981969a46029c9256610ac3045c624959839aaf0/", "xworm", "0", "abuse_ch" "2025-08-21 07:21:05", "1571988", "162.251.121.43:23148", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/698f07fd59bf2108814837fac44573087de65354bb7f3a616199e18583291fe2/", "remcos", "0", "abuse_ch" "2025-08-21 07:21:05", "1571989", "162.251.121.43:44237", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/698f07fd59bf2108814837fac44573087de65354bb7f3a616199e18583291fe2/", "remcos", "0", "abuse_ch" "2025-08-21 07:21:04", "1571987", "162.251.121.43:19882", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 14:56:09", "75", "https://bazaar.abuse.ch/sample/698f07fd59bf2108814837fac44573087de65354bb7f3a616199e18583291fe2/", "remcos", "0", "abuse_ch" "2025-08-21 07:15:35", "1571986", "192.121.82.45:9779", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-21 07:15:21", "1571985", "https://bee496bd.pythonanywhere.com/static/SystemUI.jpg", "url", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Malware,stego", "0", "Chamindu_X" "2025-08-21 07:10:15", "1571984", "http://cg95189.tw1.ru/94eb6e28.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-21 06:05:44", "1571981", "solnoq.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-08-21 06:05:44", "1571982", "cybertron.help", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-08-21 06:05:44", "1571983", "mkbr.xyz", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-08-21 06:01:02", "1571980", "5.182.206.88:9992", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250821-bta7csxzdz", "AS213250,C2,quasar,rat,triage", "0", "DonPasci" "2025-08-21 06:00:20", "1571979", "lisastevenson-42329.portmap.host", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250821-er9tpayzdv", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-08-21 06:00:13", "1571978", "too-decorating.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250821-b4cg6symx4", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-21 05:56:27", "1571977", "https://designtitle.xyz/mxi.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-08-21 05:50:59", "1571976", "107.150.0.101:64242", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/e9b303f24082eaf87853558d2d427ad2eecc78acd538d37e1f4397d378b47c27/", "remcos", "0", "abuse_ch" "2025-08-21 05:43:47", "1571975", "43.132.170.194:2095", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-08-21 05:42:57", "1571973", "47.93.59.247:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-08-21 05:42:57", "1571974", "47.101.145.19:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-08-21 05:42:52", "1571972", "39.98.43.227:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike", "0", "abuse_ch" "2025-08-21 05:42:50", "1571971", "43.132.244.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:51:06", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-08-21 05:42:48", "1571970", "121.36.249.122:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-08-21 04:27:49", "1571946", "devhdfcbank.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-21 04:00:51", "100", "https://search.censys.io/hosts/13.48.106.87+devhdfcbank.com", "AMAZON-02,AS16509,C2,censys", "0", "dyingbreeds_" "2025-08-21 04:27:47", "1571947", "107.178.105.155:2125", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-08-21 04:00:52", "100", "https://search.censys.io/hosts/107.178.105.155", "AS53755,C2,censys,IOFLOOD,RAT", "0", "dyingbreeds_" "2025-08-21 04:27:47", "1571948", "66.63.187.20:8080", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-08-21 04:00:54", "100", "https://search.censys.io/hosts/66.63.187.20", "AS214943,C2,censys,RAILNET,RAT", "0", "dyingbreeds_" "2025-08-21 04:27:46", "1571949", "144.172.100.103:80", "ip:port", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://search.censys.io/hosts/144.172.100.103", "AS14956,C2,censys,ROUTERHOSTING,Stealer", "0", "dyingbreeds_" "2025-08-21 04:27:46", "1571950", "39.96.165.39:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/39.96.165.39", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-08-21 04:27:46", "1571951", "47.105.65.103:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.105.65.103", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-08-21 04:27:45", "1571952", "8.152.207.233:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.152.207.233", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-08-21 04:27:45", "1571953", "rootyas.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 04:01:06", "100", "https://search.censys.io/hosts/185.161.209.117+rootyas.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:44", "1571955", "kws2.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 04:01:07", "100", "https://search.censys.io/hosts/185.161.209.117+kws2.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:44", "1571957", "194.31.52.58:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.31.52.58", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:44", "1571958", "181.32.54.171:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/181.32.54.171", "AS3816,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:43", "1571959", "54.162.88.66:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.162.88.66", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:43", "1571960", "103.235.75.139:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.235.75.139", "AS135444,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:43", "1571961", "103.235.75.139:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.235.75.139", "AS135444,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:42", "1571962", "172.233.109.166:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.233.109.166", "AS63949,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:41", "1571963", "54.147.87.79:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.147.87.79", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:41", "1571964", "135.181.215.79:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/135.181.215.79", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:40", "1571966", "52.71.99.143:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.71.99.143", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:40", "1571967", "89.34.230.246:2053", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/89.34.230.246", "AS207847,censys,CLOUDBLAST,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:40", "1571968", "47.94.254.40:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.94.254.40", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-21 04:27:38", "1571938", "83.229.125.228:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 04:00:10", "100", "https://search.censys.io/hosts/83.229.125.228", "AS139659,C2,censys", "0", "dyingbreeds_" "2025-08-21 04:27:38", "1571939", "103.124.107.208:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 04:00:10", "100", "https://search.censys.io/hosts/103.124.107.208", "AS142036,C2,censys", "0", "dyingbreeds_" "2025-08-21 04:27:37", "1571936", "bbs.blyyzs.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/154.201.84.67+bbs.blyyzs.com", "AS401696,C2,censys,COGNETCLOUD", "0", "dyingbreeds_" "2025-08-21 04:27:37", "1571937", "www.ueuser.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.121.136.179+www.ueuser.com", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-08-21 04:27:36", "1571850", "https://185.10.17.38/#/login", "url", "botnet_cc", "win.gotroj", "None", "GOTROJ", "", "50", "", "cntrojan", "0", "01Xyris" "2025-08-21 04:27:35", "1571876", "https://theisfjr.top/qiir", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "None", "0", "burger" "2025-08-21 04:27:34", "1571877", "https://t.me/modifyxz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "burger" "2025-08-21 04:27:33", "1571929", "35.209.76.146:443", "ip:port", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "AS15169,CloudFlare-Captcha,GCP,Google,Google-Cloud-Platform,NetSupport,NetSupportManager,RAT,Third-Party-Compromised,WordPress", "0", "glektarssza" "2025-08-21 04:27:32", "1571933", "sefaword.com", "domain", "cc_skimming", "js.magecart", "None", "magecart", "2025-08-21 04:22:21", "100", "", "skimmer,websocket", "0", "ravelin" "2025-08-21 04:27:28", "1571934", "f1b11dc83c398b1d7c606f7f5a181b8b76cd54dcce88bbec3fafb108bf04809c", "sha256_hash", "payload", "win.broomstick", "CLEANBOOST,CleanUp,CleanUpLoader,Oyster", "Broomstick", "", "100", "", "Oyster", "0", "hartescout" "2025-08-21 04:15:14", "1571969", "http://cx98298.tw1.ru/bd9bf15c.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-21 04:01:09", "1571956", "146.190.68.5:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 15:44:11", "100", "https://search.censys.io/hosts/146.190.68.5", "AS14061,censys,DIGITALOCEAN-ASN,EvilGoPhish,panel,Phishing", "0", "DonPasci" "2025-08-21 04:01:06", "1571954", "kws4-1.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 04:01:06", "100", "https://search.censys.io/hosts/185.161.209.117+kws4-1.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-08-21 04:00:30", "1571945", "194.165.16.169:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 15:45:56", "100", "https://search.censys.io/hosts/194.165.16.169", "AS48721,C2,censys,FLYSERVERS-ENDCLIENTS,RAT,Remcos", "0", "DonPasci" "2025-08-21 04:00:29", "1571943", "46.30.189.9:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 15:47:43", "100", "https://search.censys.io/hosts/46.30.189.9", "AS44066,C2,censys,DE-FIRSTCOLO,RAT,Remcos", "0", "DonPasci" "2025-08-21 04:00:29", "1571944", "87.120.93.192:6969", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 15:48:50", "100", "https://search.censys.io/hosts/87.120.93.192", "AS215730,C2,censys,H2NEXUS-AS,RAT,Remcos", "0", "DonPasci" "2025-08-21 04:00:12", "1571942", "178.16.55.53:2096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:40", "100", "https://search.censys.io/hosts/178.16.55.53", "AS209800,C2,censys,CobaltStrike,cs-watermark-666666666,METASPINNER-ASN", "0", "DonPasci" "2025-08-21 04:00:11", "1571940", "45.143.233.205:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 05:43:45", "100", "https://search.censys.io/hosts/45.143.233.205", "AS3258,C2,censys,CobaltStrike,cs-watermark-666666666,XTOM-JAPAN", "0", "DonPasci" "2025-08-21 04:00:11", "1571941", "178.16.55.53:2087", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 04:00:17", "100", "https://search.censys.io/hosts/178.16.55.53", "AS209800,C2,censys,CobaltStrike,cs-watermark-666666666,METASPINNER-ASN", "0", "DonPasci" "2025-08-21 04:00:07", "1571935", "47.121.209.49:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 04:00:16", "100", "https://search.censys.io/hosts/47.121.209.49", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-21 02:51:34", "1571932", "220.249.135.249:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:53", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-21 01:45:32", "1571931", "196.251.73.126:23500", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-21 01:40:31", "1571930", "147.185.221.31:15923", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-21 00:25:13", "1571928", "http://ca33575.tw1.ru/4a2b4413.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-21 00:03:23", "1571925", "mail.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 04:01:06", "100", "https://search.censys.io/hosts/185.161.209.117+mail.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-08-21 00:03:23", "1571926", "favicon.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 04:01:06", "100", "https://search.censys.io/hosts/185.161.209.117+favicon.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-08-21 00:03:11", "1571924", "54.234.30.196:25565", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:48:06", "100", "https://search.censys.io/hosts/54.234.30.196", "AMAZON-AES,AS14618,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-21 00:03:09", "1571923", "178.73.218.16:3000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-08-21 15:45:12", "100", "https://search.censys.io/hosts/178.73.218.16", "AS42708,C2,censys,DcRAT,GLESYS,RAT", "0", "DonPasci" "2025-08-21 00:03:07", "1571922", "31.14.142.50:4000", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-21 15:46:57", "100", "https://search.censys.io/hosts/31.14.142.50", "ARUBA-ASN,AS31034,C2,censys,Havoc", "0", "DonPasci" "2025-08-21 00:03:05", "1571921", "187.201.97.119:2403", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-21 04:00:36", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-21 00:03:04", "1571917", "187.201.97.119:587", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-21 04:00:39", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-21 00:03:04", "1571918", "187.201.97.119:2083", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-21 04:00:36", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-21 00:03:04", "1571919", "187.201.97.119:1912", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-21 04:00:39", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-21 00:03:04", "1571920", "187.201.97.119:4369", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-21 04:00:37", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-21 00:03:02", "1571915", "178.17.57.11:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-08-21 04:00:33", "100", "https://search.censys.io/hosts/178.17.57.11", "AS197450,C2,censys,Hookbot,SUNUCUN", "0", "DonPasci" "2025-08-21 00:03:02", "1571916", "193.58.121.7:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-08-21 15:45:55", "100", "https://search.censys.io/hosts/193.58.121.7", "AS215439,C2,censys,Hookbot,PLAY2GO-NET", "0", "DonPasci" "2025-08-21 00:03:01", "1571914", "20.42.107.78:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 04:00:33", "100", "https://search.censys.io/hosts/20.42.107.78", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Mythic", "0", "DonPasci" "2025-08-21 00:02:39", "1571913", "23.239.17.165:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:46:45", "100", "https://search.censys.io/hosts/23.239.17.165", "AKAMAI-LINODE-AP,AS63949,C2,censys,Sliver", "0", "DonPasci" "2025-08-21 00:02:35", "1571912", "185.243.115.127:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://search.censys.io/hosts/185.243.115.127", "AS48314,C2,censys,IP-PROJECTS,RAT,SpiceRAT", "0", "DonPasci" "2025-08-21 00:02:14", "1571911", "178.16.55.53:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 04:00:18", "100", "https://search.censys.io/hosts/178.16.55.53", "AS209800,C2,censys,CobaltStrike,cs-watermark-666666666,METASPINNER-ASN", "0", "DonPasci" "2025-08-20 22:30:21", "1571910", "103.176.197.33:20", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-08-20 22:25:43", "1571909", "192.169.69.26:6677", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 22:15:52", "1571908", "193.161.193.99:47328", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 22:15:22", "1571907", "http://cx12805.tw1.ru/5c1e03c3.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-20 20:50:36", "1571906", "193.187.91.237:1111", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 20:50:10", "1571905", "147.185.221.30:42419", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-08-20 20:48:31", "1571904", "95.216.191.29:1433", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:49:06", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-08-20 20:45:15", "1571903", "http://cl14976.tw1.ru/222c4a45.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-20 20:43:58", "1571902", "141.147.171.199:2096", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-21 15:44:05", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-20 20:03:27", "1571900", "94.237.85.209:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/94.237.85.209", "AS202053,C2,censys,hacktool,Mimikatz,open-dir,UPCLOUD", "0", "DonPasci" "2025-08-20 20:03:17", "1571898", "103.116.52.102:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-08-21 04:00:58", "100", "https://search.censys.io/hosts/103.116.52.102", "AS150895,C2,censys,EZTECH-VN,moobot", "0", "DonPasci" "2025-08-20 20:03:17", "1571899", "23.94.89.225:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-08-21 04:00:57", "100", "https://search.censys.io/hosts/23.94.89.225", "AS399045,C2,censys,DEDIOUTLET-NETWORKS,moobot", "0", "DonPasci" "2025-08-20 20:03:05", "1571896", "15.157.72.236:45615", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:44:15", "100", "https://search.censys.io/hosts/15.157.72.236", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 20:03:05", "1571897", "3.12.151.112:2405", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:46:51", "100", "https://search.censys.io/hosts/3.12.151.112", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 20:03:03", "1571895", "1.15.25.105:8000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-08-21 15:43:02", "100", "https://search.censys.io/hosts/1.15.25.105", "AS45090,C2,censys,DcRAT,RAT,TENCENT-NET-AP", "0", "DonPasci" "2025-08-20 20:03:01", "1571894", "3.106.249.233:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-21 15:46:51", "100", "https://search.censys.io/hosts/3.106.249.233", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-08-20 20:02:59", "1571893", "187.201.97.119:2082", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-21 04:00:38", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-20 20:02:58", "1571890", "187.201.97.119:4242", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-21 04:00:37", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-20 20:02:58", "1571891", "187.201.97.119:2376", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-21 04:00:39", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-20 20:02:58", "1571892", "187.201.97.119:2077", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-21 04:00:37", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-20 20:02:53", "1571889", "45.61.136.195:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/45.61.136.195", "AS399629,BLNWX,C2,censys,RAT,Sectop", "0", "DonPasci" "2025-08-20 20:02:51", "1571888", "186.169.63.216:5020", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-21 15:45:45", "100", "https://search.censys.io/hosts/186.169.63.216", "AS3816,AsyncRAT,C2,censys,COLOMBIA,RAT", "0", "DonPasci" "2025-08-20 20:02:50", "1571887", "196.251.88.20:7077", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-21 15:46:08", "100", "https://search.censys.io/hosts/196.251.88.20", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-08-20 20:02:40", "1571886", "164.92.204.170:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:44:43", "100", "https://search.censys.io/hosts/164.92.204.170", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-08-20 20:02:39", "1571885", "154.58.204.90:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:44:22", "100", "https://search.censys.io/hosts/154.58.204.90", "AS214036,C2,censys,Sliver,ULTAHOST-AS", "0", "DonPasci" "2025-08-20 20:02:37", "1571884", "45.141.84.139:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2025-08-21 15:47:27", "100", "https://search.censys.io/hosts/45.141.84.139", "AS206728,C2,censys,MEDIALAND-AS,Pupy,RAT", "0", "DonPasci" "2025-08-20 20:02:35", "1571883", "91.92.109.169:3306", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 15:48:57", "100", "https://search.censys.io/hosts/91.92.109.169", "AS34224,C2,censys,NETERRA-AS,RAT,Remcos", "0", "DonPasci" "2025-08-20 20:02:34", "1571882", "124.198.131.205:1000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 15:43:44", "100", "https://search.censys.io/hosts/124.198.131.205", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2025-08-20 20:02:13", "1571881", "155.94.153.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 04:00:13", "100", "https://search.censys.io/hosts/155.94.153.203", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-08-20 20:02:00", "1571880", "94.154.35.197:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 20:02:21", "90", "None", "latrodectus", "0", "Rony" "2025-08-20 20:01:59", "1571878", "178.16.54.234:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 20:02:20", "90", "None", "latrodectus", "0", "Rony" "2025-08-20 20:01:59", "1571879", "178.16.55.210:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 20:02:20", "90", "None", "latrodectus", "0", "Rony" "2025-08-20 19:26:31", "1571875", "https://t.me/romalaba", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/85b278f922d4621a5e2cacf18e732d5a32b6c32aeafabefedad3e746c71794b4/", "lumma", "0", "abuse_ch" "2025-08-20 19:10:23", "1571873", "https://rtx.shipensburginvestmentgroup.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-21 09:10:25", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-20 19:10:23", "1571874", "rtx.shipensburginvestmentgroup.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-21 09:10:26", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-20 19:10:22", "1571872", "https://128.140.10.163", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-21 10:10:25", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-20 18:51:01", "1571871", "94.183.183.144:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:52:03", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-20 18:03:13", "1571870", "43.251.116.26:90", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250820-q1hx4stpy2", "AS62468,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-20 18:03:12", "1571868", "43.251.116.26:668", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250820-q1hx4stpy2", "AS62468,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-20 18:03:12", "1571869", "43.251.116.26:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250820-q1hx4stpy2", "AS62468,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-20 18:02:28", "1571865", "kb34vsd.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250820-vs3prshr31", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-20 18:02:28", "1571866", "ksj43ts.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250820-vs3prshr31", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-20 18:02:28", "1571867", "jskeywon.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250820-vs3prshr31", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-20 18:02:21", "1571864", "45.134.225.90:5656", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250820-tt68xahn41", "AS213438,C2,rat,remcos,triage", "0", "DonPasci" "2025-08-20 18:02:15", "1571861", "reply-suits.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-08-20 18:02:15", "100", "https://tria.ge/250820-tfelqshm3w", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-20 18:02:15", "1571862", "89.213.177.246:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250820-tdaj1at1dw", "AS58955,C2,triage,xworm", "0", "DonPasci" "2025-08-20 18:02:15", "1571863", "vxnishhisbacl-53480.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250820-svrn6sgr8w", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-20 18:01:04", "1571859", "jul5050quasae.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/268501cbc4704142a83673aab0b20dc7b8bf9221b70f0e7bbb42f072ed341e7a/", "quasar", "0", "abuse_ch" "2025-08-20 18:01:04", "1571860", "jul5050quasaf.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/268501cbc4704142a83673aab0b20dc7b8bf9221b70f0e7bbb42f072ed341e7a/", "quasar", "0", "abuse_ch" "2025-08-20 18:01:03", "1571856", "jul5050quasab.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/268501cbc4704142a83673aab0b20dc7b8bf9221b70f0e7bbb42f072ed341e7a/", "quasar", "0", "abuse_ch" "2025-08-20 18:01:03", "1571857", "jul5050quasac.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/268501cbc4704142a83673aab0b20dc7b8bf9221b70f0e7bbb42f072ed341e7a/", "quasar", "0", "abuse_ch" "2025-08-20 18:01:03", "1571858", "jul5050quasad.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/268501cbc4704142a83673aab0b20dc7b8bf9221b70f0e7bbb42f072ed341e7a/", "quasar", "0", "abuse_ch" "2025-08-20 18:01:02", "1571855", "jul5050quasa.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/268501cbc4704142a83673aab0b20dc7b8bf9221b70f0e7bbb42f072ed341e7a/", "quasar", "0", "abuse_ch" "2025-08-20 18:00:14", "1571854", "116.202.25.76:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2025-08-20 17:25:05", "1571853", "5.249.165.61:8797", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-08-20 16:50:13", "1571852", "http://cj74400.tw1.ru/87993873.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-20 16:40:59", "1571851", "147.185.221.31:5862", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 16:30:09", "1571849", "http://basradriving.org/thai/gate.php", "url", "botnet_cc", "win.pony", "Siplog,Fareit", "Pony", "", "100", "None", "Pony", "0", "abuse_ch" "2025-08-20 16:16:59", "1571848", "dfd1b59e6825391fb8ca57543e2b35fd", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:58", "1571847", "cf6b4824a833d49dc750f8361db73916310543fc225211efc147eb8b58c5c5c6", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:57", "1571846", "e25793373a5f80e86777e00879d22ffd2df0199f", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:56", "1571845", "acb29c97ebee5f59080292255f22b272", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:55", "1571844", "6621b9465a5a1ca10921c22b8a6403027eccea0c29f5fb72e8923886b7a8ae1c", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:53", "1571843", "ecbaf1bafe840fe217e91f94d63a09ae50b95bb4", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:50", "1571842", "27f6c5d50f3e16e88259a61f5b81f345", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:46", "1571841", "2f5561a0b8268a796b97b58d38421fd3d377e4b280825120f00fab3292e706b3", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:45", "1571840", "0b04c8f67e747a0200972328784721107824795a", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:43", "1571837", "33bc48636e242db9bf5efbaebb53ef64b5f10276", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:43", "1571838", "6aaa12302d88ebf9486d546f7c8c5ea0930ae6e5db2b70cbe0552dc3f57ee2e2", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:43", "1571839", "baf9949e853bc2a3479b10e6335e1bd2", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:42", "1571834", "8e848235ae7706b9276b3cb8e7a83430030cef17", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:42", "1571835", "db435e2a44fee3053b98a0111e4dbd4e312a213e6a31cb909ead13733921e05b", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:42", "1571836", "00a4c8a014786f525c9192bfbbf6e514", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:41", "1571831", "81a299a54ba003b307d84a220c697907bd960b54", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:41", "1571832", "f667c428b522dde24c5524da99fdf375e3fed0ca92977f0890eb72e21e2178fb", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:41", "1571833", "2af5068f57164b15ab2da10f956f243c", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:40", "1571828", "a98c63ecfaac224f1fa73bfd6081f9ed27426f66", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:40", "1571829", "099250469c23007b02b117b43e6a1b29d24944eebb4c12b0cdc553556d414ca8", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:40", "1571830", "8693d73ec0b1ba1619b74e8936842123", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:39", "1571825", "3a854191c03120d862714f6458910fa25c892c39", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:39", "1571826", "050f2713c672fef785c006ad7243e5ed913fa5a396cb2739f0ceaf1ddadadaa0", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:39", "1571827", "ada31b3b06c23a13f9e5d6f520b1b539", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:38", "1571822", "0658373859224551e7c83506cbab685b366c3c8b", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:38", "1571823", "2d02606c43b8a9be066c030f5d47833058357b216790ab05f5399eafb433d83b", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:38", "1571824", "3789c90b217dca894cebe98b93d4a714", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:37", "1571819", "a78767479c092ef7f4c08678c4db16f44d0ef973", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:37", "1571820", "49a3e94b5f1a0199ac0929428e4779451a3533e93f469cb1d832d44c590fe8ff", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:37", "1571821", "eb774e7c8fbc7976cbae2afc2a55f9ea", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:36", "1571816", "362fc953a06ee8c923b912543ad00a244f9f23cf", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:36", "1571817", "2dcb95ebe5144f45e045bc0e92ec983ab0ead6e7ae72950ea178de51760cd06e", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:36", "1571818", "3ce52c9fb07a095c7885e91f4924c0ea", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:35", "1571813", "5bca595c754e909ed45f3bcf5b5be94f01aab7da", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:35", "1571814", "bd48a0e2b6038130537b279be3e89a7b7d41ee315a8b04c0d9af572d6c16a950", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:35", "1571815", "a7e62ba3653962e5571bed11db6ac4f8", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:34", "1571810", "6af0ad6d7ed31a6420c5d9af1cda4ef4984182af", "sha1_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:34", "1571811", "287eed2ee591a0bfac6b817ebb5e9da770014fc645d0d1e1ecc523e96b1bb7c5", "sha256_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:34", "1571812", "6352f7e42c001ab0776afa150b942fbf", "md5_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:33", "1571807", "15350c3cde5c318bb9a4972aca9bc46cbbde0fac", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:33", "1571808", "cba5a4c3813bbce1dfd6591d94bdd59e773c33d06d4a534da0b3cb527f0a9f7b", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:33", "1571809", "53caeb10cf0f802ec7597cff67bc9a13", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:32", "1571804", "321fed7b3948ebd17f7c32c5cd7363add6269467", "sha1_hash", "payload", "win.purpleink", "None", "purpleink", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:32", "1571805", "87e1e8c1e29eef773344a54e0d6b518406822840b50f2866ce9c2128b767b37d", "sha256_hash", "payload", "win.purpleink", "None", "purpleink", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:32", "1571806", "5db9a032b31a74b6b64614424818899f", "md5_hash", "payload", "win.purpleink", "None", "purpleink", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:31", "1571801", "2b4fc28b2083396cd61ed0b46cb10f25b448dcbc", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:31", "1571802", "14e1e45700c823b5b6ee2d45bafb8a4c57a79cdd115199592894ed3b88b21fed", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:31", "1571803", "34876a9697f92cc1c159053d5a670e5d", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:30", "1571799", "3560c6f9c634f01045b6d421270e3984dab8b43c7b9a5af2a4f87903028b21e1", "sha256_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:30", "1571800", "0bfa29caf0bf03aa51021cf0060b3b41", "md5_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:29", "1571796", "8cc4684d5b4c41db041acab6550e5d8d110175b4da2dbe79da04b62cd21b410a", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:29", "1571797", "a72fbedc6515423321246d11c82db58e", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:29", "1571798", "b4068ce4aec98a1a0b41e4b2f5c6e5432dd498d6", "sha1_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:28", "1571794", "9ac6847453af1e7ae25c2356e17ee0df", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:28", "1571795", "784867a6c3a76e1947919914e166411208fd1e4d", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:27", "1571793", "0faf94a24b00a7dca3cb0e26b29b0c3f72f66e2f968d997ad45e74620efeb11b", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:26", "1571792", "4f1a7e7d55aa5c309f95fce6b5630c275a44d82d", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:25", "1571790", "48658b63dba7df9119b111b9d5d537f087162b7a8be03904dd6b76cfe39380df", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:25", "1571791", "fb5d864ea260cea1e75d825d88d4152b", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:24", "1571788", "9d1ee858be90e34a8e70bdb8ad2c5e5a", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:24", "1571789", "fc31f4cccbfef0873736337065e4a84d7c60dfc9", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:23", "1571784", "f244c0520231ec5a3fe6eff638cbbc80d778f4b33db88ab278634a7758e5c926", "sha256_hash", "payload", "win.havoc", "Havokiz", "Havoc", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:23", "1571785", "e0703500ff017c45a3364a473bce1bda", "md5_hash", "payload", "win.havoc", "Havokiz", "Havoc", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:23", "1571786", "d5f4c923e9d3d812edab4df85667f45b6c66f358", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:23", "1571787", "994065e0f91b950d6b8b8d5cc42817f22506323206740c570fa1db33746c4de1", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:22", "1571781", "dcc9538effe19a635714006044a83e9ab84b0355d28c07d819c44e879207b363", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:22", "1571782", "fb9376eaf838223e5361854cdb9485cd", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:22", "1571783", "3ab3a0ed91c407f32689c293df434a0a2368d6e2", "sha1_hash", "payload", "win.havoc", "Havokiz", "Havoc", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:21", "1571778", "af6376d7d5de38d0d7acf754db0d4c4f77ba49a48eb1cb4d240b16d3725d58dc", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:21", "1571779", "77bb7e58c81684e5b380ea7a15bb8f6a", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:21", "1571780", "efbec494052d095488616bb43f4f1c0c1274d13a", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:20", "1571776", "558a5b1e7d522106befa31207e0d4f68", "md5_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:20", "1571777", "cb17e0d7578e2b2ddfadb7c4c382e8c22c33e413", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:19", "1571774", "d2c2edefda995f779b57450468af67985d0c1ae1", "sha1_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:19", "1571775", "3c50eb2e3055d6cd28e128bf48ba711ff757089c0dee8b1bacd26f4470705174", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:18", "1571771", "c765ae734e9f46ec71d1353d6a5848e3169be005", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:18", "1571772", "2c7de71de889aafad05239bce7583f33677e527b1b12f30c313351fb8844af17", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:18", "1571773", "888f19d6a9aa7e7dbf0a0631a2846092", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:17", "1571769", "1a3a2be484d8f6e4a3458ef3c259f13497fc5c10062458c6b2c4373005a3d7fe", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:17", "1571770", "0ade37df44fc167eb53b80ef66bb02b9", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:15", "1571768", "1a50b1a8a3db87102adb18e36ca5fb0342b6df8e", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:14", "1571766", "353bb7ff551cc81d11dd41b3ac03084ab2ce72a86099a6010a9ac5d6a67cc5d0", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:14", "1571767", "90ae9ea4403cc0cf5c92af2d3d82c7e3", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:13", "1571763", "4c0999fd58331d7b3f971f3bfe4351b500d086eac555b81a5e7c7c41cb3eae8b", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:13", "1571764", "fc0bf0571f17febe7fa85a759e41fa56", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:13", "1571765", "c597515b70d6e9e0c9619b178e2d1d1dd103d23e", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:12", "1571761", "fc2fdd3092209746c6dd0a9cdbc946e1", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:12", "1571762", "bc307ff0a5c99c1b28190b0143050e65e422cd70", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:11", "1571760", "a622496b016b530214c3e577193e9d6343bd81407bd75162055bf92734e86608", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:10", "1571758", "7917b4df9d64d168cbd3028a54769872", "md5_hash", "payload", "win.plugx", "Destroy RAT,Kaba,Korplug,Sogu,TIGERPLUG,RedDelta", "PlugX", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:10", "1571759", "04bdd7f9e29d3535bf6174eecb3a3b308721edfc", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:09", "1571756", "0993f37c578a5a4eaf33e2e664263e91fdff0866", "sha1_hash", "payload", "win.plugx", "Destroy RAT,Kaba,Korplug,Sogu,TIGERPLUG,RedDelta", "PlugX", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:09", "1571757", "854c8a2bc48bced68b6c8d92fe3fadfc67df4f079af0a9714731c61bf3b684d6", "sha256_hash", "payload", "win.plugx", "Destroy RAT,Kaba,Korplug,Sogu,TIGERPLUG,RedDelta", "PlugX", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:08", "1571755", "2672f886b9c5cf4bfb39df3915a346ce", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:07", "1571752", "6f4151c124693d9dfd2092b7e01df0d4", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:07", "1571753", "4c188cfdec14047273503b4a08d9eaab5edf9a15", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:07", "1571754", "bd3cd8bf7dfdc80604a6f4dbbee83b31b82ae5082a8f45aa525732264280ea4f", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:06", "1571749", "fcb7009ab298bb4b59a28bc958b30a6d", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:06", "1571750", "11aad99764d62584e8252f0e2d05571be55f0a70", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:06", "1571751", "c1fcdbc77e5ab2ebfbf3bd0adc2d81bd64ed2dfdacccfea9783003cf950ac36b", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:05", "1571746", "fcfcbeb5322cc1f2cc3d8abbeac06814", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:05", "1571747", "8e37a8d5d2744df00d8aed6cc925df8334145292", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:05", "1571748", "e2c3e6311d29dfe4295934c27fcda900fefc80e8e0d211f95f879771c22f6c04", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:04", "1571744", "7792dd9bac3de22c2a026e055432af83a4e358f9", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:04", "1571745", "314d0fbf925c53f52ff40ff6936824d8db25e4e0c23134aa572aa1828faacedc", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:03", "1571741", "1825876dd9d7ab2b84ccb7b93554e964c64164d9", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:03", "1571742", "2837c7974b43c5836e0d123c4a9f29a337f28d57019ac6d98a6c99b6d0683322", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:03", "1571743", "9bf7a6fdb4e14147efae8a79767d6d86", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:02", "1571738", "d0c1ebe432ef412dd63f69c9adf27df827b31bac", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:02", "1571739", "bfd62493f02254967099a6e6ab922c0fbf00363659a030dc303cede7d2709295", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:02", "1571740", "1fd70a931d005b7b32c1df6107056762", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:01", "1571737", "fdb6f1e48ff8ec82a5d30d1aa2084078", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:16:00", "1571736", "ba9dfea27d075639e627720e191c5f0dbfc689f8ed55213a4179b7b7bb4658d2", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:56", "1571735", "cc62b7e2eb91656f42279317da20ff0ba3b7c4cf", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:53", "1571734", "fd45dd72e29bd2b4c0728fe4880f92ab", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:52", "1571731", "7c136e58cd9cbfa39193e4f60f019d3b", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:52", "1571732", "9f2ec5b04d9a3bf36f273b802d04fd41e0c35e7c", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:52", "1571733", "ae3b091dc9baa4497d5da784515c69539eeafd4d38bca1e42a3588fb8c56e47d", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:51", "1571729", "9c966164966fe79ac56b7b5142d4c2f97087146e", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:51", "1571730", "3bb5b7905d133153dadc408f2ed8075c6b3d11aa13ba52b3bd97704484655c3e", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:50", "1571726", "be7a91a756591f4dc5219a93a81b7efee4ecff7d", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:50", "1571727", "96024042d0dea1ab62db489fba07834dced65fe1e2d09b33ccdc41c388d11609", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:50", "1571728", "264209bff659d152dd59800888ef00c3", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:49", "1571725", "a9452a306bef9139dc7d80fb222f01e7", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:48", "1571723", "5e2cf680e3d84c4d64393c2488fa52a5fb286b60", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:48", "1571724", "75ebdbe16e4e04a657bb1a54f48b6951d1b0a191e79f27d2dbdbf2a4afe929c3", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:47", "1571721", "04651b5ea2f5abd76dfffd4630d54ca23bf2a3c30f53e4ccc213f0f669b7e834", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:47", "1571722", "cc36da35f070a8d624b1dee90fd38046", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:46", "1571718", "e12ee7f81b36119f286b0aef02de51905a17c14433a37439f089e07baf3044ce", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:46", "1571719", "5f85b9eca6c9f0ddea551d99fa9dbc8d", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:46", "1571720", "ae5e74a6edac95b1249a53d7508a9d5bce89175d", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:45", "1571716", "2ec65ea39e10130c9ef1b4959cd8c1b6", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:45", "1571717", "68ab64797e2fefd564b145c24fab5b2561eaa352", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:44", "1571714", "8c68a27f38496c91143e4a684c9d790c3d645331", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:44", "1571715", "8441f8b903c676d468bb0b0c07d699cb98df153cc50b4ac566e7ab95293cd2db", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:43", "1571713", "f2642117458898700b711c42223cbf1f", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:42", "1571712", "e15886e3c6af9edae546b18f8cce879de2773538cebd598748af924db890da40", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:15:41", "1571711", "a21f48affc8d0c9e4bb028bce03a35cb5987e5d7", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-08-20 16:03:05", "1571710", "688c674cf3f6d.xvest6.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 04:00:59", "100", "https://search.censys.io/hosts/176.9.1.152+688c674cf3f6d.xvest6.ru", "AS24940,C2,censys,HETZNER-AS,panel,Unam", "0", "DonPasci" "2025-08-20 16:02:55", "1571709", "18.182.173.57:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2025-08-21 15:45:17", "100", "https://search.censys.io/hosts/18.182.173.57", "AMAZON-02,AS16509,BRC4,C2,censys", "0", "DonPasci" "2025-08-20 16:02:54", "1571708", "15.160.140.165:2000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:44:16", "100", "https://search.censys.io/hosts/15.160.140.165", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 16:02:53", "1571707", "15.160.140.165:5900", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:44:16", "100", "https://search.censys.io/hosts/15.160.140.165", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 16:02:51", "1571706", "171.250.184.154:5000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-08-21 04:00:44", "100", "https://search.censys.io/hosts/171.250.184.154", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci" "2025-08-20 16:02:50", "1571705", "171.250.184.154:6000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-08-21 04:00:44", "100", "https://search.censys.io/hosts/171.250.184.154", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci" "2025-08-20 16:02:47", "1571704", "18.253.70.97:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 15:45:20", "100", "https://search.censys.io/hosts/18.253.70.97", "AS8987,AWS-GOVCLOUD,C2,censys,Mythic", "0", "DonPasci" "2025-08-20 16:02:43", "1571703", "91.199.163.124:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/91.199.163.124", "AS-ALVIVA,AS209272,C2,censys,RAT,Sectop", "0", "DonPasci" "2025-08-20 16:02:41", "1571702", "38.12.25.254:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 04:00:27", "100", "https://search.censys.io/hosts/38.12.25.254", "AROSS-AS,AS400619,C2,censys,Supershell", "0", "DonPasci" "2025-08-20 16:02:31", "1571701", "69.57.161.54:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:48:24", "100", "https://search.censys.io/hosts/69.57.161.54", "AS22612,C2,censys,NAMECHEAP-NET,Sliver", "0", "DonPasci" "2025-08-20 16:02:12", "1571700", "178.16.55.53:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:41", "100", "https://search.censys.io/hosts/178.16.55.53", "C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-08-20 16:02:11", "1571699", "43.136.23.88:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:51:07", "100", "https://search.censys.io/hosts/43.136.23.88", "AS45090,C2,censys,CobaltStrike,cs-watermark-100000,TENCENT-NET-AP", "0", "DonPasci" "2025-08-20 16:01:59", "1571696", "178.16.54.218:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 16:02:17", "90", "None", "latrodectus", "0", "Rony" "2025-08-20 16:01:59", "1571697", "178.16.55.243:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 16:02:17", "90", "None", "latrodectus", "0", "Rony" "2025-08-20 16:01:59", "1571698", "178.16.54.235:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 16:02:18", "90", "None", "latrodectus", "0", "Rony" "2025-08-20 15:10:29", "1571695", "147.185.221.31:16174", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 15:02:09", "1571689", "http://89.213.174.77/s.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-20 15:02:08", "1571690", "stellob.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "None", "0", "pitachu" "2025-08-20 15:00:46", "1571694", "18.192.31.30:15466", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 15:00:45", "1571693", "3.74.27.83:15466", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 15:00:43", "1571692", "52.57.120.10:15466", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 15:00:39", "1571691", "3.71.225.231:15466", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 13:50:56", "1571688", "https://darkhbt.top/qiqw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/bd3cd8bf7dfdc80604a6f4dbbee83b31b82ae5082a8f45aa525732264280ea4f/", "lumma", "0", "abuse_ch" "2025-08-20 13:43:22", "1571684", "198.100.150.33:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "https://app.any.run/tasks/6217b14b-cae3-4355-bfc3-2ae4cdc5e991", "None", "0", "pitachu" "2025-08-20 13:43:22", "1571686", "116.202.183.85:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "None", "0", "pitachu" "2025-08-20 13:43:21", "1571685", "213.209.150.113:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "https://app.any.run/tasks/6217b14b-cae3-4355-bfc3-2ae4cdc5e991", "None", "0", "pitachu" "2025-08-20 13:43:20", "1571687", "sodipuc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-08-20 13:14:16", "1571680", "bradtae.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2025-08-21 08:11:49", "100", "https://infosec.exchange/@monitorsg/115061260245537096", "KongTuke", "0", "monitorsg" "2025-08-20 13:14:15", "1571679", "https://bradtae.com/5tr4r.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115061260245537096", "KongTuke", "0", "monitorsg" "2025-08-20 13:14:14", "1571681", "https://bradtae.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115061260245537096", "KongTuke", "0", "monitorsg" "2025-08-20 13:12:31", "1571682", "103.68.109.208:1630", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://tria.ge/250820-n4zc6aep9y", "AS136557,c2,HOST-AS-AP,Rhadamanthys,stealer,triage", "0", "DonPasci" "2025-08-20 13:11:26", "1571678", "https://103.68.109.208:1630/aeca1ecf5a1fa55/lqpxpr0i.rd4us", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://tria.ge/250820-m7y15assey", "AS136557,C2,HOST-AS-AP,rhadamanthys,stealer,triage", "0", "DonPasci" "2025-08-20 13:09:00", "1571677", "5.188.166.78:1912", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://tria.ge/250820-ppnhsafj61", "AS56694,C2,RedLine,RedlineStealer,SMARTAPE,stealer,triage", "0", "DonPasci" "2025-08-20 13:08:42", "1571676", "introduction-hello.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250820-n9td4atkt4", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-20 13:08:36", "1571675", "newthingsforagirltolovebestpersoninthewo.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250820-p4bsjasyht", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-08-20 12:50:59", "1571674", "160.30.231.250:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:36", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-20 12:49:26", "1571673", "demo-ztxhfeoqql.cn-hangzhou.fcapp.run", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:49:16", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-20 12:49:23", "1571672", "bbrwyckeadd5e.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:49:13", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-20 12:42:52", "1571667", "92.113.146.56:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS44803,bqtlock,Webdock.io ApS", "0", "antiphishorg" "2025-08-20 12:40:39", "1571671", "147.185.221.31:14210", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 12:36:17", "1571670", "https://t.me/dsawerqdscvr", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/49a3e94b5f1a0199ac0929428e4779451a3533e93f469cb1d832d44c590fe8ff/", "lumma", "0", "abuse_ch" "2025-08-20 12:35:47", "1571669", "https://kalioso.top/woxe", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/49a3e94b5f1a0199ac0929428e4779451a3533e93f469cb1d832d44c590fe8ff/", "lumma", "0", "abuse_ch" "2025-08-20 12:31:24", "1571668", "https://t.me/lumclan", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/099250469c23007b02b117b43e6a1b29d24944eebb4c12b0cdc553556d414ca8/", "lumma", "0", "abuse_ch" "2025-08-20 12:26:18", "1571666", "13.49.57.111:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/4067fef3b33decef1a6a72fd9c8b191c81e5e999abdb6281bbdba41626f11638/", "xworm", "0", "abuse_ch" "2025-08-20 12:10:26", "1571664", "https://upload.shipensburginvestmentgroup.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-20 18:10:42", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-20 12:10:26", "1571665", "upload.shipensburginvestmentgroup.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-20 18:10:42", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-20 12:03:10", "1571663", "103.86.44.17:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250820-jb97qscm8z", "AS138195,C2,MOACKCOLTD-AS-AP,rat,triage,valleyrat", "0", "DonPasci" "2025-08-20 12:02:55", "1571660", "99.79.78.100:6513", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:49:08", "100", "https://search.censys.io/hosts/99.79.78.100", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 12:02:55", "1571661", "44.252.84.108:2095", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:47:24", "100", "https://search.censys.io/hosts/44.252.84.108", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 12:02:55", "1571662", "44.252.84.108:18245", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:47:24", "100", "https://search.censys.io/hosts/44.252.84.108", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 12:02:54", "1571659", "31.56.39.138:443", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-08-21 04:00:46", "100", "https://search.censys.io/hosts/31.56.39.138", "AS215703,C2,censys,DcRAT,FREAKHOSTING,RAT", "0", "DonPasci" "2025-08-20 12:02:52", "1571658", "171.250.184.154:8000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-08-21 04:00:44", "100", "https://search.censys.io/hosts/171.250.184.154", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci" "2025-08-20 12:02:50", "1571657", "91.108.243.57:8443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-21 04:00:35", "100", "https://search.censys.io/hosts/91.108.243.57", "AS214172,C2,censys,PURESERVERS,Quasar,RAT", "0", "DonPasci" "2025-08-20 12:02:43", "1571656", "116.108.103.88:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-21 15:43:34", "100", "https://search.censys.io/hosts/116.108.103.88", "AS24086,AsyncRAT,C2,censys,RAT,VIETTEL-AS-VN", "0", "DonPasci" "2025-08-20 12:02:33", "1571655", "194.26.192.129:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:45:57", "100", "https://search.censys.io/hosts/194.26.192.129", "AS210558,C2,censys,SERVICES-1337-GMBH,Sliver", "0", "DonPasci" "2025-08-20 12:02:31", "1571654", "45.141.84.27:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2025-08-21 15:47:27", "100", "https://search.censys.io/hosts/45.141.84.27", "AS206728,C2,censys,MEDIALAND-AS,Pupy,RAT", "0", "DonPasci" "2025-08-20 12:02:29", "1571653", "124.198.132.82:8000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 15:43:46", "100", "https://search.censys.io/hosts/124.198.132.82", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2025-08-20 12:02:28", "1571652", "204.10.160.141:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 15:46:25", "100", "https://search.censys.io/hosts/204.10.160.141", "AS64236,C2,censys,RAT,Remcos,UNREAL-SERVERS", "0", "DonPasci" "2025-08-20 12:02:27", "1571651", "kalelsianox.twilightparadox.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250820-m3zrvsssbv", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-20 12:02:21", "1571650", "klm25.zapto.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250820-mvtwmssny4", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-08-20 12:02:17", "1571648", "178.16.54.217:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 12:02:25", "100", "https://search.censys.io/hosts/178.16.54.217", "C2,censys,Latrodectus", "0", "DonPasci" "2025-08-20 12:02:17", "1571649", "178.16.55.195:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 12:02:25", "100", "https://search.censys.io/hosts/178.16.55.195", "C2,censys,Latrodectus", "0", "DonPasci" "2025-08-20 12:02:15", "1571645", "100.112.197.122:8080", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250820-l5dfzasmv7", "C2,triage,xworm", "0", "DonPasci" "2025-08-20 12:02:15", "1571646", "100.110.134.37:8080", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250820-l4qpxasmt7", "C2,triage,xworm", "0", "DonPasci" "2025-08-20 12:02:15", "1571647", "msi.tail65a1e3.ts.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250820-j64cnscq8s", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-20 12:02:14", "1571644", "airport-lottery.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250820-nxvrdssvev", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-20 12:02:12", "1571643", "206.119.173.107:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 04:00:13", "100", "https://search.censys.io/hosts/206.119.173.107", "AS133199,C2,censys,CobaltStrike,cs-watermark-666666666,SONDERCLOUDLIMITED-AS-AP", "0", "DonPasci" "2025-08-20 12:02:10", "1571642", "39.96.219.189:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 04:00:15", "100", "https://search.censys.io/hosts/39.96.219.189", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-08-20 12:02:09", "1571641", "47.108.198.70:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 05:43:50", "100", "https://search.censys.io/hosts/47.108.198.70", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-20 12:00:36", "1571640", "147.185.221.31:15788", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 11:40:22", "1571639", "147.185.221.28:56993", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 11:18:51", "1571637", "billing.roofnrack.us", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "75", "", "drb-ra,SocGholish", "0", "drb_ra" "2025-08-20 11:18:51", "1571638", "cp.envisionfonddulac.biz", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "75", "", "drb-ra,SocGholish", "0", "drb_ra" "2025-08-20 10:54:26", "1571636", "https://filebase.pages.dev/ssym0ukul7.exe", "url", "payload_delivery", "win.stealc", "None", "Stealc", "", "100", "", "Malware,StealC", "0", "Chamindu_X" "2025-08-20 09:06:03", "1571635", "107.150.0.150:27362", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/2af452692d3b63287d9214f6fed23b139df8ede4d495f5cd6fe61de3d21232ed/", "remcos", "0", "abuse_ch" "2025-08-20 08:55:50", "1571634", "http://221.132.29.137:4433/fCAs", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/317f057e1d593b35eb9a63319e9cb210911f070f8d0ce97ec5944fe5ea602788/", "cobaltstrike", "0", "abuse_ch" "2025-08-20 08:55:49", "1571633", "http://221.132.29.137:4433/6oGq", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/3a6f9d75c3839518896cddafd638c70feb82a84eacb4227094081d6ad0e2c35e/", "cobaltstrike", "0", "abuse_ch" "2025-08-20 08:46:35", "1571632", "20.206.138.78:3000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:46:14", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-08-20 08:44:11", "1571630", "139.84.214.159:60000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:44:03", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-08-20 08:44:11", "1571631", "139.84.214.159:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:44:03", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-08-20 08:43:33", "1571597", "canadianpizza.me", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-08-20 08:43:33", "1571600", "theguardshield.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-08-20 08:43:32", "1571601", "cyberguardex.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-08-20 08:15:57", "1571629", "3.137.60.53:18452", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 08:03:02", "1571626", "3.101.63.178:83", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:46:50", "100", "https://search.censys.io/hosts/3.101.63.178", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 08:03:02", "1571627", "3.101.63.178:36683", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:46:50", "100", "https://search.censys.io/hosts/3.101.63.178", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 08:02:58", "1571625", "171.250.184.154:6001", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-08-21 04:00:44", "100", "https://search.censys.io/hosts/171.250.184.154", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci" "2025-08-20 08:02:57", "1571624", "ac-backend.sarkhsolution.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-21 04:00:41", "100", "https://search.censys.io/hosts/157.245.54.105+ac-backend.sarkhsolution.com", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-08-20 08:02:53", "1571621", "115.144.211.186:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 15:43:33", "100", "https://search.censys.io/hosts/115.144.211.186", "AS4766,C2,censys,KIXS-AS-KR,Mythic", "0", "DonPasci" "2025-08-20 08:02:53", "1571622", "45.76.254.251:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 15:47:34", "100", "https://search.censys.io/hosts/45.76.254.251", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci" "2025-08-20 08:02:53", "1571623", "69.197.134.139:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 04:00:32", "100", "https://search.censys.io/hosts/69.197.134.139", "AS32097,C2,censys,Mythic,WII", "0", "DonPasci" "2025-08-20 08:02:52", "1571620", "77.14.44.190:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 15:48:29", "100", "https://search.censys.io/hosts/77.14.44.190", "AS6805,C2,censys,Mythic,TDDE-ASN1", "0", "DonPasci" "2025-08-20 08:02:49", "1571619", "45.89.110.114:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/45.89.110.114", "AS44477,C2,censys,RAT,Sectop,THE-HOSTING", "0", "DonPasci" "2025-08-20 08:02:47", "1571618", "185.208.159.71:305", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-21 15:45:38", "100", "https://search.censys.io/hosts/185.208.159.71", "AS42624,AsyncRAT,C2,censys,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-08-20 08:02:37", "1571617", "35.94.232.47:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/35.94.232.47", "AMAZON-02,AS16509,C2,censys,open-dir,payload,Sliver", "0", "DonPasci" "2025-08-20 08:02:34", "1571616", "103.215.216.166:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "2025-08-21 15:43:12", "100", "https://search.censys.io/hosts/103.215.216.166", "AS202422,C2,censys,GHOST,Pupy,RAT", "0", "DonPasci" "2025-08-20 08:02:29", "1571614", "143.92.37.138:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-21 04:00:19", "100", "https://search.censys.io/hosts/143.92.37.138", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Gh0st,RAT", "0", "DonPasci" "2025-08-20 08:02:29", "1571615", "143.92.37.139:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-21 04:00:20", "100", "https://search.censys.io/hosts/143.92.37.139", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Gh0st,RAT", "0", "DonPasci" "2025-08-20 08:02:17", "1571609", "64.188.91.206:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 08:02:20", "90", "None", "latrodectus", "0", "Rony" "2025-08-20 08:02:17", "1571610", "64.188.91.194:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 08:02:19", "90", "None", "latrodectus", "0", "Rony" "2025-08-20 08:02:17", "1571611", "178.16.55.223:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 08:02:19", "90", "None", "latrodectus", "0", "Rony" "2025-08-20 08:02:17", "1571612", "64.188.91.184:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 08:02:20", "90", "None", "latrodectus", "0", "Rony" "2025-08-20 08:02:17", "1571613", "178.16.55.182:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-20 08:02:19", "90", "None", "latrodectus", "0", "Rony" "2025-08-20 08:02:12", "1571607", "178.16.55.53:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:41", "100", "https://search.censys.io/hosts/178.16.55.53", "C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-08-20 08:02:12", "1571608", "45.143.11.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:51:18", "100", "https://search.censys.io/hosts/45.143.11.34", "AS25693,C2,censys,CobaltStrike,cs-watermark-666666666,VIRMACH", "0", "DonPasci" "2025-08-20 08:02:10", "1571605", "156.238.243.22:8090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:34", "100", "https://search.censys.io/hosts/156.238.243.22", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-100000", "0", "DonPasci" "2025-08-20 08:02:10", "1571606", "154.201.82.150:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:31", "100", "https://search.censys.io/hosts/154.201.82.150", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-100000", "0", "DonPasci" "2025-08-20 08:02:09", "1571604", "35.230.30.248:2083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:56", "100", "https://search.censys.io/hosts/35.230.30.248", "AS396982,C2,censys,CobaltStrike,cs-watermark-100000,GOOGLE-CLOUD-PLATFORM", "0", "DonPasci" "2025-08-20 08:02:08", "1571603", "47.111.97.207:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:51:28", "100", "https://search.censys.io/hosts/47.111.97.207", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-20 08:02:07", "1571602", "47.120.17.218:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 04:00:14", "100", "https://search.censys.io/hosts/47.120.17.218", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-20 07:30:20", "1571599", "103.86.44.17:377", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-08-20 07:30:17", "1571598", "103.86.44.17:266", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-08-20 07:25:11", "1571596", "http://cj22621.tw1.ru/fcdd7c92.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-20 06:16:53", "1571592", "http://sophos-upd-srv.info:4443/api/v1/update/result", "url", "botnet_cc", "win.morpheus", "None", "Morpheus Loader ", "", "100", "https://bazaar.abuse.ch/sample/6e1b152e34c76fab5414c4210a28bb5ca47b2155e6205e58e7df78ee9de6cb64/", "MorpheusLoader", "0", "abuse_ch" "2025-08-20 06:16:53", "1571593", "http://sophos-upd-srv.info:4443/api/v1/commands", "url", "botnet_cc", "win.morpheus", "None", "Morpheus Loader ", "", "100", "https://bazaar.abuse.ch/sample/6e1b152e34c76fab5414c4210a28bb5ca47b2155e6205e58e7df78ee9de6cb64/", "MorpheusLoader", "0", "abuse_ch" "2025-08-20 06:16:53", "1571594", "http://sophos-upd-srv.info:4443/api/v1/heartbeat", "url", "botnet_cc", "win.morpheus", "None", "Morpheus Loader ", "", "100", "https://bazaar.abuse.ch/sample/6e1b152e34c76fab5414c4210a28bb5ca47b2155e6205e58e7df78ee9de6cb64/", "MorpheusLoader", "0", "abuse_ch" "2025-08-20 06:16:53", "1571595", "http://sophos-upd-srv.info:4443/api/v1/info", "url", "botnet_cc", "win.morpheus", "None", "Morpheus Loader ", "", "100", "https://bazaar.abuse.ch/sample/6e1b152e34c76fab5414c4210a28bb5ca47b2155e6205e58e7df78ee9de6cb64/", "MorpheusLoader", "0", "abuse_ch" "2025-08-20 06:16:10", "1571577", "ship-be.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-20 06:02:32", "100", "https://tria.ge/250820-f9pf5sbn8s", "None", "0", "burger" "2025-08-20 06:16:06", "1571591", "185.117.91.141:4443", "ip:port", "botnet_cc", "win.morpheus", "None", "Morpheus Loader ", "", "75", "https://bazaar.abuse.ch/sample/6e1b152e34c76fab5414c4210a28bb5ca47b2155e6205e58e7df78ee9de6cb64/", "MorpheusLoader", "0", "abuse_ch" "2025-08-20 06:15:35", "1571590", "sophos-upd-srv.info", "domain", "botnet_cc", "win.morpheus", "None", "Morpheus Loader ", "", "100", "https://bazaar.abuse.ch/sample/6e1b152e34c76fab5414c4210a28bb5ca47b2155e6205e58e7df78ee9de6cb64/", "MorhpeusLoader", "0", "abuse_ch" "2025-08-20 06:10:25", "1571589", "46.246.82.18:7050", "ip:port", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "None", "Vjw0rm", "0", "abuse_ch" "2025-08-20 06:10:09", "1571588", "http://mohamed88.work.gd:7050/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-08-20 06:03:35", "1571586", "knoeyyrt.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250820-e81x4szqs8", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2025-08-20 06:03:35", "1571587", "run0.cc", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250820-fklzqazqx7", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2025-08-20 06:02:32", "1571585", "146.70.245.74:25312", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250820-da27vaan3x", "AS9009,C2,M247,quasar,rat,triage", "0", "DonPasci" "2025-08-20 06:02:26", "1571584", "soxsox1.twilightparadox.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250820-fyxy5sbn4t", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-20 06:02:12", "1571581", "studentessaywriting.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250820-cpz6csal8x", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-20 06:02:12", "1571582", "rule-passport.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250820-ctzqdsam2s", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-20 06:02:12", "1571583", "now-sight.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250820-bqys9aaj61", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-20 06:02:11", "1571580", "stop-butterfly.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250820-d4hqasar4w", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-20 06:00:29", "1571579", "79.110.49.180:8765", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 05:45:07", "1571578", "18.190.63.84:19273", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2025-08-20 05:22:52", "1571575", "154.3.32.143:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:32", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-08-20 05:22:52", "1571576", "103.146.124.177:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 05:43:49", "100", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2025-08-20 05:22:51", "1571574", "121.4.24.78:8123", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890", "0", "abuse_ch" "2025-08-20 05:22:50", "1571573", "103.178.57.150:88", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2025-08-20 05:22:49", "1571572", "110.42.47.55:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-08-20 05:20:43", "1571571", "162.251.95.76:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-20 05:22:16", "100", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2025-08-20 05:20:42", "1571570", "47.112.31.239:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-20 05:22:16", "100", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2025-08-20 05:20:38", "1571569", "156.238.243.55:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:34", "100", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2025-08-20 05:17:21", "1571492", "lopersab.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-19 23:29:13", "75", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-08-20 05:17:20", "1571487", "miscorof.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-08-20 05:16:55", "1571493", "picarrs.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-08-20 05:16:53", "1571488", "https://myevmanual.com/d.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bsky.app/profile/andychaobal.bsky.social/post/3lwrxzzjnws2n", "ClickFix,SmartApeSG", "0", "iceberg" "2025-08-20 05:16:53", "1571491", "thelinedesigns.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-08-20 05:16:52", "1571489", "https://woop-bicks.com/ajax/pixi.min.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bsky.app/profile/andychaobal.bsky.social/post/3lwrxzzjnws2n", "ClickFix,SmartApeSG", "0", "iceberg" "2025-08-20 05:16:51", "1571490", "https://ame-9.com/res/climbfragile", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bsky.app/profile/andychaobal.bsky.social/post/3lwrxzzjnws2n", "ClickFix,SmartApeSG", "0", "iceberg" "2025-08-20 05:16:37", "1571353", "http://tie-cent-orleans-arrival.trycloudflare.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bsky.app/profile/andychaobal.bsky.social/post/3lwrpekm3f22w", "ClickFix,KongTuke,LandUpdate808", "0", "iceberg" "2025-08-20 05:16:35", "1571359", "31.128.158.49:4564", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "https://threatquery.com/engines/ip.html?value=31.128.158.49&type=ip", "AS51032,c2,NjRAT,threatquery", "0", "threatquery" "2025-08-20 04:50:19", "1571568", "172.94.95.227:57843", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 04:40:14", "1571567", "3.141.177.1:14498", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2025-08-20 04:35:06", "1571566", "3.141.210.37:14498", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2025-08-20 04:03:11", "1571562", "176.65.149.18:1337", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/176.65.149.18", "31mRemastered,AS51396,C2,censys,Gafgyt,PFCLOUD", "0", "DonPasci" "2025-08-20 04:03:07", "1571561", "117.72.168.103:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/117.72.168.103", "AS141679,c2,c2-redirector,censys,CHINATELECOM-IDC-BTHBD-AP,RedGuard", "0", "DonPasci" "2025-08-20 04:02:52", "1571560", "3.101.63.178:833", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:46:50", "100", "https://search.censys.io/hosts/3.101.63.178", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 04:02:51", "1571557", "13.60.200.7:10261", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:43:55", "100", "https://search.censys.io/hosts/13.60.200.7", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 04:02:51", "1571558", "43.198.102.222:102", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:47:20", "100", "https://search.censys.io/hosts/43.198.102.222", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 04:02:51", "1571559", "40.192.15.48:44818", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:47:16", "100", "https://search.censys.io/hosts/40.192.15.48", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-20 04:02:48", "1571556", "148.251.90.146:50007", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/148.251.90.146", "AS24940,C2,censys,HETZNER-AS,RAT,Venom", "0", "DonPasci" "2025-08-20 04:02:38", "1571555", "95.179.254.241:443", "ip:port", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "", "90", "https://search.censys.io/hosts/95.179.254.241", "AS-VULTR,AS20473,C2,censys,RAT,ShadowPad", "0", "DonPasci" "2025-08-20 04:01:20", "1571554", "20.203.41.94:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/20.203.41.94", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:19", "1571553", "4.201.122.3:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/4.201.122.3", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:18", "1571551", "168.232.167.5:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/168.232.167.5", "AS52368,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:18", "1571552", "103.30.40.248:8088", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.30.40.248", "AS55933,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:17", "1571549", "165.227.209.124:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/165.227.209.124", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:17", "1571550", "47.237.8.225:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.237.8.225", "AS45102,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:16", "1571546", "203.163.253.61:9443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.163.253.61", "AS17488,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:16", "1571547", "123.56.201.79:81", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/123.56.201.79", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:16", "1571548", "103.235.75.112:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.235.75.112", "AS135444,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:15", "1571544", "34.110.171.37:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.110.171.37", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:15", "1571545", "34.159.52.121:3389", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.159.52.121", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:14", "1571542", "18.224.232.228:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.224.232.228", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:14", "1571543", "8.152.201.2:55533", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.152.201.2", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:13", "1571540", "13.234.132.82:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.234.132.82", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:13", "1571541", "149.104.24.124:3321", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/149.104.24.124", "AS139659,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-20 04:01:05", "1571538", "8.152.98.193:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.152.98.193", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-08-20 04:01:05", "1571539", "8.152.161.242:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.152.161.242", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-08-20 04:01:04", "1571536", "8.141.0.63:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.141.0.63", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-08-20 04:01:04", "1571537", "59.110.18.85:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/59.110.18.85", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-08-20 04:01:03", "1571535", "206.237.9.220:1006", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/206.237.9.220", "AS55933,censys,Viper", "0", "dyingbreeds_" "2025-08-20 04:00:53", "1571534", "144.172.100.103:443", "ip:port", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://search.censys.io/hosts/144.172.100.103", "AS14956,C2,censys,ROUTERHOSTING,Stealer", "0", "dyingbreeds_" "2025-08-20 04:00:44", "1571533", "135.181.41.9:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-21 15:43:57", "100", "https://search.censys.io/hosts/135.181.41.9", "AS24940,C2,censys,HETZNER-AS", "0", "dyingbreeds_" "2025-08-20 04:00:38", "1571532", "103.90.72.194:2053", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-20 04:02:46", "100", "https://search.censys.io/hosts/103.90.72.194", "AS216154,C2,censys,CLODO,RAT", "0", "dyingbreeds_" "2025-08-20 04:00:35", "1571531", "69.62.80.235:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-08-20 04:02:45", "100", "https://search.censys.io/hosts/69.62.80.235", "AS-HOSTINGER,AS47583,C2,censys,Hookbot", "0", "dyingbreeds_" "2025-08-20 04:00:19", "1571530", "143.92.37.143:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-20 04:02:24", "75", "https://search.censys.io/hosts/143.92.37.143", "AS152194,C2,censys,RAT", "0", "dyingbreeds_" "2025-08-20 04:00:15", "1571529", "121.36.249.122:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-20 04:02:08", "100", "https://search.censys.io/hosts/121.36.249.122", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-08-20 04:00:13", "1571528", "154.198.162.55:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:30", "100", "https://search.censys.io/hosts/154.198.162.55", "AS142002,C2,censys", "0", "dyingbreeds_" "2025-08-20 04:00:11", "1571527", "118.71.116.31:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:08", "100", "https://search.censys.io/hosts/118.71.116.31", "AS18403,C2,censys", "0", "dyingbreeds_" "2025-08-20 04:00:10", "1571526", "35.230.30.248:2053", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:56", "100", "https://search.censys.io/hosts/35.230.30.248", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM", "0", "dyingbreeds_" "2025-08-20 04:00:09", "1571525", "103.146.124.177:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:49:44", "100", "https://search.censys.io/hosts/103.146.124.177", "AS141159,C2,censys", "0", "dyingbreeds_" "2025-08-20 04:00:08", "1571523", "znaiweb.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.121.136.179+znaiweb.com", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-08-20 04:00:08", "1571524", "www.dirigarmenttech.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.121.136.179+www.dirigarmenttech.com", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-08-20 04:00:07", "1571522", "msxzvip.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-20 04:00:08", "100", "https://search.censys.io/hosts/154.201.84.67+msxzvip.top", "AS401696,C2,censys,COGNETCLOUD", "0", "dyingbreeds_" "2025-08-20 02:50:36", "1571521", "210.16.181.38:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:51", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-20 02:20:28", "1571520", "147.185.221.31:5929", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 01:40:11", "1571519", "46.246.82.18:7044", "ip:port", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "None", "Vjw0rm", "0", "abuse_ch" "2025-08-20 01:40:03", "1571518", "46.246.82.18:2703", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-08-20 01:20:14", "1571517", "147.185.221.30:49118", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-20 00:03:05", "1571514", "164.92.178.59:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 15:44:42", "100", "https://search.censys.io/hosts/164.92.178.59", "AS14061,censys,DIGITALOCEAN-ASN,EvilGoPhish,panel,Phishing", "0", "DonPasci" "2025-08-20 00:03:02", "1571512", "rootyar.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-20 04:01:06", "100", "https://search.censys.io/hosts/185.161.209.117+rootyar.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-08-20 00:03:02", "1571513", "auth.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-20 04:01:06", "100", "https://search.censys.io/hosts/185.161.209.117+auth.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-08-20 00:02:52", "1571511", "13.115.109.98:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2025-08-21 15:43:49", "100", "https://search.censys.io/hosts/13.115.109.98", "AMAZON-02,AS16509,BRC4,C2,censys", "0", "DonPasci" "2025-08-20 00:02:48", "1571510", "34.203.198.198:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-21 15:47:00", "100", "https://search.censys.io/hosts/34.203.198.198", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci" "2025-08-20 00:02:47", "1571508", "ec2-75-101-210-201.compute-1.amazonaws.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-20 04:00:43", "100", "https://search.censys.io/hosts/75.101.210.201+ec2-75-101-210-201.compute-1.amazonaws.com", "AMAZON-AES,AS14618,C2,censys,Havoc", "0", "DonPasci" "2025-08-20 00:02:47", "1571509", "www.shwepaukkan.org", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-20 04:00:42", "100", "https://search.censys.io/hosts/157.245.54.105+www.shwepaukkan.org", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-08-20 00:02:45", "1571506", "187.201.97.119:1098", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-20 04:00:39", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-20 00:02:45", "1571507", "187.201.97.119:2053", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-20 04:00:39", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-20 00:02:44", "1571505", "187.201.97.119:1961", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-20 04:00:40", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-20 00:02:43", "1571503", "20.42.107.78:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-20 04:00:34", "100", "https://search.censys.io/hosts/20.42.107.78", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Mythic", "0", "DonPasci" "2025-08-20 00:02:43", "1571504", "109.122.197.147:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-08-20 04:00:36", "100", "https://search.censys.io/hosts/109.122.197.147", "AS213887,C2,censys,Hookbot,WAICORE-LTD", "0", "DonPasci" "2025-08-20 00:02:42", "1571502", "95.112.103.2:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 15:49:05", "100", "https://search.censys.io/hosts/95.112.103.2", "AS6805,C2,censys,Mythic,TDDE-ASN1", "0", "DonPasci" "2025-08-20 00:02:37", "1571501", "185.196.10.204:5002", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-21 15:45:34", "100", "https://search.censys.io/hosts/185.196.10.204", "AS42624,AsyncRAT,C2,censys,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-08-20 00:02:36", "1571500", "124.220.19.20:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-20 04:00:26", "100", "https://search.censys.io/hosts/124.220.19.20", "AS45090,C2,censys,Supershell,TENCENT-NET-AP", "0", "DonPasci" "2025-08-20 00:02:24", "1571498", "193.26.115.209:1024", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 15:45:55", "100", "https://search.censys.io/hosts/193.26.115.209", "AS23470,C2,censys,RAT,RELIABLESITE,Remcos", "0", "DonPasci" "2025-08-20 00:02:24", "1571499", "213.190.4.203:51269", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 15:46:36", "100", "https://search.censys.io/hosts/213.190.4.203", "AS-HOSTINGER,AS47583,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-08-20 00:02:06", "1571497", "3.27.235.189:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:50:55", "100", "https://search.censys.io/hosts/3.27.235.189", "AMAZON-02,AS16509,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-19 22:35:55", "1571486", "https://sodipuc.top/xowq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ec87e04e3d33b8d32a4c2b7cfdcf320970b3b3aed19984cc5cb436070b8dea20/", "lumma", "0", "abuse_ch" "2025-08-19 22:15:14", "1571485", "http://a1161282.xsph.ru/8929ff41.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-19 21:55:13", "1571484", "103.105.23.130:80", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-08-19 21:35:09", "1571483", "http://cg97957.tw1.ru/525a795c.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-19 21:15:04", "1571482", "198.23.197.164:7071", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-21 04:00:36", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2025-08-19 21:10:24", "1571481", "wew.shipensburginvestmentgroup.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-20 11:10:25", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-19 21:10:23", "1571480", "https://wew.shipensburginvestmentgroup.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-20 11:10:25", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-19 20:48:23", "1571358", "78.40.197.146:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2025-08-21 15:48:32", "75", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-08-19 20:47:54", "1571357", "52.8.145.106:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-21 15:48:03", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-19 20:46:25", "1571356", "213.133.102.42:8384", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-21 15:46:36", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-19 20:43:02", "1571355", "1.161.103.144:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-08-21 15:43:03", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-08-19 20:35:16", "1571354", "147.185.221.23:52320", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-19 20:03:03", "1571315", "120.27.209.132:47486", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-08-21 15:43:40", "100", "https://search.censys.io/hosts/120.27.209.132", "ALIBABA-CN-NET,AS37963,censys,Chaos,panel", "0", "DonPasci" "2025-08-19 20:03:03", "1571316", "8.134.181.167:54681", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-08-21 15:48:33", "100", "https://search.censys.io/hosts/8.134.181.167", "ALIBABA-CN-NET,AS37963,censys,Chaos,panel", "0", "DonPasci" "2025-08-19 20:03:01", "1571314", "ccm.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-20 04:01:06", "100", "https://search.censys.io/hosts/185.161.209.117+ccm.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-08-19 20:02:50", "1571313", "13.208.252.175:40961", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:43:50", "100", "https://search.censys.io/hosts/13.208.252.175", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-19 20:02:49", "1571312", "3.101.82.15:6008", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-21 15:46:50", "100", "https://search.censys.io/hosts/3.101.82.15", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-19 20:02:45", "1571310", "187.201.97.119:636", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-20 04:00:40", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-19 20:02:45", "1571311", "187.201.97.119:501", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-20 04:00:40", "100", "https://search.censys.io/hosts/187.201.97.119", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-19 20:02:43", "1571308", "34.55.232.213:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-20 04:00:34", "100", "https://search.censys.io/hosts/34.55.232.213", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Mythic", "0", "DonPasci" "2025-08-19 20:02:43", "1571309", "81.95.8.176:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-20 04:00:33", "100", "https://search.censys.io/hosts/81.95.8.176", "AS201011,C2,censys,CORE-BACKBONE,Mythic", "0", "DonPasci" "2025-08-19 20:02:38", "1571307", "95.217.57.151:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-21 15:49:07", "100", "https://search.censys.io/hosts/95.217.57.151", "AS24940,AsyncRAT,C2,censys,HETZNER-AS,RAT", "0", "DonPasci" "2025-08-19 20:02:28", "1571306", "165.232.163.129:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:44:45", "100", "https://search.censys.io/hosts/165.232.163.129", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-08-19 20:02:27", "1571305", "139.84.214.159:9999", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-21 15:44:03", "100", "https://search.censys.io/hosts/139.84.214.159", "AS-VULTR,AS20473,C2,censys,Sliver", "0", "DonPasci" "2025-08-19 20:02:23", "1571304", "216.250.252.245:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-21 15:46:39", "100", "https://search.censys.io/hosts/216.250.252.245", "AS396073,C2,censys,MAJESTIC-HOSTING-01,RAT,Remcos", "0", "DonPasci" "2025-08-19 20:02:07", "1571303", "59.110.83.99:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:51:43", "100", "https://search.censys.io/hosts/59.110.83.99", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2025-08-19 20:02:06", "1571301", "94.154.35.174:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-19 20:13:29", "90", "None", "latrodectus", "0", "Rony" "2025-08-19 20:02:06", "1571302", "8.134.222.115:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 15:51:47", "100", "https://search.censys.io/hosts/8.134.222.115", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-08-19 20:02:05", "1571300", "117.72.105.10:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-21 05:43:48", "100", "https://search.censys.io/hosts/117.72.105.10", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-19 19:03:56", "1571294", "docs.atlantascales.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/115056774232553911", "SocGholish", "0", "monitorsg" "2025-08-19 18:37:30", "1571296", "HeroicsStipend.top", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-08-19 18:20:12", "1571295", "http://cz48006.tw1.ru/e8ce020e.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-19 18:10:22", "1571293", "144.126.149.221:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-19 18:04:57", "1571292", "witasametry.live", "domain", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "https://bazaar.abuse.ch/sample/1626d048d160be512ed5e4e9755c924980a09d1759216ff3ea2966a0347d0ce7/", "Amadey", "0", "abuse_ch" "2025-08-19 18:03:13", "1571291", "154.94.233.79:0443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250819-wa19nawshz", "AS137899,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-19 18:03:02", "1571290", "70zv5n4wj.localto.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250819-pps39stwaw", "C2,domain,njrat,triage", "0", "DonPasci" "2025-08-19 18:02:16", "1571289", "160.25.72.96:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250819-rltxhadl7z", "AS150895,C2,rat,remcos,triage", "0", "DonPasci" "2025-08-19 18:02:11", "1571288", "45.11.229.51:8080", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250819-s1njpsvycw", "AS58087,C2,triage,xworm", "0", "DonPasci" "2025-08-19 18:02:10", "1571285", "compare-qualify.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250819-vmfcaawsa1", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-19 18:02:10", "1571286", "gmt-prevention.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250819-vmfcaawsa1", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-19 18:02:10", "1571287", "restaurants-colonial.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250819-vmfcaawsa1", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-19 17:56:55", "1571283", "telemety-sys.lol", "domain", "botnet_cc", "win.amadey", "None", "Amadey", "2025-08-19 18:04:57", "100", "https://bazaar.abuse.ch/sample/1626d048d160be512ed5e4e9755c924980a09d1759216ff3ea2966a0347d0ce7/", "Amadey", "0", "abuse_ch" "2025-08-19 17:56:55", "1571284", "telemety-xbox.lol", "domain", "botnet_cc", "win.amadey", "None", "Amadey", "2025-08-19 18:04:57", "100", "https://bazaar.abuse.ch/sample/1626d048d160be512ed5e4e9755c924980a09d1759216ff3ea2966a0347d0ce7/", "Amadey", "0", "abuse_ch" "2025-08-19 17:47:25", "1571255", "shagkeg.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-20 03:35:08", "100", "https://tria.ge/250819-sp6adadr6w", "None", "0", "burger" "2025-08-19 17:47:24", "1571249", "capitalior.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-20 03:35:07", "100", "https://tria.ge/250819-sp6adadr6w", "None", "0", "burger" "2025-08-19 17:47:24", "1571250", "copulardi.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-20 03:35:09", "100", "https://tria.ge/250819-sp6adadr6w", "None", "0", "burger" "2025-08-19 17:47:23", "1571251", "cursilibim.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-20 13:30:23", "100", "https://tria.ge/250819-sp6adadr6w", "None", "0", "burger" "2025-08-19 17:47:22", "1571252", "retrofik.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-20 03:35:08", "100", "https://tria.ge/250819-sp6adadr6w", "None", "0", "burger" "2025-08-19 17:47:21", "1571253", "runmgov.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-20 13:30:23", "100", "https://tria.ge/250819-sp6adadr6w", "None", "0", "burger" "2025-08-19 17:47:21", "1571254", "semipervaz.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-20 03:35:07", "100", "https://tria.ge/250819-sp6adadr6w", "None", "0", "burger" "2025-08-19 17:47:20", "1571256", "tiltyufaz.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-08-20 03:35:06", "100", "https://tria.ge/250819-sp6adadr6w", "None", "0", "burger" "2025-08-19 17:47:17", "1571282", "http://212.22.86.82:2020/home", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115056530594664027", "KongTuke", "0", "monitorsg" "2025-08-19 17:47:16", "1571262", "microsoft-telemetry.cc", "domain", "botnet_cc", "win.amadey", "None", "Amadey", "2025-08-21 16:24:01", "50", "https://tria.ge/250819-s5fpnavqs6", "None", "0", "burger" "2025-08-19 17:47:15", "1571277", "http://microsoft-telemetry.cc/cvdfnaFJBmC0/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "None", "amadey,AS215826,NICENIC INTERNATIONAL GROUP CO. LIMITED,Partner Hosting LTD", "0", "antiphishorg" "2025-08-19 17:47:14", "1571278", "http://47.98.216.119:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-21 10:00:55", "100", "None", "AS37963,Hangzhou Alibaba Advertising Co. Ltd.,supershell", "0", "antiphishorg" "2025-08-19 17:47:13", "1571280", "https://ichmidt.com/3dg5.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115056530594664027", "KongTuke", "0", "monitorsg" "2025-08-19 17:47:13", "1571281", "https://ichmidt.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115056530594664027", "KongTuke", "0", "monitorsg" "2025-08-19 17:00:24", "1571279", "147.185.221.28:38949", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-19 16:25:16", "1571276", "91.199.42.157:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" # Number of entries: 894